Cloudflare threatens to leave Italy after the country issued a fine of 14 million euros to the company. The fine is due to Cloudflare’s non-compliance with the controversial local ‘Piracy Shield’ legislation.
Italy has fined Cloudflare 14 million euros. The fine is because Cloudflare refuses to block websites at the DNS level for its 1.1.1.1 DNS service. This is required under the so-called ‘Piracy Shield’ legislation of the Italians, which is controversial even within the EU.
Rapid blocking
Piracy Shield obliges providers of DNS services to block a requested IP address within thirty minutes under the legislation. The entire system is based on a mechanism developed by a private company for the Italian regulator AGCOM. The company in question is linked to the Italian football association. The mechanism allows rights holders to pass on IP addresses themselves which, according to them, host websites that violate copyright rules.
The entire regulation was created at the request of rights holders of sports matches. They want to be able to quickly block websites that offer illegal streams of matches. Via Privacy Shield they can do that, without a legal control mechanism in between to assess blocking requests.
No transparency and recipe for errors
Critics note that half an hour is simply not enough to thoroughly consider the legitimacy of a request. There is also no possibility of appeal. Moreover, the Italians demand that DNS providers implement the blockades worldwide.
Abuse and accidents are not only theoretically conceivable. Piracy Shield came into effect in 2024 and in that same year the system mistakenly blocked Google Drive. According to industry organization CCIA (Computer & Communications Industry Association), this caused a blackout for all Italian users that lasted three hours, with after-effects for various users that lasted up to twelve hours.
Research by RIPE-labs found that hundreds of legitimate websites are being blocked in Italy by Piracy Shield, often without them even knowing it.
The CCIA notes that there are no clear and transparent procedures for checking blocking requests for IP addresses. A typo is enough to take legitimate domains offline and victims have no clear point of contact for when something like this happens again.
Way out of Italy
Cloudflare does not want to be subject to the system, and points to the lack of transparency. Moreover, a censorship mechanism in the DNS resolver would increase its latency for everyone, it says. The company is fighting the regulation.
If Cloudflare does not achieve results, it threatens to cancel the support of the Milano-Cortina Winter Olympics with pro bono cybersecurity measures worth millions of dollars. The free cybersecurity services for all Italy-based users will also have to suffer. Furthermore, Cloudflare wants to remove all its servers from Italian cities and halt all plans to invest in the country.
Trouble with the US
It hasn’t come that far yet. Cloudflare certainly does not seem to be planning to adapt the 1.1.1.1 resolver to suit Italian requirements. The fine and discussion come at a difficult time. Italy is acting alone for this regulation, but there is a danger that it will be raised in the US as an example of unreasonable EU regulation. Cloudflare will in any case raise the situation with the American government.
read also
EU Wants to Subject American Cloud Giants to DMA
Just when the European Union needs to protect legitimate rules such as the DCA and DMA against American pressure, Italy is adding fuel to the fire by imposing a fine based on a less widely supported system, which did not come about on the basis of democratic consultation, but at the request of the major rights holders of Italian sports matches.