Since the first court order late 2000’s, European countries have been at the forefront of pirate site-blocking efforts.
These blocking actions initially relied on measures that required Internet providers to restrict access to notorious pirate sites. More recently, however, blocking requirements have spread to other online intermediaries.
For example, in several countries, blocking injunctions expanded to third-party DNS resolvers such as Cloudflare, OpenDNS and Google. Not much later, VPN services became a target, as these could also be used to circumvent blocking orders.
While major rightsholders argue these measures are effective and proportionate, critics highlighted overblocking incidents where anti-piracy measures restricted access to legitimate sites and services, restricting the free flow of information.
A new report published by the Centre for European Policy Studies (CEPS) today adds substantial weight to that critique. CEPS is not part of the EU, but it operates as a leading independent think tank that advises on EU policy.
Benefits and Costs of Website-Blocking Legislation
The study, titled The Benefits and Costs of Website-Blocking Legislation: An Economic, Legal and Policy Assessment, examines website-blocking measures across all 27 EU Member States and assesses whether those measures are effective, proportionate, and compatible with EU law.
The report’s central finding is blunt. It concludes that site blocking is associated with substantial risk of unintended consequences and harmful side effects. These adverse effects, including overblocking, are not always fully recognized before site-blocking measures are enacted.
The report suggests that blocking schemes are prone to overblocking because these rightsholders are not liable for mistakes, nor do they bear the costs, which are typically paid by the ISPs or other intermediaries.
“These problems are exacerbated by the fact that rightsholders bear none of the costs of website blocking and are thus incentivised to pursue stringent blocking orders without concern for the collateral damage they cause – there is no back-pressure,” the report reads.
Italy and Spain: A Pattern of Collateral Damage
The report examines six EU jurisdictions in detail, and in each case, the findings are critical of site blocking.
Italy’s Piracy Shield, operated by regulator AGCOM, requires ISPs to block notified domains and IP addresses within 30 minutes, with no prior court order. This system has repeatedly resulted in overblocking, where the anti-piracy system blocked access to legitimate sites and services.
Instead of addressing the collateral damage concerns, AGCOM fined Cloudflare €14.2 million in January, after the company refused to globally filter its 1.1.1.1 DNS resolver. Cloudflare has since appealed the fine, while challenging the legitimacy of the Piracy Shield system.
Spain has also seen reports of similar collateral damage through its blocking regime. For example, the report notes that when LaLiga was granted a court order in its favor, it targeted a series of Cloudflare-owned IP addresses starting in February 2025. These blocked pirate streams, but also 3,300 lawful services that used the same infrastructure.
“The collateral damage was significant for ordinary users, businesses, and services that had no connection whatsoever to piracy,” the report notes, adding that the court formally dismissed Cloudflare’s appeal in March 2025.
Meanwhile, in Belgium, site-blocking orders have targeted DNS resolvers, which led to OpenDNS temporarily exiting the country in April 2025. The company eventually returned as the ruling was suspended pending appeal, but by then it had already done its damage.
“The episode illustrates how overreaching court orders can have unintended consequences for the broader digital ecosystem, and how disproportionate liability exposure can sometimes incentivise service provider withdrawal rather than compliance,” the report writes.
Report Questions Blocking Effectiveness
Beyond the collateral damage, the report also questions whether blocking achieves its stated objective of stopping piracy. After all, users are typically good at bypassing blocking measures.
The report cites various academic studies, including a 2023 paper published by researchers from Chapman University and Carnegie Mellon University, which found that site blocking led to a modest increase in visits to legal sites. According to the report, it’s unclear if these effects last.
“Recent research confirms that blocking can sharply reduce access to targeted IPTV and streaming piracy services, but no study in the past five years provides a rigorous estimate of how long these effects persist,” the report reads.
The report does find that illegal consumption of films and music has declined substantially over time. However, it attributes this to increasing availability and affordability of legal content, not to enforcement.
Rightsholders are well aware of the limits of site blocking. In response, they expanded their blocking requests to also cover DNS resolvers and VPN providers, as we have seen in France, Belgium, Italy, Spain, and elsewhere.
The CEPS report does not see stricter blocking measures as a solution; it suggests a wide range of other recommendations for the EU, member states, and copyright holders.
IP Blocking Should Be Abolished
The report makes 12 formal recommendations. The most significant is that IP-based blocking should be avoided altogether, due to its inherent tendency to block large numbers of legitimate service sites. DNS-level or URL-level blocking should be used instead.
CEPS points out that this conclusion was also reached following reviews conducted by local telecoms regulator TKK, which effectively banned IP-address blocking in the country.
“To the extent that blocking is used at all, better targeted mechanisms such as DNS-level or URL-level blocking should be used instead, consistent with the Austrian TKK’s reasoning. IP-based blocking is inherently overinclusive because shared IP addresses serve thousands or millions of legitimate domains,” the report reads.
Other recommendations include a requirement for rightsholders to contribute to the costs of implementing blocking measures, and the option to be held liable for damages caused by overblocking at their request.
| # | Target | Recommendation Summary |
|---|---|---|
| 1 | Rightsholders | Reflect on pricing schemes and restrictions on availability and convenience, such as geo-blocking. Widespread availability of affordable content is the most effective means of combating piracy. |
| 2 | Member States | Measures to assist users in distinguishing legal from illegal content, including improved education, should be part of a comprehensive strategy. |
| 3 | European Union | Whether content is illegal or infringing should be judged under the laws of the country of use, not the country of origin. |
| 4 | Rightsholders | Whenever legally and practically feasible, rightsholders should first pursue infringers who reproduce content without consent before addressing intermediaries. |
| 5 | European Union | Additional EU-level guidance is needed on whether and how to block, taking into account the principle of subsidiarity and the need to avoid market fragmentation. |
| 6 | Member States | Blocking orders should be subject to prior or rapid judicial review, as a standard to be required across Member States. |
| 7 | European Union | IP-based blocking should be avoided altogether. If blocking is used, better targeted mechanisms like DNS-level or URL-level blocking should be used instead. |
| 8 | Member States | Any delegation of blocking authority to private entities must be accompanied by meaningful oversight and safeguards. |
| 9 | Member States | Blocking orders should be time-limited with periodic review, and the geographical scope should be clearly defined and limited. |
| 10 | European Union | Rightsholders should contribute to implementation costs and bear liability for damages caused by overblocking implemented at their request. |
| 11 | Member States | National regulators should assess blocking orders for compliance with Article 3(3) of the Open Internet Regulation before implementation, not merely after the fact. |
| 12 | European Union / Member States | Enforcement and coordination of hybrid warfare content blocking should be strengthened at EU level, and national regulators should be provided with sufficient technical capacity and clear guidance for consistent implementation. |
The report also calls for all blocking orders to be subject to prior or rapid judicial review, to be time-limited with periodic reviews, and narrow in scope.
According to the report, the UK blocking model comes closest to its ideal. English High Court orders are time-limited, technically evidenced, and require rightsholders to demonstrate that proposed blocking methods will not affect legitimate content. There hasn’t been any significant overblocking reported in the UK either.
Nord Security Funded the Study
CEPS writes that the study was conducted at the request of and with the support of Nord Security, parent company of NordVPN. However, the think tank states that the analysis and conclusions are entirely independent and reflect the views of the authors alone.
Speaking with TorrentFreak, a Nord Security spokesperson confirmed its support of the study while stressing that the research was conducted independently.
“Website-blocking measures are expanding across Europe, yet there has been limited independent analysis of whether they are effective, proportionate, and compatible with EU law. Nord Security funded this CEPS study because we believe policy in this area should be shaped by evidence, not assumptions,” Nord told us.
As one of the world’s most widely used VPN services, NordVPN has a major stake in the blocking debate. The company has been targeted by blocking orders, including in France, where it recently lost its appeal together with other VPN services.
Nord Security also attended the report’s presentation in Brussels this afternoon, where its Regulatory Policy & Compliance Counsel Emilija Beržanskaitė was critical about site-blocking efforts. At the same hearing, the EU’s Intellectual Property Office and the EU’s Directorate-General for Communications Networks, Content and Technology were also present.
For now, the report arrives at a moment when intermediaries are pushing back against blocking regimes across Europe, while the European Commission is yet to issue harmonized guidance on how member states should address blocking concerns.
