Cloudflare, a global internet infrastructure provider, has been fined approximately €14 million by Italy’s communications regulator, AGCOM, for failing to comply with an official anti-piracy order. The penalty relates to Cloudflare’s refusal to block access to certain websites accused of distributing copyrighted material without permission through its public DNS service, 1.1.1.1.
The decision has attracted significant attention because it involves the role of internet service tools like DNS resolvers in enforcing national anti-piracy laws. Cloudflare has rejected the ruling and confirmed it will appeal, arguing that the request places unreasonable demands on global internet services.
Italy’s anti-piracy order and legal framework
In February 2025, AGCOM ordered several companies to block access to a group of websites known for promoting piracy. These sites were accused of hosting or distributing copyrighted content without authorization. The order was issued under Italy’s “Piracy Shield” regulation.
The Piracy Shield system was introduced in February 2024. It allows users and rights holders to report websites that illegally share copyrighted material. Once a report is validated, companies involved in enabling access to those websites must comply with a blocking request within 30 minutes.
Cloudflare outage disrupts popular websites and services worldwide
The regulation applies broadly. It covers internet service providers, VPN services, and publicly available DNS providers. AGCOM has stated that any company involved “in any way” in making illegal websites accessible falls under the law, regardless of where the company is based or where its infrastructure is located.
Cloudflare operates 1.1.1.1, one of the most widely used public DNS resolvers worldwide. A DNS resolver helps translate website names into numerical addresses so computers can locate websites. Because of this function, AGCOM concluded that Cloudflare plays a role in access to the reported piracy websites.
The regulator ordered Cloudflare to block the specified websites using its DNS service. According to AGCOM, Cloudflare failed to comply with this request, leading to enforcement action.
Cloudflare’s refusal and stated concerns
Cloudflare argued that AGCOM’s request was unreasonable, disproportionate, and impractical. The company said that blocking websites through a public DNS resolver would require building a system that checks all DNS requests made by users.
According to Cloudflare, such filtering would slow down internet traffic and create delays for users. The company also raised privacy concerns, stating that inspecting DNS requests could expose user activity. Another issue highlighted was the risk of overblocking. Many websites share the same IP addresses, meaning that blocking one could also block lawful websites.
Cloudflare also pointed to the global nature of its DNS service. The 1.1.1.1 resolver is used by people around the world. The company warned that complying with one country’s order could affect users globally and potentially lead to wider internet censorship.
Telegram faces fallout from Russia sanctions as $500 million in bonds remain frozen
In a public message shared on X, Matthew Prince, co-founder and CEO of Cloudflare, described the order as an attempt to censor the internet. He stated that the company would appeal the fine and challenge what it sees as a threat to democratic values.
The €14 million fine and regulatory response
Under the Piracy Shield regulation, AGCOM can impose fines of up to 2% of a company’s annual global turnover for non-compliance. In Cloudflare’s case, the regulator applied a 1% penalty, amounting to approximately €14.2 million, or about $17 million.
AGCOM stated that the decision reflects full enforcement of Italy’s anti-piracy law. The regulator emphasized that the law explicitly expands enforcement obligations to include DNS providers and VPN services, alongside traditional internet service providers.
Following the fine, Cloudflare announced it is reviewing its operations in Italy. The company is considering discontinuing free cybersecurity services for Italian users and pro bono cybersecurity support planned for the Milano-Cortina Olympics. It also stated that it may remove its servers from Italy and cancel plans to open offices or make further investments in the country.
The case highlights ongoing tensions between national regulators and global internet service providers over how anti-piracy laws should be enforced.