[enricotal]

Also another Italian here. For context, the "Piracy Shield" mentioned in the order is basically a legislative hacksaw authorized by the regulator (AGCOM) primarily to protect Serie A football rights. Soccer rules Italy more than the Vatican..

It’s a mess technically: it mandates ISPs and DNS providers to block IPs/domains within 30 minutes of a report, with zero judicial oversight. It’s infamous locally for false positives—it has previously taken down Google Drive nodes and random legitimate CDNs just because they shared an IP with a pirate stream.

The NUCLEAR threat regarding the 2026 Winter Olympics (Milano-Cortina) is the real leverage here. He’s bypassing the regulator and putting a gun to the government’s head regarding national prestige and infrastructure security.

My personal take idea likely outcome: Cloudflare wins.

EU Law: The order almost certainly violates the Digital Services Act (DSA) regarding general monitoring obligations and country-of-origin principles. Realpolitik: The Italian government can't risk the Olympics infrastructure getting DDoS'd into oblivion because AGCOM picked a fight they can't win. They will likely settle for a standard, court-ordered geo-block down the road, but the idea of Cloudflare integrating with a broken 30-minute takedown API is dead on arrival.

[ta9000]

> The NUCLEAR threat regarding the 2026 Winter Olympics (Milano-Cortina) is the real leverage here. He’s bypassing the regulator and putting a gun to the government’s head regarding national prestige and infrastructure security.

Kind of wild that a private company has that kind of power, both in terms of being one of the few that can offer this service and they can make threats at this level.

[gpm]

I have to say I'm curious over whether that's actually leverage or a massively miscalculated threat that is just going to push the Italian population and politicians firmly against cloudflare.

I'm pretty sure if you tried that here (Canada) it would do the latter.

[DangitBobby]

Would a regulating body in Canada do this, though? And if so, hopefully Cloudflare would say fuck you just the same as they did Italy. It's nice to see someone actually taking a principled stand for once.

[gpm]

If our politicians were stupid enough to pass a law telling them to - I sure hope so - we live in a place with the rule of law not the rule of whatever Joe at the CRTC thinks should happen. Regulators exist to enforce the will of parliament...

Would our politicians pass a law this unfortunate... I hope not... but I don't really have that much faith in them. The current government probably wouldn't, but governments change.

Referencing the Trump administration - the people going around threatening, deporting, arresting, taking money from, etc people as a consequence for speech they don't like - as the standard for free speech makes this far from a principled stand by cloudflare. They took their moral high ground and sunk it. This isn't about speech for them, just money.

[DangitBobby]

You're free to believe all that. "Rule of Law" loses all meaning when corruption takes root. We don't like that "for my friends, everything, for everyone else, the law" shit.

Things can be morally wrong and still legal, and the law itself can intentionally enforce immorality. It's your civic duty to determine when upholding the law degrades you and every else more than following it does.

Also I feel like threatening to take your toys and go home when they don't play fair is a totally valid response.

[gpm]

"for my friends, everything, for everyone else, the law" is a weird description, when that's not the problem with this law at all. There's no question of selective enforcement going on here. The problem is lack of due process, not that.

It's a great description of one of the main tactics the administration he is asking for help uses though. Which again goes to Cloudflare entirely abandoning the moral high ground here.

Threatening to leave is "totally valid" in that it's their right to leave, but it's also not something that a sovereign country that cares about staying sovereign should give any respect to. The only response to a foreign corporation saying that that maintains your independence is "you can't quit, you're fired." Otherwise you just become beholden to the corporation providing you "charity".

[atmosx]

> It's your civic duty to determine when upholding the law degrades you and every else more than following it does.

That’s a lot more complicated. What happens if a foreign power takes over Canada and changes the law? What is the state law goes against the laws stated by your religion?

It’s a thin line, better not deal in absolutes.

[petre]

Not a fan of Cloudfare but why should it be responsible for providing pro bono services to the Italian government during the winter olympics?

If one gets drunk at the pub and threatens the staff after being served free drinks, they get thrown out. Why should this be any different?

In Spain they also have similar laws made specifically for UEFA and the broadcasters' mafia.

[yorwba]

The services aren't pro bono if they're only offered in exchange for getting a law modified.

And if you offer people free stuff and then turn around and demand something in return, they're going to get upset and like you less than if you had never offered the free stuff in the first place.

[toyg]

There was no exchange implied... before this sentence. Cloudflare might well be justified in feeling that the other side altered the deal, so to speak.

[anakaine]

I have to doubt that it would push the populace against the company when the company is actually both providing good (free protection, DDOS mitigation, CyberSec) and supporting appropriate judicial process to make decisions.

[gpm]

Political threats of withdrawing from an event in an explicit attempt to pressure the country is the opposite of supporting appropriate judicial process.

[tonyhart7]

so you want cloudflare to pay fines that 2x revenue of italy customer while also demand cloudflare for services it provides ?????

not counting that the fines also outrageous, 2% global revenue and IP+Domain block for global despite it only Italy request it ????

[concinds]

Is this some weird variant of the right-wing claim that freedom of association is “censorship”? Why would a government be entitled to free shit?

[tsimionescu]

No one is entitled to free shit, but anyone who says "I'll stop giving you free shit unless you do X" is not giving you free shit, they're engaging in barter. And bartering to try to change a law, just like paying to change a law, is obvious and illegal corruption.

[rerdavies]

Pretty sure, speaking as a Canadian, that the Canadian government would not be able to implement that kind of legislation. And that if they did, I would 100% back Cloudflare.

[asa400]

This is one of the consequences of outsourcing this (and other capabilities) to the private sector.

Many governments simply don’t have the skill and political will to invest in these kinds of capabilities, which puts them at the mercy of private actors that do. Not saying this is good or bad, just trying to describe it as I see it.

[miki123211]

Governments just can't come to grips with how much money software engineers make.

Paying a contractor $x million? Yeah no problem, projects are projects, they cost what they cost. Does that $x million pay for 5x fewer people than it would in construction or road repair? We don't know, we don't care, this is the best bid we got for the requirements, and in line with what similar IT projects cost us before.

Paying a junior employee $100k? "We can't do that, the agency director has worked here for 40 years, and he doesn't make that much."

Variants of this story exist in practically every single country. You can make it work with lower salaries through patriotism, but software engineers in general are one of the less patriotic professions out there, so this isn't too easy to do.

[tsimionescu]

> Paying a junior employee $100k? "We can't do that, the agency director has worked here for 40 years, and he doesn't make that much."

I can assure you that junior software engineers in Italy or anywhere else in the EU make nowhere near that amount of money. In fact, few of even the most senior software engineers make that amount of money anywhere in the EU (in Switzerland or the UK they might see such salaries, at the higher tiers).

[sehansen]

Maybe not junior engineers, but it's quite common to make more than $100k in Denmark nowadays. According to the Danish Society of Engineers[0], the median salary for a CS Bachelor graduating in 2025 was 51 000 DKK / month, which is $95 000 USD / year. The average raise received by a privately employed Danish engineer was 5% last year[1], so you'd expect to reach $100k with two years experience.

And, to support miki123211's point, the Danish government has had continuing problems hiring software engineers for the past decade, leading to a number of IT scandals.

0: https://studerende.ida.dk/english/about-to-graduate/salary/s... 1: https://ida.dk/om-ida/nyt-fra-ida/solide-loenstigninger-til-...

[alberto-m]

> in Switzerland they might see such salaries, at the higher tiers

Putting UK and Switzerland in the same pot is wrong, the pay scales are totally different. 100k$ is 80k CHF which is entry level salary for a SWE. The difference between Switzerland and US is at senior level (reaching 160k CHF is much more difficult than reaching 200k$).

[miki123211]

The figures I gave were in-line with the US (as that's what most of this audience understands), but if you scale everything by a certain factor, the entire principle holds basically anywhere.

[tsimionescu]

Not really. US programming salaries are much higher than most other engineering and specialist positions, which makes it harder for the government to hire good programmers.

However, programming salaries here in the EU are much more in line with other specialist salaries, which the government already hires many of. So there is no significant problem in hiring programmers at competitive rates for government work. The bigger problem, and the reason this doesn't usually happen, is just ideological opposition to state services, preferring to contract out this type of work instead of building IT infrastructure in-house.

[Nextgrid]

And they get exactly what they pay for. There's zero reason for a competent professional to stick around with that kind of pay any longer than strictly necessary (aka until their own gig or freelancing takes off).

[angry_octet]

Many people don't want to live in America. I know that if you're American that sounds crazy.

[Nextgrid]

Not just governments, that same kind of greed exists in private companies too.

The only way to make good money while being an employee is to have your buddy spin up a "vendor" offering overpriced bullshit and shill it within your company. In exchange, you also spin up a "vendor" and your buddy shills it at his company.

[Imustaskforhelp]

This might explain why there are sooooooooo many vps providers/cloud providers, this might be one valid reason as to why.

I am sure that this might not be the only reason but still, its a valid reason for many. Do you know of companies/people which do this and how widespread this practise is?

To me it still feels like malicious compliance tho for what its worth.

[Nextgrid]

I said this in jest as a reaction to what post-tax SWE salaries in Europe top out at, all while the same companies have no problem burning insane money on vendors. There is zero incentive to do good work as an employee as it won't be compensated anywhere near what even a shoddy vendor gets paid.

But given the rise of many SaaSes selling exactly the same thing every full-stack web framework used to provide for free - think Auth0, Okta, etc, it may very well be happening.

[debugnik]

> Paying a junior employee $100k?

In Southern Europe? More like $30k gross.

[jkman]

How is revoking pro bono work you volunteered 'wild'? Should offering services lock you into indentured servitude?

[account42]

There is a difference of stopping a free service (for whatever reason) and threatening to stop a free service if the other party doesn't do what they want.

[isodev]

> Kind of wild that a private company has that kind of power

Also kind of wild that it’s a private US company pushing their current political views on another sovereign state. Cloudflare as a political tool of leverage is a level of dystopia we really should try not to unlock.

[nl]

What are the exact political views the Cloudflare is pushing here?

That it is unreasonable for Italian soccer rights owners to try to use Cloudflare to enforce their broadcast restrictions with 30 minutes notice?

That it is unreasonable not to have a appeal right for these restrictions?

That the technical solution demanded is technically infeasible?

Not sure that these are political views at all.

[johncolanduoni]

They're threatening to take their ball and go home. If they move all of their operations out of Italy, under what principle does Italy demand they block content globally? Should Wikipedia remove their page on Tiananmen Square because the Chinese government demands it (which they would, if they thought it would work)?

[randomNumber7]

The Chinese are smart enough to realize how evil you look if you ask for s.th. like that.

[msh]

i think it’s quite normal and always have been normal for companies to leave countries when the regulative environment goes against them.

[account42]

Most of them are not as brazen as putting "change your laws or here is how we will fuck you over" in a tweet.

[SkiFire13]

I can assure you that a lot of Italians agree with Cloudflare on this topic.

[iamkonstantin]

I think the parent is trying to say that whatever issues Italy may have internally, it's not up to Cloudflare to comment or enact solutions on their own.

[staplers]

  a private US company pushing their current political views on another sovereign state

This has always been the case in the western world, even before America itself existed. Some use the US govt (CIA) as leverage but often will just do it themselves.

[davidguetta]

They push nothing, they push back on retarded decision. Italy is not even a real market for them

[atmosx]

> but the idea of Cloudflare integrating with a broken 30-minute takedown API is dead on arrival.

Why? Technically it’s very easy. Wha if JDV asked CloudFlare to implement this on a different occasion? Would it be dead on arrival?

[Nextgrid]

A system like this could actually work as long as every takedown request involves posting a significant bond into a holding account and where the publisher can challenge the block and claim the bond if the block is ruled illegal.

This achieves the advantages of quick blocking while deterring bad behavior, and provides cost-effective recourse for publishers that get blocked, since the bond would cover the legal fees of challenging the block (lawyers can take those cases on contingency and get paid on recovery of the bond).

[mercutio2]

This is one of the very few non-money-laundering use cases for crypto.

I would support a “5 cents per unsolicited email” email system, in a similar way. If you make it a mildly enjoyable $5/hour task to read the first sentence or two of your spam folder, the overall internet would be better.

[torginus]

I don't get how censorship of this kind is even technically feasible?

I can rent a vpn on AWS, then connect to a stream hosted in Kazakhstan. You can't take down a website there, and you certainly can't rangeban AWS ips.

[mlrtime]

Which stream, asking for a friend :)

[Imustaskforhelp]

Can they not block your AWS account though?

[xinayder]

Italy can also buy the bluff and you know, partner with an EU company to provide them the service Cloudflare would offer "for free".

[pyvpx]

There is no “EU” company with remotely the same network capacity or capability, in general

[xinayder]

BunnyCDN is a good contender for the network. They can find another provider for cybersec.

[lgeek]

BunnyCDN don't run their own network, most of their servers are hosted at DataPacket(.com), but they use some other hosting companies too.

DataPacket has a very large network though and is kind of, sort of EU-based. AFAIK most operations are in Czechia, but the company is registered in UK. And there's also the Luxembourg-based Gcore.

[immibis]

Can someone report a bunch of government websites and legal streaming services and see what happens?

[kavaruka]

Only right owners can report websites, the Piracy Shield is essentially a tool in the hands of “Serie A Soccer League” and DAZN.

[_aavaa_]

How is the rights holder verified in 30 minutes?

[mlrtime]

I'm always reminded of this: https://youtu.be/y9SygP4BDxE?si=DoulFlfNWlGrDxnW&t=185

"Just look at me, tell me I'm not Kramer"

[wmf]

I'm sure they have a preexisting relationship with AGCOM.

[SkiFire13]

They aren't