The Italian Communications Regulatory Authority (AGCOM) has imposed an administrative fine exceeding €14 million on Cloudflare Inc. for failure to comply with Italian legislation against online piracy. The measure was adopted by the AGCOM Council at its meeting on December 29, 2025, with Commissioner Elisa Giomi voting against, and was notified on January 8, 2026.
The decision, formalized with resolution no. 333/25/CONS, concludes a proceeding initiated following failure to comply with a previously issued order by the Authority.
The Authority had ordered Cloudflare to disable access to a series of pirated content pursuant to the provisions of Anti-Piracy Law 93/2023. Specifically, the Company, as an information society service provider involved in the accessibility of illegally distributed content, was required to disable DNS resolution of domain names and the routing of network traffic to the IP addresses reported by rights holders through the Piracy Shield platform, or in any case to adopt the necessary technological and organizational measures to make the illegally distributed content unavailable to end users.
In particular, the Authority found Cloudflare’s ongoing violation of the anti-piracy law and the related implementing provisions of the Italian Communications Authority (AGCOM). Even after receiving the order, the company continued to fail to take any measures to combat the use of its services for the dissemination of illegal content.
The relevant legislation provides for the imposition of a fine of up to 2% of the turnover achieved in the last financial year ending before the notification of the dispute where the non-compliance concerns orders issued by the Authority in the exercise of its copyright protection functions: consequently, a fine equal to 1% of the company’s global turnover was applied.
The measure, in addition to being one of the first financial penalties imposed in the copyright sector, is particularly significant given the role played by Cloudflare; in fact, a very large percentage of the sites blocked by the Authority pursuant to the regulation on online copyright protection use the services offered by this company to illegally distribute protected works.
With this decision , AGCOM fully enforces the anti-piracy law, which expressly expanded the scope of those required to combat piracy by following the Authority’s orders to include all information society service providers involved in any capacity in the accessibility of illegal websites or services, such as VPN service providers and publicly available DNS providers, regardless of their location, and search engine operators.
Since its adoption in February 2024, Piracy Shield has disabled over 65,000 FQDNs and approximately 14,000 IP addresses intended for the consumption of illegal content.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
