Cloudflare CEO threatens to make the Winter Olympics a political football after Italy slugs it with a fine
- Reference: 1768200425
- News link: https://www.theregister.co.uk/2026/01/12/cloudflare_vs_italy/
- Source link:
The core of this matter is Italy’s “Piracy Shield,” a law administered by Italy’s telecoms regulator, the Autorità per le Garanzie nelle Comunicazioni (AGCOM). Copyright holders can file a blocking request to AGCOM. If the regulator approves the requests, it uses an automated system to inform ISPs and other players that they must block access to certain IP addresses and not provide DNS services to domains suspected of facilitating piracy.
Piracy Shield’s most vocal supporters are Italy’s Serie A and Serie B football leagues, who want to stop pirate streams of matches they stage to preserve revenue. Other copyright holders also support the regulation.
[1]
On January 8, AGCOM [2]announced it had asked Cloudflare to block some sites and that the company didn’t comply with its orders. The regulator therefore decided to fine Cloudflare one percent of its annual revenue, a little more than €14 million, which is more than double the company’s revenue derived from Italy.
[3]
[4]
Cloudflare CEO Matthew Prince isn’t happy.
In a strongly worded Friday [5]Xeet , Prince labelled AGCOM “a quasi-judicial body” that administers a “scheme to censor the Internet” on behalf of “a shadowy cabal of European media elites.”
[6]
“No judicial oversight. No due process. No appeal. No transparency,” Prince wrote. “It required us to not just remove customers, but also censor our 1.1.1.1 DNS resolver meaning it risked blacking out any site on the Internet. And it required us not just to censor the content in Italy but globally. In other words, Italy insists a shadowy, European media cabal should be able to dictate what is and is not allowed online. “
Prince’s words aren’t entirely self-serving, because many have pointed out that shared infrastructure means bad actors and law-abiding operators can share the same IP address and DNS. Widespread use of network address translation, for example, means hundreds of users can share a single public-facing IP address. An IP address could also map to multiple fully qualified domain names (FQDNs), meaning the address piratefootball.bigcompany.com could have the same address as employeeportal.bigcompany.com. Blocking a single IP address or FQDN can therefore mean many others effectively disappear from the internet.
Cloudflare itself has [7]pointed out that IP blocks can impact individual, and entirely innocent, netizens. Lest you think Cloudflare has acted in its own interests, know that independent researchers have [8]reached similar conclusions, pointed out that it’s possible to evade Piracy Shield with [9]a VPN or private DNS resolver , and criticized the system’s asymmetry on grounds that it requires ISPs to block resources within 30 minutes but operates an opaque and far slower appeal and removal process.
[10]
In his Xeet, Prince also labelled Piracy Shield “wrong for democratic values” and vowed to appeal the fine.
He then said Cloudflare might respond to the fine as follows:
Discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics;
Discontinuing Cloudflare’s free cyber security services for any Italy-based users;
Removing all servers from Italian cities; and
Terminating all plans to build an Italian Cloudflare office or make any investments in the country.
The Winter Olympics start on February 6th, so if Cloudflare does pull the pin it will be mightily inconvenient for the event's tech team - and Prince said as much in his Xeet, which states he will inform the International Olympic Committee of "the risk to the Olympic Games."
Mr Prince Goes To Washington
The CEO also said he will bring the incident to the attention of the Trump administration.
“While there are things I would handle differently than the current U.S. administration, I appreciate @JDVance [vice-president JD Vance] taking a leadership role in recognizing this type of regulation is a fundamental unfair trade issue that also threatens democratic values. And in this case @ElonMusk is right: #FreeSpeech is critical and under attack from an out-of-touch cabal of very disturbed European policy makers.”
[11]Cloudflare pours cold water on ‘BGP weirdness preceded US attack on Venezuela’ theory
[12]Bot invasion increases with Google scraping the way, Cloudflare says
[13]Cloudflare blames Friday outage on borked fix for React2shell vuln
[14]Cloudflare suffers second outage in as many months during routine maintenance
The CEO wound up his post by saying he agrees that Italy has the right to regulate within its own borders but must do so with due process and with requirements that don’t mean Cloudflare and others must block content for netizens beyond the nation’s borders.
“THIS IS AN IMPORTANT FIGHT AND WE WILL WIN!!!” he ALLCAPS-shouted to end his Xeet.
One response to Prince’s post came from Italian senator Claudio Borghi who pointed out that AGCOM is an independent regulator, the fine is therefore not a matter of policy, but said his party “will do our best to check if there has been any misunderstanding regarding the role of Cloudflare.”
“I can assure you that this case will be thoroughly reviewed in absolute fairness,” the senator wrote.
Prince responded that Cloudflare is “happy to engage in a dialogue to resolve these issues.”
“We don’t want piracy on our platform: it clogs our pipes and costs us money,” the CEO added. “We work with rights holders worldwide in cooperation to address it. Unfortunately, Italian authorities have been unwilling to engage. It would be unfortunate if the actions of a non-governmental body force us to pull the free cybersecurity services we offer out of the market, but we can’t stay somewhere unjust fines are more than 2x our annual revenue. Email me and we will be happy to engage. May cooler heads prevail.” ®
Get our [15]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aWTUSwikQXIQDYnSZ2AUxwAAARE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://www.agcom.it/comunicazione/comunicati-stampa/comunicato-stampa-71
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aWTUSwikQXIQDYnSZ2AUxwAAARE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aWTUSwikQXIQDYnSZ2AUxwAAARE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://x.com/eastdakota/status/2009654937303896492?s=66&t=RXNnDdzeLtlt6Iu6c8Ouaw
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aWTUSwikQXIQDYnSZ2AUxwAAARE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/11/03/cloudflare_cgnat_bias_research/
[8] https://labs.ripe.net/author/antonio-prado/live-event-blocking-at-scale-effectiveness-vs-collateral-damage-in-italys-piracy-shield/
[9] https://www.euroispa.org/2025/04/piracy-shield-a-flawed-approach-in-the-fight-against-online-piracy/
[10] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/legal&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aWTUSwikQXIQDYnSZ2AUxwAAARE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[11] https://www.theregister.com/2026/01/08/cloudflare_venezuela_bgp_attack_theory/
[12] https://www.theregister.com/2025/12/15/cloudflare_report_bot_traffic/
[13] https://www.theregister.com/2025/12/05/react2shell_pocs_exploitation/
[14] https://www.theregister.com/2025/12/05/cloudflare_outage_again/
[15] https://whitepapers.theregister.com/
the ugly american face of SaaS
Ah yes, taking their bully-boy cue from the commander in chief. and that assclown Elon
We need EU alternatives for everything. Yesterday.
No small thing, but there is huge opportunity here too. There are a lot of companies who would like to be free of USA SaaS hegemony.
Cloudflare threatening to reduce spam, phishing and malware in Italy by leaving their shores? Why can't the rest of us have that too?!
It may be possible.
Depending on the nature of any eventual court process for collection, a judgment might in principle be enforceable elsewhere in the EU or even further afield.
Odd, though, that up to now, at least, Cloudflare were a supporter of an organisation that also has not been above [1]criticism and is also [2]vigorous in its IPR enforcement.
[1] https://www.ebsco.com/research-starters/sports-and-leisure/salt-lake-city-olympics-bid-scandal
[2] https://variety.com/2016/digital/news/rio-olympics-piracy-live-streams-1201841050/
"a shadowy, European media cabal should be able to dictate what is and is not allowed online"
I'm sorry, it seems to be that you're talking about a sovereign country, not a "cabal".
That's the problem with US-based conglomerates. They are so used to paying lobbyists to make sure that "the law" is in their favor that, whenever they meet any kind of legal resistance they cannot control, they go the tried-and-true US-way of invoking conspiracy theories.
You don't like the conditions ? Go ahead and pull out. You'll be leaving the spot to the competition and you know it.
Re: "a shadowy, European media cabal should be able to dictate what is and is not allowed online"
They are so used to paying lobbyists to make sure that "the law" is in their favor
Didn't the RIAA do much the same in the USA in terms of opaque fines & punishments for "piracy"?
Here's the thing. He has a legitimate complaint. Blocking everything like this Regulator has demanded would impact other customers, and that is a problem. Having a completely shite and unreliable appeals process is a legitimate problem. The regulator clearly doesnt have a clue how the tech works, nor has it taken the time to discuss how to do this in the correct way.
HOWEVER, going off on a major rant, sucking up to Trump and Co., esspousing support for Musk's "brand" of free speech bollocks, going on about conspiracy theory level "Evil Media Cabal" stupidity, and threatening to throw his toys out of the pram loses him completely all sympathy. He might have had a legitimate complaint, but quite frankly f%&k him and the horse he rode in on.
Pro bono? Bone headed!
> 1. Discontinuing the millions of dollars in pro bono cyber security services we are providing the upcoming Milano-Cortina Olympics
Has he talked to his finance and marketing people about that threat?
He is talking about throwing away the massive amounts of advertising they'd get from sponsoring the Olympics* - and you can bet your life the "millions of dollars" is taken from the standard customer invoice numbers and not the actual spend by CloudFlare.
And, of course, this is his Point Number One, because it is the one he can politicise the most.
As above, yes, there sre genuine technical problems being faced, but this is him spitting out his dummy and crying.
* Notice how he carefully doesn't say "sponsoring", which might make everyone realise that viewers would be seeing the name plastered everywhere, but instead uses "pro bono". Which makes it sound awfully nice, "we're not getting anything back" or even, given where that phrase is more often used, "we are only doing this because it is the Right Thing to do, it would injust not to".
Fair point, badly made
As a man who was away from home at the weekend, and just wanted to watch a football match that I’d paid for in my subscription (with an online viewer component) already… It’s clear sports broadcasters are drunk with power, and it’s dangerous having governments creating national laws with international overreach to kowtow to their every paranoid and avaricious whim.
Re: Fair point, badly made
In Italy football (or soccer, if you like) has more power than the government. This shitshow of "piracy shield" is a weapon of unrestricted automated online censure created by a private entity (Lega Calcio) and paid by public money.
I'm Italian and I'm really happy to see internet firms oppose it and make fun of our government that is slave to Lega Calcio.
Cloudflare hypocrisy
They do make money from pirated contents. Criminals often pay for some services they need. That's one reason it's so hard to block online crime. And that's anyway part of their plan to become the internet gatekeeper.
Shared IPs? Residential customers may be behind CG-NAT. People serving pirated contents, and making money from IT, don't use shared IPs. They use some hosting that provide them the resources to access and deliver copyright contents with the speed required to serve enough users to make money. These are not botnets used fos DDoS, or someone sharing torrents.
That's true for FQDNs as well - criminals don't point their DNS at some company IPs. The issue for hosting service providing resources to criminals (BTW, many of them in The Netherlands....) is those IPs quickly get a bad reputations, and thereby become of little value, since they cannot easily resell them to other customers when the criminals have to move to other ones once blocked. And of course they can't deliver them over IPv6....
Due process? The problem is the pirated sources must be blocked quickly. If you block the IP a couple of months after the event is streamed, it's pretty useless. It's useless to complain the legilstation is not updated to the actual times, and when it is, then complain it dents into your profit.
Cloudflare has no obligation to block IPs or FQDNs "worldwide". Blocking access from Italy is enough (unlike, for example, the CLOUD Act....) - the fact that the block can be cicumvented using VPNs is well known. But Cloudflare deosn't want to do that too. And adopts the blackmail approach so common from internet companies. But who wants a company that aims to take control of all, or most, internet traffic? Moreover if Italian ISPs have to abide, and Cloudflare is exempted - it would be an unfair adavantage.
Just I wish the same approach would be used with spammers and other kind of Internet crime - not just to save the profits of those kicking a ball.
"Lest you think Cloudflare has acted in its own interests" - what, you think they didn't? What sloppy wording.
Great, Another American Malignant Narcissist Crybaby
At least this one can be dropped early in the game.
unfair trade issue
Not sure how he comes to that conclusion as it would appear to apply to all ISPs, including those in Italy / EU.
A Trumped Up Charge ?
Doubtless an element of that.
The USofA ain't making a whole lot of friends at the moment. The damage will take decades to remedy if ever.
Please allow me...
What a jumped up little prick.
He might have a point, but anyone invoking the power of Elon is a cnut.