Italian IT guy here.
I understand Cloudflare’s position.
BUT
IMO making this only "Cloudflare good vs Italy bad" is too simple.
Italy’s anti-piracy system (Piracy Shield) is a shitshow: too fast, too automated, and often unfair. And "shit happens" is not ok when legit services get blocked too (like Google Drive on 19 Oct 2024).
One point: if a private company can say "we will not comply" and also hint they can pull services from an entire country, this is not legal stuff anymore, it’s soft power. DNS and DDoS protection is infrastructure, and infrastructure is not neutral.
So here we have a critical infrastructure player taking a strong position, and becoming a political actor, and lately it doesn’t always feel accidental.
One more tiny thing: Cloudflare did not fully leave Russia after the 2022 invasion, saying "Russia needs more access to the Internet, not less". So... for me it feels a bit weird to frame this as an "Italian law" problem (valid point), when the real question is: who decides, and with what responsibility, when infrastructure providers should comply or resist?
It seems reasonable that the infrastructure providers would decide who they service, and on what terms. If countries decide to pass laws that are impractical or violate clear moral boundaries around things like free speech or due process, then they are running the risk that people will stop working with them. That's part of the cost.
But I'm sort of an extremist in this regard, I guess. My belief is that companies should be able to choose who they service. So when Google threatened to leave Australia or Canada over the news link taxes, it felt like that's Google's prerogative. I feel the same way about Cloudflare here.
The CEO's outrage is most likely politically motivated. The current US administration appears to support basically all of the US tech companies against any foreign regulation. Therefore, it makes sense to kick and scream in this case to see if the US government will pressure Italy to make life easier for them.
Note that I mostly agree that the Italian anti-piracy system (and these kinds of systems in general) are super problematic, and it's like using a nuke to crack a walnut.
It's about precedence in cases like this as the dominos fall quickly otherwise. If you stop the roots from growing then other countries won't get ideas. It's why companies should totally ban the Brit geo for all the daft laws they enact.
Italy’s anti-piracy system (Piracy Shield) is a shitshow: too fast, too automated, and often unfair. And "shit happens" is not ok when legit services get blocked too (like Google Drive on 19 Oct 2024).
One point: if a private company can say "we will not comply" and also hint they can pull services from an entire country, this is not legal stuff anymore, it’s soft power. DNS and DDoS protection is infrastructure, and infrastructure is not neutral.
So here we have a critical infrastructure player taking a strong position, and becoming a political actor, and lately it doesn’t always feel accidental.
One more tiny thing: Cloudflare did not fully leave Russia after the 2022 invasion, saying "Russia needs more access to the Internet, not less". So... for me it feels a bit weird to frame this as an "Italian law" problem (valid point), when the real question is: who decides, and with what responsibility, when infrastructure providers should comply or resist?