Over the past few months, Italy has taken a bold step in regulating the Internet — not out of foresight but out of deference to powerful commercial interests — by introducing a mechanism whose speed, automation, and sheer irrationality are unprecedented in the Italian legal system. It is called Piracy Shield, and it has been presented as a modern and effective response to online piracy.

To anyone with even a basic understanding of how the Internet works, however, it quickly reveals itself for what it really is: a system of rapid administrative censorship, technically crude and legally disproportionate, built on the simplistic assumption that saving a football match justifies breaking the normal functioning of the Internet and casually discarding a few core principles of the rule of law along the way.

Piracy Shield allows accredited private entities — holders of audiovisual rights and their representatives — to report IP addresses and domains allegedly associated with infringing content. These reports are not subject to prior judicial review, nor to independent human verification. Once entered into the system, they automatically generate blocking orders that must be enforced within thirty minutes by ISPs, DNS resolvers, CDNs, and other technical intermediaries. The entire process is administrative and automated, with any form of review — if it happens at all — taking place only after the damage has already been done.

This approach marks a clear break with the principles that normally govern restrictions on access to online content, especially when fundamental rights are at stake. At this point, it is legitimate to ask whether the State shows the same zeal when faced with far more serious crimes such as terrorism, incitement to violence, or organised abuse.

And this is where the comparison with the fight against child sexual abuse material becomes unavoidable. In that context, despite dealing with one of the most serious crimes imaginable, the Italian and European systems still operate with a degree of caution. Reports originate from law-enforcement agencies or specialised bodies, are verified, framed within criminal proceedings, and subject to judicial oversight. Blocking measures are targeted, lists are curated carefully, and overblocking is treated as a critical risk — not as an acceptable side effect.

The paradox is obvious. For the most serious crimes against individuals, the State proceeds slowly and with safeguards. For copyright violations linked to sporting events, it accelerates, automates, and drastically reduces protections. The imbalance is not merely legal, but cultural. It sends a clear message: the economic urgency of a live football match outweighs the caution normally required when restricting fundamental rights.

This distortion becomes even clearer when Piracy Shield is examined in light of the Digital Services Act. The DSA explicitly recognises that technical intermediaries such as DNS providers and CDNs are neither publishers nor hosting providers, but neutral actors with limited liability and no general obligation to monitor content. Under the DSA, removal or blocking orders must be specific, reasoned, transparent, and subject to effective remedies. Piracy Shield does the opposite: it generalises, automates, reduces transparency, and shifts decision-making power away from the judiciary altogether.

From a technical perspective, the system rests on equally fragile assumptions. IP-based blocking, in an Internet dominated by CDNs, reverse proxies and shared hosting, is a blunt instrument. A single IP address can host dozens or hundreds of perfectly legitimate services belonging to entirely unrelated parties. When that IP is blocked, all of them are taken down. This is not a theoretical concern. In the past, overly broad or erroneous reports have temporarily made legitimate websites, business services and cloud platforms unreachable, causing real economic harm to innocent operators.

These are not isolated accidents, but structural consequences of using infrastructure-level tools to solve application-level problems. DNS and routing mechanisms are inherently incapable of distinguishing between legal and illegal content sharing the same network endpoint. Pretending otherwise either reflects a lack of understanding of how the Internet works or a conscious decision to ignore it.

The comparison with cases such as phica.eu makes the situation even more surreal. In that case, there was an actual criminal allegation. Law-enforcement authorities were involved. The Postal Police followed a formal investigative process, with time-consuming procedures, verifications, accountability, and clear legal responsibilities. There were no automated commands, no administrative platforms capable of issuing infrastructure-level orders in thirty minutes. When the State deals with real crimes, it takes its time. When it deals with football, it does not.

There is yet another layer of hypocrisy that deserves to be stated openly. Over the years, many restrictive digital laws have been justified by invoking child protection. It is a powerful rhetorical device, often used to silence debate on proportionality, safeguards, and limits to State power. It is frequently intellectually dishonest. Still, even in that case, the protected legal interest is real and extremely serious. The link between means and ends, however strained, exists.

With Piracy Shield, that link disappears entirely. What is being protected here is not people, but private economic interests. Legitimate interests, perhaps, but neither exceptional nor emergency-level, and certainly not sufficient to justify bypassing judicial oversight and introducing automated censorship mechanisms. If it is already deeply problematic to restrict fundamental freedoms in the name of child protection, it becomes outright grotesque to do so in the name of a football broadcast schedule.

The result is a system that harms not only those who illegally distribute content, but also entirely unrelated third parties: companies, professionals, cloud providers and end users. Treating infrastructure as if it were a publisher undermines network neutrality and the overall reliability of the Internet. It is therefore unsurprising that global operators have begun reassessing the risks of continuing to offer services and invest in a country that seeks to impose national administrative controls on global infrastructure.

This is also where the increasingly surreal rhetoric of “digital sovereignty” enters the picture. According to this narrative, the clash with Cloudflare represents a necessary assertion of State authority over the network. In reality, there is nothing sovereign about demanding that a global infrastructure provider alter the behaviour of its DNS or CDN services to compensate for poorly designed domestic regulation. What is being presented as strength is, in fact, regulatory improvisation dressed up as firmness.

The irony is hard to miss. Many of the same political actors now invoking digital sovereignty spent years rolling out the red carpet for Big Tech, offering regulatory leniency, favourable tax regimes, and lucrative public contracts, all while failing to develop any coherent digital industrial strategy. Sovereignty, it seems, is not about building public infrastructure, European alternatives, or internal capabilities. It is about shifting the political cost of bad policy choices onto an American DNS provider — as long as football revenues are protected.

Strip away the slogans, and the facts are simple. In Italy today, it is easier to block parts of the Internet to protect a football match than it is to address some of the most serious crimes against individuals. Piracy Shield is not a necessary technical solution. It is a dangerous precedent, and it demonstrates that when football is involved, fundamental safeguards can wait.