Cloudflare CEO Matthew Prince has threatened to shut down the company’s operations in Italy after the country’s telecom regulator fined it twice its annual revenue in the country.
The conflict erupted around Italy’s anti-piracy system, Piracy Shield . It works like this: copyright holders file a complaint with the Italian Communications Regulatory Authority (AGCOM), and if the request is approved, the automated system sends requests to Internet service providers and other companies to block certain IP addresses and stop providing DNS services for domains suspected of facilitating piracy.
The system’s main supporters are the Italian Serie A and Serie B football leagues, which fight against pirated broadcasts of matches to protect their revenues. Other copyright holders also support the system.
On January 8, AGCOM announced that Cloudflare had failed to comply with its requests to block certain websites and imposed a fine equal to one percent of the company’s annual turnover, or just over €14 million.
Prince reacted sharply. In his post on X on Friday, he called AGCOM a “quasi-judicial body” that administers an “internet censorship program” for the benefit of a “shadowy clique of European media elites.”
“No judicial review. No due process. No appeal. No transparency,” Prince wrote. He claimed that the company was not only required to remove customers, but also to censor the DNS resolver 1.1.1.1, which risked blocking every website on the internet. Furthermore, Prince argued, Cloudflare was required to block content not only in Italy, but globally. ” In other words, Italy insists that a shadowy cabal of European media outlets dictate what is and isn’t allowed on the internet,” he said.
Prince’s claims are not without merit. Given the nature of the Internet, a single IP address can be shared by hundreds of users thanks to NAT technology. Furthermore, a single IP address can correspond to multiple domain names: for example, piratefootball.bigcompany.com could be the same as employeeportal.bigcompany.com. Blocking an IP address or domain could therefore effectively eliminate numerous other resources from the Internet.
Cloudflare itself has emphasized that IP blocking can affect completely innocent users. Independent researchers have reached similar conclusions , noting that Piracy Shield can be easily circumvented using a VPN or private DNS resolver and criticizing the system’s asymmetric nature: providers are required to block resources within 30 minutes, while the appeal and unblocking process is unclear and takes much longer.
In his post, Prince also called Piracy Shield “contrary to democratic values” and vowed to appeal the fine.
He then listed Cloudflare’s possible retaliatory measures: blocking millions of dollars in free cybersecurity services for the upcoming Milan and Cortina Olympics, terminating Cloudflare’s free services for all Italian users, removing all servers from Italian cities, and abandoning plans to open an office in Italy and any investment in the country.
The Winter Olympics begin on February 6, so Cloudflare’s departure would pose a serious challenge to the event’s technical team. Prince said he will inform the International Olympic Committee of the “risk to the Olympic Games.”
The company’s CEO also announced his intention to bring the situation to the attention of the Trump administration. “While there are things I would do differently than the current US administration, I appreciate Vice President J.D. Vance’s initiative to recognize that this regulation is a fundamentally unfair trade issue that also threatens democratic values. And in this case, Elon Musk is right: free speech is of paramount importance and is under attack by a group of deeply concerned and out-of-touch European politicians,” Prince wrote.
In conclusion, the company’s CEO stated that he supports Italy’s right to regulate the internet within its borders, but that this must be done according to due process and without requiring content blocking for users outside the country. “This is an important battle and we will win it!!!” he concluded his post in capital letters.
Italian Senator Claudio Borghi responded to Prince’s post, reminding him that AGCOM is an independent regulator, so the fine is not a political issue . He also promised that his party ” will do everything possible to verify whether there are any misunderstandings about Cloudflare’s role.” “I can assure you that this matter will be carefully examined with absolute impartiality,” the senator wrote.
Prince responded that Cloudflare is “happy to engage in dialogue to resolve these issues.” “We don’t want piracy on our platform; it clogs our channels and costs us money,” the company’s CEO added. “We are working with copyright holders around the world to address this issue. Unfortunately, the Italian authorities have been unwilling to engage in dialogue. It would be unfortunate if the actions of a non-governmental agency forced us to abandon the free cybersecurity services we offer. Please contact me and we’ll be happy to discuss this. Let common sense prevail.”
Regardless of whether Italian law is more or less coherent, proportionate, or technically effective, the real issue that has emerged from this affair is another, much deeper and more structural: the key technologies that underpin the Internet in Europe are not under our control.
In a scenario where critical infrastructures such as DNS, CDN, cloud services, and security are in the hands of large non-European players, European states and institutions are inevitably exposed to pressure, retaliation, and “potential escalations” decided overseas —today by a CEO, tomorrow by a US administration, or directly by power lobbies or by a president like Trump who will decide what is acceptable and what is not.
Are you kidding me?
A continent that aspires to be a political, economic, and regulatory power cannot afford such technological dependence.
Europe must urgently initiate a serious and non-ideological reflection on digital autonomy , the sovereignty of cloud infrastructures, and the relationship between regulation, geopolitics, and hybrid warfare.
The events of recent weeks demonstrate that the problem isn’t just piracy or a fine from AGCOM, but the fact that real power—technical, economic, and political—lies elsewhere. And as long as this remains the case, any regulatory conflict risks turning into a preemptive surrender.
And every day could be an opportunity to “unplug”.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
