We are witnessing firsthand how what began as an offensive against unauthorized party broadcasts has transformed into something much broader, a dispute over who can decide which parts of the internet are turned off and how. In Italy and Spain, network-level blocks are being ordered that, as they are now being applied, may not distinguish between an infringing service and other legitimate ones that share infrastructure. This scenario has brought Cloudflare to the fore, a company whose name has been sneaking into the technology conversation for some time.
Here we must be clear. What unites the cases of Italy and Spain is not the type of content, but the logic that supports them: to stop the unauthorized dissemination of matches, it has been decided to act where the network becomes vulnerable, in the intermediaries that connect the public with the servers. This is a strategy that allows you to block quickly and with massive range, but it also has collateral damage.
Behind every block there is a clear sequence. In Spain, Justice has given legal coverage to the mechanism. Currently, it is LaLiga that identifies the addresses and the access providers that execute the blocks. If we talk about Italy, rights holders enter domains and IPs in Piracy Shield and it is AGCOM, the Italian telecommunications and media regulator, who reviews these signals and converts them into administrative orders that providers must apply.
When a block is ordered, it is not simply saying “close this page”, it is choosing at what point in the journey the connection between the user and the server is interrupted, according to the limits established by current legislation. This can be done by preventing the website name from being translated into a technical address, directly blocking that address, or asking an intermediary to stop serving the data.
In this invisible journey there is a particularly sensitive piece, the system that translates website names into technical addresses that computers can understand. Every time we type a URL or tap a link, a DNS resolver responds with the correct IP so the connection can be established. If this translation is interrupted, the page is no longer accessible even if the server continues to function. That is why DNS has become a very attractive lever for blocking, because it allows access to be cut off quickly and without directly touching the content.
What is 1.1.1.1 and why is it in the center. Among the many DNS services that exist, there are some open to the public that do not belong to any national operator, and the best known is 1.1.1.1, managed by Cloudflare. It serves as a widely used public DNS resolver that users and applications use to translate domain names into IP addresses. That scale is what makes it especially sensitive in this debate, because any intervention on it is not limited to a country or a specific network, but can have much broader effects.
A modem with network cables
The company has explained for years that it can comply with court orders that force it to act on specific clients or on its distribution network, because there it is controlling its own service within a jurisdiction. What it rejects is modifying open tools such as its public DNS due to administrative decisions of a single country. In his approach, that would mean that a national authority could change how a basic piece of the internet works for users around the world.
Italy, the Piracy Shield system and controversies. The Italian model does not just cut individual pages, but entire pieces of the route along which traffic circulates. Through Piracy Shield, domains and IPs are ordered to be blocked and, according to the regulator itself, the framework also expressly includes public DNS services, such as 1.1.1.1, and VPN providers as obligated subjects when they are involved in the accessibility of that content.
Cloudflare Global Network Map
The problem is not only that the system blocks a lot, but how it does it and with what margin for rectification. Its quick reaction logic prioritizes cutting access while the event is happening, and that increases the risk of affecting third parties when acting on shared parts of the network. AGCOM cites as a balance that since February 2024, more than 65,000 FQDNs, that is, full domain names and about 14,000 IPs, have been disabled.
That clash took concrete form at the end of 2025. In a decision taken on December 29 and recently notified, AGCOM imposed a penalty of more than €14 million on Cloudflare for failing to comply with a previous order issued on February 18, 2025. According to the regulator, the company had to disable DNS resolution for certain domains and the routing of traffic to IP addresses flagged through Piracy Shield, or apply equivalent measures to prevent users access those contents.
Spain, the judicial path. As we mentioned above, in Spain the system is not based on an administrative regulator, but on a resolution from a commercial court obtained by LaLiga. On December 18, 2024, the Commercial Court No. 6 of Barcelona authorized blocking measures against addresses used to broadcast matches without rights. On March 26, 2025, that same court rejected the challenges and left the order in force. This is what allows access operators to run these blocks during matches.
The way in which that order is carried out in practice explains many of the complaints that have arisen in Spain. Access providers block entire IP addresses, not just specific domains. This mechanism explains why so many legitimate services end up dragged down by these blocks. Instead of deactivating a specific domain, operators sever an entire IP address, which is often shared by hundreds or thousands of websites. It’s a bit like boarding up the entrance to a building because a violation occurs in one of the apartments, even though most of the tenants have no connection to it.
In Italy, Cloudflare receives blocking orders, in Spain it does not. In Italy, Cloudflare receives direct orders and fines. In Spain, as we have seen, the impact comes indirectly. Blocking is carried out through internet operators, but the lists of addresses that are blocked usually include IPs that are part of Cloudflare’s network, also affecting its customers.
A threat on the table. The AGCOM sanction has escalated into a public clash between regulator and infrastructure provider, with Cloudflare threatening to withdraw its servers from the country, suspend free services, including those it provides free of charge linked to the 2026 Olympic Games, and rethink investments. Matthew Prince, CEO of Cloudflare, has said the company will travel to Washington to raise the case with US administration officials.
Images | WorldOfSoftware with Gemini 3 Pro | Cloudflare | Stephen Phillips
In WorldOfSoftware | “What a service, do I pay for this?”: this is how LaLiga’s massive IP blocks are causing reputational and economic damage
