Italy: Tech companies were cited for DSA violations in 2025. Some complied with orders, some did not

Sponsor ad - 728w x 90h (at 72 dpi)

Italy’s media regulator AGCOM released an annual report in accordance with the provisions of Art. 55 of the Regulation on Digital Services (DSA), reporting on its efforts to comply with the DSA for the year 2025.

The agency reported issuing two orders pursuant to Article 9 of the EU’s Digital Services Act, which establishes parameters around the reporting of illegal services for remediation. It also issued four orders pursuant to Article 10, which regulates the reporting of illegal services to online intermediaries.

Sponsor ad

Cloudflare ignores order

One of the two Article 9 orders went to Cloudflare Inc., which was ordered to disable DNS resolution for domain names and the routing of network traffic to IP addresses reported by rights holders via Italy’s Piracy Shield ticking platform, or to take the necessary technological and organizational measures to render the illicitly disseminated content inaccessible to end-users. Cloudflare neither complied with the order nor communicated the action taken in response.

Consequently, AGCOM initiated sanction proceedings and an injunction order for non-compliance with the order, and informed ANACOM (Portugal) of the violation for appropriate follow-up action.

Order to Microsoft

The other Article 9 order went to Microsoft Ireland Operations Limited (for the Bing search engine), to block the visibility of illicit content and de-index the related domain names, and Microsoft promptly complied.

Intermediary orders

AGCOM issued four Article 10 orders—addressed to Google Ireland Limited (Google App Store), Cloudflare Inc., and OVH SAS—aimed at identifying the entity behind an IPTV application that was illegally distributing live-streamed audiovisual works.

Cloudflare Inc. failed to provide the requested information, pointing out that it is an intermediary service provider not established in Europe and requesting the application of US law (such as the Mutual Legal Assistance Treaty, or MLAT) instead of the DSA.

Google and OVH responded to the aforementioned requests, although OVH’s response was submitted after the established deadlines had expired.

A further order was addressed to Meta Platforms Ireland Limited concerning the protection of minors using Facebook. In response, Meta argued that Article 10 of the DSA does not grant AGCOM the authority to initiate proceedings against the firm—including the issuance of requests for information relating to a recipient of its service and failed to provide the requested information. Sanction proceedings have been initiated and are currently ongoing.

Why it matters

The DSA establishes harmonized rules within the European Union for a safe and transparent online environment, imposing a series of obligations on different categories of providers of intermediary services, including hosting services, online platforms and search engines.

AGCOM’s 2026 priorities include the strengthening of national cooperation with national authorities involved in tackling illegal online content, including through formal arrangements and the possible establishment of a dedicated e-commerce task force to support coordinated enforcement of EU and national rules. These include promoting awareness of users’ rights and of providers’ obligations; deepening structured engagement with Trusted Flaggers, and strengthening the protection of minors.

Further reading

Digital Services Act – Annual Report 2025. Link to report. Released July 10, 2026. AGCOM (Autorità per le Garanzie nelle Comunicazione

From our Sponsors