Italy’s communications watchdog has handed down a landmark financial penalty to U.S.-based internet infrastructure firm Cloudflare, escalating a growing confrontation between national regulators and global technology companies over online piracy enforcement. The €14.2 million fine, imposed by the Italian Communications Authority (AGCOM), marks the most significant sanction yet under the country’s copyright protection framework.
At the center of the dispute is Cloudflare’s refusal to implement piracy-related blocking measures through its public DNS resolver, 1.1.1.1. Italian authorities concluded that the company failed to comply with legally binding orders designed to restrict access to copyright-infringing websites, particularly those involved in illegal sports streaming.
AGCOM’s decision signals a tougher regulatory approach toward internet intermediaries that operate critical infrastructure but resist localized enforcement measures.
The Rise of Italy’s Piracy Shield System
Italy introduced its Piracy Shield mechanism in early 2024 as a rapid-response system aimed at disrupting illegal live streaming, especially during high-profile sporting events. The system allows rights holders to flag infringing domain names and IP addresses, which are then blocked by internet service providers within a tightly enforced 30-minute window.
The initiative was promoted as a solution to the limitations of traditional website blocking, which often proves too slow to address live broadcasts that attract large audiences in real time. Since becoming operational, Piracy Shield has been used extensively, resulting in the blocking of tens of thousands of domains and IP addresses across Italy.
Despite its reach, the system has faced mounting scrutiny. Critics argue that the accelerated blocking process leaves little room for verification, increasing the likelihood that lawful websites may be caught up in enforcement actions.
Overblocking and the Role of Internet Infrastructure Providers
Concerns over overblocking have become a defining issue in the debate surrounding Piracy Shield. Several incidents have been reported in which legitimate services were temporarily inaccessible because they shared hosting infrastructure or IP addresses with sites accused of copyright violations.
Cloudflare has been particularly affected by these incidents due to the scale and nature of its services. As a major provider of content delivery networks, cybersecurity tools, and DNS resolution, Cloudflare supports millions of websites worldwide, ranging from small blogs to large enterprises.
The company has argued that broad-based blocking measures risk disrupting lawful internet activity and undermine procedural safeguards. These concerns have placed Cloudflare in direct opposition to Italian authorities, who view infrastructure providers as critical partners in combating sophisticated piracy networks.
Expanding Enforcement to DNS and VPN Services
The regulatory conflict intensified in February 2025, when AGCOM expanded Piracy Shield obligations to include DNS resolvers and virtual private network providers. Under the updated rules, these services were required to prevent users from accessing domains and IP addresses linked to copyright infringement.
AGCOM determined that Cloudflare failed to meet these obligations by declining to filter traffic through its 1.1.1.1 DNS service. Cloudflare maintained that applying Italy-specific filtering to a globally used resolver would be technically burdensome and could negatively affect service quality for users around the world.
The company warned that such changes could increase latency, reduce performance, and interfere with billions of daily DNS queries, including those unrelated to piracy.
AGCOM Pushes Back Against Cloudflare’s Defense
Italian regulators were unconvinced by Cloudflare’s technical objections. AGCOM argued that the company’s extensive experience in traffic management and network optimization demonstrated its ability to comply with targeted blocking orders without widespread disruption.
The authority also rejected the notion that Cloudflare functions solely as a neutral conduit. According to AGCOM’s findings, Cloudflare’s services are frequently used by piracy operations to evade traditional ISP-level blocks, making the company a key node in the enforcement landscape.
Regulators emphasized that without cooperation from major infrastructure providers, piracy platforms can rapidly reconfigure their operations and continue distributing illegal content.
A Record Fine With Broader Implications
Following its investigation, AGCOM imposed a fine of €14,247,698 on Cloudflare, equivalent to roughly 1% of the company’s global revenue. While Italian law permits penalties of up to 2% in such cases, the imposed amount still represents the largest copyright-related fine issued by the regulator to date.
AGCOM described the sanction as proportionate, citing Cloudflare’s central role in the ecosystem targeted by Piracy Shield. A significant percentage of the pirate sites identified under the system were found to rely on Cloudflare’s infrastructure, amplifying the impact of the company’s noncompliance.
The decision is widely viewed as a warning to other global technology firms that operate critical internet services while serving users in Italy.
Potential Appeal and Industry-Wide Ramifications
Cloudflare has consistently disputed AGCOM’s conclusions throughout the proceedings and is widely expected to challenge the fine through the courts. Although the company did not immediately comment following the announcement, an appeal could set an important precedent for how national regulators can impose local content restrictions on global services.
Other public DNS providers, including Google and Cisco’s OpenDNS, are likely to follow the case closely, as similar enforcement obligations could eventually extend to them.
Legal observers suggest the dispute could become a defining test of regulatory authority in the digital age, raising fundamental questions about jurisdiction, proportionality, and the balance between copyright enforcement and internet stability.
