Cloudflare record fine: Italy's tough anti-piracy course hits DNS resolver

In a far-reaching decision, the Italian Communications Authority Agcom has fined infrastructure giant Cloudflare exactly 14,247,698.56 Euros. With the resolution from the end of December, the conflict surrounding the Italian anti-piracy system "Piracy Shield" reaches a new level of escalation (File No.: 333/25/CONS). The supervisory authority accuses the US corporation of persistently ignoring an order to block illegal streaming content.

The origin of the dispute lies in an order issued by Agcom in February 2025. The regulator ordered Cloudflare to block access to over 15,000 domains and IP addresses. This is based on the Italian anti-piracy law from 2023 ("Legge antipirateria"). It obliges service providers to make reported infringing content inaccessible within just 30 minutes of being reported via the "Piracy Shield" platform. Cloudflare's public DNS resolver 1.1.1.1 is particularly in focus. According to Agcom, this allows Italian users to systematically circumvent existing web blocks and continue to access illegal live broadcasts of sporting events.

The authority set the multi-million euro fine with the resolution now published based on one percent of Cloudflare's global annual revenue. It justifies this calculation with the company's cross-border structure: Since Cloudflare's infrastructure is globally oriented and enables the circumvention of local blocks, the sanction must also have a corresponding "deterrent effect" and go beyond the national framework.

Agcom emphasizes the severity of the violation: Cloudflare plays a "crucial role" in the dissemination of illegal content, which, according to estimates, leads to massive economic damage in the sports sector.

Cloudflare: Filtering approach is unreasonable

Cloudflare defended itself in the proceedings with massive technical and systemic objections. The company stated that a "filter" in the DNS resolver 1.1.1.1 would have to process around 200 billion requests daily. This is an "disproportionate and unreasonable" solution that would lead to significant latency problems and impair the efficiency of the entire system. Furthermore, the operator of Content Delivery Networks (CDN) warned of the dangers of "overblocking," as blocking IP addresses could also disconnect uninvolved websites from the network.

The Italian regulators did not accept these arguments. They pointed to the company's "high technological competence," which is very capable of implementing targeted blocks promptly.

Google and OpenDNS also face trouble

The regulator's decision is based on Article 1 of Law 249/1997, which lays the foundation for Italian media regulation. This is the first sanction of this magnitude against a CDN and DNS provider in Italy. The authority thus underscores its claim to compel international corporations not based in Italy to comply with local laws, as long as their services are used in the country. Cloudflare has already announced that it will appeal the decision before the Regional Administrative Court (Tar Lazio).

According to TorrentFreak, the case has significance far beyond Italy. If the fine holds, other providers such as Google or OpenDNS would also have to prepare to filter their services according to the varying specifications of individual nation-states in the future. In Germany, the Higher Regional Court of Cologne ruled in 2023: Cloudflare, as a service provider for accelerated retrieval of internet content, is under certain circumstances not only liable as a disturber but also as a perpetrator of copyright infringements.

(nen)