The war against piracy in Europe is no longer fought solely at the last mile—operators—but now in increasingly higher layers of Internet infrastructure. The Italian Communications Authority (Agcom) has imposed a fine of more than 14 million euros on Cloudflare Inc. for failing to comply with a prior requirement related to blocking illegal content, in accordance with the Anti-Piracy Law 93/2023 and its deployment through the Piracy Shield platform.
According to the formal decision (deliberation n. 333/25/CONS), the Agcom Council adopted the measure in its December 29, 2025 session and notified it on January 8, 2026. The core of the case is not an abstract debate about “responsibility” on the Internet but something much more concrete: Agcom had ordered Cloudflare to disable access to certain resources associated with piracy by blocking DNS resolution of domains and traffic routing toward IP addresses reported by rights holders through Piracy Shield—or, alternatively, applying “technological and organizational measures” of equivalent effect to prevent final access to those contents. The authority argues that, even after being notified, Cloudflare did not take measures to prevent the use of its services in this illegal dissemination.
A message to the industry: “Dashboards are not enough, we want action”
The fine is better understood when viewed in the context of Italy’s regulatory movement as a whole. Law 93/2023 expands the scope of obligated parties to collaborate against piracy, including providers of information society services involved “in any capacity” in providing access to illegal sites or services: public DNS, VPNs, and even search engines, regardless of their location. In practice, it’s a shift from the classic “follow-the-traffic” approach (ISP blocks) to a “follow-the-infrastructure” model (blocking where names are resolved, content is accelerated, or traffic is routed).
In Cloudflare’s case, the message is especially clear due to the role services like CDN, reverse proxy, public DNS, or DDoS mitigation layers play in a significant part of the web. When regulators decide to act here, the effect is no longer local and begins to raise an uncomfortable question: How much friction can be introduced into the infrastructure to pursue legitimate goals (intellectual property) without causing collateral damage to legitimate services?
The size of the fine and the precedent it sets
Agcom reminds that the sanctioning framework contemplates fines of up to 2% of the turnover from the last closed financial year prior to notification. In this case, the imposed fine equals 1% of the “global turnover” it references, which translates into a detailed figure in the deliberation: €14,247,698.56.
Beyond the amount, the precedent lies in the type of technical obligation demanded: acting on DNS and routing toward reported IPs within an operational circuit (Piracy Shield) designed to respond quickly to unauthorized emissions—especially in live environments.
Piracy Shield: scale, automation… and the temptation to press harder
Agcom promotes Piracy Shield as a scaling lever: since its adoption in February 2024, the platform has enabled the disabling of over 65,000 FQDNs and around 14,000 IPs associated with illicit content provision.
From an engineering perspective, this suggests a mode of operation where automation isn’t a “nice-to-have,” but a necessity: managing such volume requires semi-industrial processes, quick validations, and deployment mechanisms that, by definition, approach “real-time” logic.
This raises the dilemma for infrastructure providers: the more “real-time” the obligation, the less margin there is for evaluating borderline cases (shared domains, reused IPs, multi-tenant proxies, etc.) without delays. A targeting error at the IP or DNS level is less like removing a link and more like “disconnecting a road segment.”
What this means for companies and technical teams
For the ecosystem (CDN, public DNS, VPNs, cloud providers, and SaaS), the fine entails three practical implications:
- Compliance is now part of the data plane: legal procedures aren’t enough; repeatable technical capabilities are necessary to execute blocking orders across layers (DNS, IP, routing, access rules).
- Increased pressure on traceability: when regulators speak of “technological and organizational measures,” they are asking not only to act but to be able to demonstrate that actions were taken (what was blocked, when, how, and to what extent).
- Reputational and business risk: a fine of this magnitude for a global actor puts any provider in a position where they must balance three difficult aspects: compliance, service continuity, and minimizing collateral damage.
A signal that can set a precedent
Italy is becoming a regulatory testing ground for rapid control of access to illicit content. While each country has its own framework, the idea of pressing on the “lever points” of the Internet (DNS, CDN, security platforms) is exportable: it is the most efficient way to quickly impact access. The debate opened by this sanction isn’t whether piracy exists (it does) but how to act on infrastructure without turning the remedy into a systemic problem.
Frequently Asked Questions
What is Piracy Shield and why is it relevant for a provider like Cloudflare?
It’s an Italian platform that channels reports from rights holders and coordinates measures to disable access to resources linked to piracy. It’s relevant because it acts at infrastructure layers (DNS/IP), precisely where services like CDN, proxy, and resolvers operate.
What is the difference between “blocking DNS” and “blocking IP,” and why does it matter?
Blocking DNS prevents a domain from resolving to an IP address (or points it to a “null” destination). Blocking by IP affects routing or access to the destination and can have more collateral impact if a single IP serves multiple domains or services (multi-tenant).
Could this approach impact companies that don’t host content but provide security or acceleration services?
Yes: the Italian regulatory approach broadens the scope of obligation to include providers involved in facilitating illegal access, which may include public DNS layers, VPNs, or infrastructure services mediating traffic.
What should IT/security teams review in light of such measures?
Policies and technical capabilities for executing blocks (DNS/IP), traceability and audit of actions, processes for reviewing false positives, and a coordinated legal/technical response framework for urgent orders.