Note: This article was translated from Italian. Original version: Piracy Shield e la guerra all'architettura di Internet

Italy has fined Cloudflare €14 million for refusing to block pirate sites within 30 minutes, sparking a clash that reveals the deep contradictions between national legislation and the global nature of the network. CEO Matthew Prince called the Italian system "disgusting" and threatened to withdraw cyber protection from the 2026 Winter Olympics. But beyond the controversy, this case raises fundamental questions that the pioneers of the free internet foresaw decades ago: what happens when the State tries to control an infrastructure that recognizes no borders?

Piracy Shield, created in 2023 to combat illegal streaming of Serie A matches, has become the perfect symbol of a poorly conceived law.

Those who criticize this system (me included) are not defending piracy: they are defending the architectural principles that made the Internet the most democratic instrument of progress in human history.

Below I want to offer a technical, not political, analysis of the matter.

The Fine That Sparked the Controversy

On December 29, 2025, AGCom approved a fine of €14,247,698.56 against Cloudflare, approximately 1% of the company's global revenue. The accusation: failing to comply with order 49/25/CONS from February 2025, which required blocking over 15,000 domains and IP addresses flagged as sources of pirated content. Commissioner Elisa Giomi was the only one to vote against.

Matthew Prince's response on X on January 9, 2026 left no room for diplomacy:

"Yesterday a quasi-judicial body in Italy fined Cloudflare $17 million for not bending to their Internet censorship scheme. The scheme, which even the EU has called concerning, required us to completely censor from the Internet any site that an obscure cabal of European media elites deemed contrary to their interests."

Prince then threatened to withdraw free cybersecurity services for the Milano-Cortina 2026 Olympics and to remove all servers from Rome and Milan. "Play stupid games, win stupid prizes," he concluded.

How Piracy Shield Works and Why It Fails Technically (and Beyond)

The system operates with brutal simplicity: rights holders (Serie A, DAZN, Sky) report domains and IPs on the AGCom platform, and all Italian providers—ISPs, VPNs, public DNS resolvers—must implement the block within 30 minutes. No prior judicial review, no right of reply.

This point is worth dwelling on because it's the heart of the problem. Private entities (not judges, not law enforcement, not judicial authorities) can enter any IP address or domain name into a platform, and within thirty minutes that resource must become inaccessible throughout the national territory. No judge evaluates the validity of the report. No technician verifies whether that IP also hosts other services. No one notifies the site owner. No one can object before the block. In a state governed by the rule of law, seizing an asset requires judicial intervention. Here we're talking about making digital resources inaccessible—potentially critical ones for businesses, schools, hospitals—based on the unilateral report of a private party with direct economic interests.

Since its activation in February 2024, Piracy Shield has blocked over 65,000 domains and 14,000 IP addresses. This alone should signal that something is wrong. But the numbers hide an uncomfortable technical truth: the system cannot distinguish between resources "uniquely" used for piracy and shared infrastructure.

There have been numerous erroneous blocks of legitimate services, including CDNs, cloud platforms, and even government sites. On October 19, 2024, Google Drive was blocked for over 12 hours throughout Italy during a Juventus-Lazio match, after DAZN mistakenly flagged the domain drive.usercontent.google.com as a source of illegal streaming. Millions of Italians couldn't work or access their files.

As early as February 2024, a single Cloudflare IP (188.114.97.7) was blocked, making tens of thousands of legitimate sites inaccessible: schools, businesses, ticketing services.

AGCom initially called the reports "fake news", only to later admit "operational issues."

A RIPE Labs study by Antonio Prado dated September 29, 2025 documented 6,712 domains completely blocked as collateral damage, with over 500 confirmed legitimate sites rendered inaccessible with no connection to piracy.

In one paradoxical case, a Google IP used by Telecom Italia to serve Piracy Shield's own block pages was blocked: the system censored its own infrastructure. (LOL!!)

Blocking IPs and DNS Is Like Bombing a City to Catch a Criminal

Internet architecture is incompatible with the surgical blocking that Piracy Shield presupposes. As Cloudflare explained: "Blocking access to an IP address is like blocking mail delivery to a physical address... If that address is a skyscraper with many independent, unrelated occupants, stopping deliveries inevitably causes collateral damage to all of them."

CDNs (Content Delivery Networks) like Cloudflare, Akamai, and Fastly are the invisible infrastructure that makes modern Internet possible. They handle content distribution, DDoS protection, and security for millions of sites through shared IP addresses. A single IP can host thousands of completely independent sites: personal blogs, small businesses, government agencies, humanitarian organizations.

Research shows that fewer than 10 million IPs serve over 255 million domains: a ratio of approximately 24:1 in Europe. Fewer than 10 IPs can reach 20% of global domains. Blocking an IP means potentially blocking hundreds or thousands of innocent sites.

Cloudflare's DNS resolver 1.1.1.1 handles approximately 200 billion daily queries. Filtering it for Italy, as requested by AGCom, would according to the company be "impossible" without degrading service for users worldwide. And it would be ineffective anyway: users can bypass any DNS block simply by changing resolver or using a VPN.

The International Precedents Italy Ignored

Recent history offers lessons that Italy chose not to learn. In 2018, Russia attempted to block Telegram by ordering the blocking of IPs used by the messaging service. Result: 18-19 million IP addresses blocked, belonging to Amazon Web Services, Google Cloud, Microsoft Azure. YouTube, Spotify, Slack, banking services, and airline ticketing became inaccessible. 97% of blocked resources were collateral damage. Telegram continued to work for most users. The block was lifted in 2020 after proving its futility.

Turkey blocked Wikipedia for nearly three years (2017-2020) over an article on state terrorism. The Turkish Constitutional Court eventually declared the block unconstitutional—a violation of freedom of expression.

In the United States, the SOPA and PIPA proposals of 2011-2012, which would have introduced mechanisms similar to Piracy Shield, were killed after an unprecedented revolt. Vint Cerf, co-inventor of Internet protocols, warned that they would create "an unprecedented global web censorship arms race." Tim Berners-Lee, inventor of the World Wide Web, called them "a serious threat to the openness of the Internet." Wikipedia went dark in protest, collecting 162 million views. The White House declared it would not support "legislation that reduces freedom of expression, increases cybersecurity risks, or undermines the dynamic and innovative Internet."

The European Commission sent a formal letter to Italy in June 2025 raising concerns about compliance with the Digital Services Act, the lack of judicial oversight, and the potential violation of the Charter of Fundamental Rights.

The Metro Olografix Appeal and the Italian Hacker Community

Metro Olografix, Italy's oldest telematics cultural association founded in Pescara in 1994, has launched an urgent appeal for the immediate suspension of Piracy Shield. The association represents three decades of Italian hacker culture.

Our manifesto identifies six fundamental issues: the system "undermines fundamental principles of the rule of law" such as proportionality and presumption of innocence; violates net neutrality by allowing blocks "outside the judicial system"; compromises privacy by requiring "invasive traffic monitoring"; limits access to information; imposes disproportionate burdens on small digital businesses; and provides "no form of compensation" for damages from erroneous blocks.

The appeal has been signed by ninux.org (community mesh network), sikurezza.org, Freaknet Medialab, Hermes Center for Transparency and Digital Human Rights, Etica Digitale, Osservatorio Nessuno, and numerous individual experts. We are calling for a complete review based on independent studies, public debate on Internet regulation, and "alternative approaches that effectively balance copyright protection with users' rights."

The Voices of Pioneers Who Foresaw Everything (sigh)

In 1996, John Perry Barlow wrote from Davos his "Declaration of the Independence of Cyberspace" in response to the American Communications Decency Act:

"Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather."

Barlow co-founded the Electronic Frontier Foundation and foresaw exactly this conflict:

"In China, Germany, France, Russia, Singapore, Italy and the United States, you are trying to ward off the virus of liberty by erecting guard posts at the frontiers of Cyberspace. These may keep out the contagion for a small time, but they will not work in a world that will soon be blanketed in bit-bearing media."

Aaron Swartz, in his Guerilla Open Access Manifesto of 2008, wrote words that resonate today:

"There is no justice in following unjust laws. It's time to come into the light and, in the grand tradition of civil disobedience, declare our opposition."

In 2012, fighting against SOPA, he said:

"If we lost the ability to communicate with each other over the Internet, it would be a change to the Bill of Rights."

January 11, 2026 marks 11 years since Aaron Swartz left us. His fight for a free and open Internet continues to inspire us.

Lawrence Lessig, professor at Harvard and founder of Creative Commons, crystallized the problem in three words: "Code is law". The architecture of systems determines what is possible, not just what is permitted:

"We can build cyberspace to protect the values we believe are fundamental, or we can build it to let them disappear. There is no middle ground."

Cory Doctorow, EFF activist, coined the term "enshittification" to describe platform degradation and observes:

"Every time someone puts a lock on something that belongs to you against your will, and won't give you the key, they're not doing it for your benefit."

The True Cost of a Fragmented Internet

The Internet Society, in its 2025 report on mandatory DNS blocking, concludes: "Mandatory DNS blocking may seem like a simple technical solution to enforce public policy, but in practice it's a crude, costly, and even counterproductive tool." ICANN warns that such blocks "will likely be largely ineffective in the long term and full of unintended consequences."

The problem isn't protecting copyright. The problem is using tools incompatible with the fundamental architecture of the Internet to achieve it. It's like trying to regulate air traffic with laws designed for horse-drawn carriages (not even automobiles).

The real question Italy should be asking is not how to block more effectively, but how to incentivize legal access to content. Studies show that where accessible and convenient alternatives exist, piracy decreases. The success of Netflix, Spotify, and similar services demonstrates that users are willing to pay for convenient content.

The failure of Piracy Shield, easily bypassed with VPNs and alternative DNS, proves that technological repression is a losing battle from the start.

Toward an Internet That Respects Both Rights and Architecture

The Internet is not a simple "entertainment channel," as the Metro Olografix manifesto reminds us, but "a fundamental resource for the economic, social, and cultural development of our society." The principles of decentralization and neutrality that made it so are not bugs to fix but features to preserve.

The challenge for legislators and regulators is to find approaches that simultaneously respect authors' rights and the technical integrity of the network—two objectives that are not contradictory but require more sophisticated tools than indiscriminate blocking. As Vint Cerf wrote: "Managing how a large number of separate legal frameworks apply to the Internet is one of the great policy challenges of our time. More complex than building the Internet itself."

Piracy Shield represents the wrong approach: quick to implement, politically satisfying, but technically flawed and dangerous for fundamental rights. The Cloudflare fine will not solve piracy.

The Illusion of Control Built on Ignorance

The clash between AGCom and Cloudflare is not a commercial dispute between an authority and a company. It is a symptom of an unresolved tension between territorialist logic and the inherently global nature of digital infrastructure. As Barlow wrote in the declaration quoted earlier: "We will create a civilization of the Mind in Cyberspace. May it be more humane and fair than the world your governments have made before."

Italy can choose to continue down this path, fine after fine, block after block, accumulating collateral damage, alienating critical infrastructure, making a terrible international impression, and still not stopping piracy. Or it can listen to the voices of experts, digital rights organizations, and the European Commission itself, seeking solutions that effectively balance copyright protection and digital freedoms.

Piracy Shield is not a solution: it is an illusion of control built on ignorance of the architecture it claims to govern.