What began as a routine copyright dispute has ballooned into a geopolitical conflict. American network giant Cloudflare has issued an unprecedented ultimatum to the Italian government. In response to a fine imposed by the Communications Regulatory Authority AGCOM, CEO Matthew Prince has threatened to pull the plug on Cloudflare’s operations in Italy. This would mean the withdrawal of cybersecurity protections for the upcoming Milan-Cortina Winter Olympics, laying bare the lopsided power dynamics in our digital world. While Europe seeks to assert its digital sovereignty through legislation, American tech giants are demonstrating who truly holds the reins.
The escalation over ‘Piracy Shield’
At the heart of the conflict is Italy’s ‘Piracy Shield,’ a system designed to combat illegal live streams of sports events, such as Serie A football matches. The law requires internet service providers to block reported piracy sites within 30 minutes. AGCOM insists that Cloudflare comply with these demands through its public DNS service, 1.1.1.1. When Cloudflare allegedly failed to do so, the regulator imposed a fine of over €14 million.
For a company of Cloudflare’s size, this sum may seem modest. However, it accounts for 1% of its global annual revenue—far more than Cloudflare earns in Italy. CEO Matthew Prince responded furiously on social media platform X, calling the measure disproportionate and arguing that AGCOM operates without due process. According to Prince, Cloudflare is being forced to censor content based on requests that have not been judicially reviewed. The conflict highlights how national legislation clashes with the reality of a globally operating network.
Technical impossibility or unwillingness?
Cloudflare’s defense is not just legal but primarily technical. The company argues that blocking specific content via a DNS resolver is impractical without causing collateral damage. A DNS service translates domain names into IP addresses, and blocking at this level often affects more than just the illegal stream. Many websites share the same infrastructure and IP addresses, meaning a blockade could inadvertently make legitimate sites inaccessible to innocent users.
This is not a hypothetical scenario. In 2024, the Piracy Shield system accidentally blocked Google Drive in Italy. Cloudflare warns that filtering its 200 billion daily DNS requests would severely slow down internet traffic. Additionally, Prince claims that a blockade in Italy could have technical repercussions for Cloudflare’s global network. He refuses to fundamentally alter the company’s architecture for a single national regulator, which he accuses of acting on behalf of a “clique of media elites.” The debate thus shifts from copyright enforcement to the stability of the open internet.
The nuclear option: cutting Italy off
Cloudflare’s response goes far beyond a legal appeal. The company is threatening a “digital scorched earth” tactic. Prince has announced that he is considering removing all servers from Italian cities and halting planned investments in the country. The most painful leverage, however, is the security of the 2026 Milan-Cortina Winter Olympics. Cloudflare provides pro bono cybersecurity for the event, and Prince has threatened to withdraw this protection.
Millions of Italian users could also lose access to Cloudflare’s free services. This ultimatum underscores the enormous dependence on a single American company. If Cloudflare leaves, Italy’s digital infrastructure will become slower and more vulnerable to cyberattacks. It is a power play rarely seen so openly. Italy now faces a dilemma: enforce its law at the risk of digital chaos, or yield to a tech CEO from San Francisco?
Europe’s struggle for digital sovereignty
This dispute is not an isolated incident. It fits into a broader pattern in which Europe is trying to gain control over the digital domain. The European Commission is closely monitoring Italy’s approach, even expressing formal concerns that Piracy Shield may violate the Digital Services Act (DSA). Brussels fears that the system’s speed and lack of judicial oversight undermine the rights of European citizens. It is ironic that an Italian attempt to enforce laws clashes with both American companies and European regulations.
Yet the core issue is infrastructural. For years, Europe has allowed vital parts of the internet to fall into the hands of American companies. As a result, we are now subject to American laws like the CLOUD Act or the whims of a CEO who disagrees with local policy. Until Europe builds its own robust infrastructure, “digital sovereignty” will remain a paper tiger. Cloudflare’s threat painfully illustrates that real power lies with those who control the servers.
Series
The European Alternative
The European Alternative is a series about European tech solutions that prioritize privacy, digital sovereignty, and sustainability. Instead of relying on major American platforms, we highlight the alternatives Europe itself has to offer—transparent, secure, and aligned with European values.
The importance of European alternatives
This incident underscores the urgency of a mission that IO+ has long championed: diversifying our digital supply chain. In our series The European Alternative, we have shown that there are indeed powerful European players. For CDN and DNS services, we are not condemned to rely on Cloudflare. Companies like France’s OVHcloud, Slovenia’s Bunny.net, and Germany’s Myra Security offer comparable performance.
These companies fall under European jurisdiction and comply with the GDPR. They are less likely to play political games with the security of critical infrastructure. Switching to European providers is no longer just a matter of privacy or principle—it has become a matter of business continuity and national security. A country or company that depends on a supplier threatening to leave over a legal dispute is taking an irresponsible risk.
Looking ahead: a precedent for the future
The outcome of this conflict will set a precedent for future internet governance. Cloudflare plans to challenge the fine in court while seeking support from U.S. politics, including the Trump administration. This transforms a technical dispute into a diplomatic issue. If Italy backs down, it will embolden other tech companies to ignore national laws.
If Cloudflare follows through on its threat to leave, Italy will be forced to rapidly develop alternative infrastructure. While painful in the short term, this could be the catalyst Europe needs. It would compel us to invest in true digital autonomy, rather than renting it from overseas. The coming months will reveal whether Europe is willing to pay the price for real sovereignty.