Canal+ sued not only over the pirate sites, but over the infrastructure of access: Google (Google Ireland / Google LLC), Cloudflare, and Cisco (OpenDNS).

Turning the Internet’s Phonebook Into an Enforcement Lever: The Paris Court of Appeal’s DNS-Blocking Breakthrough

by ChatGPT-5.2

Background: why this case mattered

Live sports piracy has always been a race against time: the value of the content collapses the moment the whistle blows and the match is already “free” elsewhere. In France, Canal+ (and its channel-operating entity) held exclusive rights to broadcast the Premier League in France and Monaco and claimed neighbouring rights in the programmes they produced around the matches. They argued that pirate sites were streaming matches live to users in France.

France already had a familiar anti-piracy playbook: court orders directed at access providers (ISPs) and other intermediaries. But Canal+ described a practical loophole: even when ISPs block pirate domains, users can bypass those blocks by switching their DNS resolver to an “alternative” resolver run by third parties (rather than the default DNS resolver provided by the ISP). DNS resolvers don’t host the pirated streams; they translate domain names into IP addresses so a user can reach a site. In Canal+’s framing, alternative DNS had become an enabling layer for circumvention at scale.

So Canal+ sued not only over the pirate sites, but over the infrastructure of access: Google (Google Ireland / Google LLC), Cloudflare, and Cisco (OpenDNS). They sought orders compelling these companies, as alternative DNS providers, to block access to identified pirate domains and—crucially—to extend blocking to domains later identified during the season (a “dynamic” list), with a regulator-linked verification mechanism.

The first-instance court granted the requested injunctions. The DNS operators appealed. The Paris Court of Appeal upheld the core approach and, in doing so, produced one of the most consequential European rulings yet on DNS resolvers as enforcement targets.

The grievances: what the DNS operators argued (and why)

Although each appellant had its own emphasis, the appeal concentrated on a set of recurring objections:

1. They shouldn’t be in the case at all (standing / proper defendant).
   Appellants challenged whether Canal+ had proved the rights it claimed and whether DNS resolvers were the kind of “person capable of contributing” to stopping infringement that the French Sports Code contemplates.

2. DNS resolvers aren’t “intermediaries” in the copyright-injunction sense.
   The companies leaned into the “phonebook” metaphor: DNS simply translates names into numbers; it does not transmit or curate content, does not direct users to infringing sites, and operates neutrally and passively.

3. EU law obstacles: the e-Commerce Directive / “country of origin” and notification.
   Google argued the injunction was not enforceable against it because France allegedly failed to satisfy the notification formalities under Article 3(4) of the e-Commerce Directive—formalities that, under EU case law, can render measures “inopposable” (unenforceable) against the provider.

4. The Digital Services Act (DSA) and specificity concerns.
   Google attacked the “dynamic” element: blocking future sites “not yet identified” would be incompatible with the DSA’s requirements for orders to include information identifying the illegal content, and would amount to a kind of blind, open-ended enforcement.

5. Proportionality and technical burden.
   Cisco and Cloudflare stressed over-blocking and under-blocking risks from geolocation-limited DNS filtering, claimed performance impacts, and described engineering costs and architectural incompatibility—arguing the remedy was disproportionate, especially because users can still circumvent via VPNs and other resolvers.

6. Procedural escalation: refer questions to the CJEU.
   Cisco and Cloudflare sought a referral to the Court of Justice of the EU on whether the French regime was compatible with EU law (and whether it was a “general and abstract measure” triggering notification duties).

What the Court did: the core holdings in plain English

The judgment is long, technical, and highly strategic. But its core logic is direct:

1) Canal+ had standing, and the rights claim was “good enough” at this stage

The Court accepted that Canal+ had sufficiently shown exclusive rights to transmit the competition in France/Monaco (through supporting evidence including a letter from the Premier League rights holder and corroboration), and that both Canal+ entities could claim neighbouring rights in the programmes they broadcast (the broadcast being a programme shaped by editorial/technical choices, not merely raw match footage). This cleared the path for injunction relief.

2) DNS resolvers can be treated as “intermediaries” whose services are used to infringe

This is the centrepiece. The Court linked French law’s “person susceptible de contribuer” to the EU copyright framework for injunctions against intermediaries. It leaned heavily on the broad logic of UPC Telekabel Wien: intermediaries are those who are “obliged actors” in the chain enabling transmission of infringements.

The Court then made a move with significant consequences: it treated DNS resolution as functionally enabling access to infringing services—especially where DNS is used to circumvent ISP blocks. Even if DNS is automatic, neutral, and passive, that neutrality is not the point: the case is not about intermediary liability; it is about whether the intermediary can be ordered to take proportionate measures to help stop ongoing infringement.

It also explicitly framed DNS as essential infrastructure, borrowing support from EU cybersecurity policy language that positions DNS reliability as vital to the functioning of the digital economy and society—effectively rebutting the “non-essential” characterization.

3) The DSA does not protect DNS resolvers from injunctions—if anything, it confirms the pathway

The Court treated the DSA (Regulation 2022/2065) as confirming that DNS is an intermediary “mere conduit” service, while also emphasizing that the DSA’s liability rules do not remove the power of courts to order intermediaries to prevent or stop infringements. This matters because it discourages the argument that the DSA’s intermediary categories somehow “cap” what national courts can do via injunctions.

4) Dynamic blocking can be proportionate when paired with safeguards

The Court took seriously the reality of live piracy: domains shift quickly; static lists are defeated quickly. It signaled that blocking sites not yet identified at the date of the order is not inherently unlawful if the process includes verification and guardrails—here, including a mechanism involving the French audiovisual regulator and judicial supervision in case of over-blocking or execution difficulties.

In other words: the Court did not accept the “orders must be frozen at day zero” premise. It accepted an enforcement architecture designed for a fast-moving adversary.

5) “You can still circumvent it” is not a silver bullet against effectiveness

The Court did not treat circumvention (VPNs, other resolvers) as a reason to refuse relief. That’s a critical policy stance: in infrastructure enforcement, perfection is not the standard—material friction is. If the relief meaningfully reduces access, it can be proportionate even if sophisticated users can still bypass it.

6) Proportionality: the Court demanded evidence, not hypotheticals

On engineering burden, the Court’s tone is blunt: claims of massive effort and system incompatibility were not substantiated with objective proof, and they were undercut by the fact that the companies already offer DNS filtering services to their own customers. On geographic limitation and performance impacts, it treated some risk of error as inevitable but manageable—and rejected purely theoretical performance-harm assertions.

It also defused a major rhetorical move: the claim that repeated seasons would turn a temporary order into a quasi-permanent duty. The Court refused to reason from hypotheticals and emphasized the time-limited nature of the specific injunction at issue.

7) The EU notification “inopposability” attack failed

Google’s e-Commerce Directive strategy was to turn this into a procedural landmine: if the measure required notification and it didn’t happen properly, the order can’t be enforced against Google.

The Court’s handling matters because it shows how courts may cabin this argument in future infrastructure injunction cases. It treated the French mechanism as not being a “general and abstract” restrictive measure of the type that triggers the notification logic in the way Google claimed (and it rejected the argument that a different kind of notification—made under another EU procedure—solved the problem while still concluding Google’s inopposability claim failed).

8) The Court declined to turn the case into a CJEU referral vehicle

The Court did not adopt the appellants’ invitation to pause and send questions to Luxembourg. That is strategically important: it prevented the appeal from becoming a delaying tactic (which, in live sports piracy, can be outcome-determinative).

The most surprising, controversial, and valuable parts of the verdict

Most surprising

• DNS neutrality didn’t matter. The Court was explicit that neutrality/passivity—so often decisive in liabilitydebates—doesn’t block injunction power where the goal is to prevent ongoing harm.

• DNS is treated as an “obliged actor” in infringement transmission. That is a conceptual escalation: DNS is not just a helpful convenience; it is structurally embedded enough to justify being pulled into enforcement duties.

• A court openly embraces the idea that dynamic injunctions are necessary for live events. The Court effectively validated an enforcement model built for adversarial adaptation.

Most controversial

• Dynamic blocking of not-yet-identified domains. Even with safeguards, critics will call this “delegated censorship infrastructure,” especially if mistakes occur or if the verification process becomes rubber-stamping.

• Collateral impact and the over-blocking question. The Court acknowledged error risks but considered them manageable. Civil liberties groups may argue the judgment under-weights the real-world costs of false positives and the potential chilling effects on lawful content.

• Infrastructure precedent spillover. Once DNS resolvers are in scope, other “behind the scenes” services will be the next frontier (DoH endpoints, encrypted DNS gateways, VPN providers, possibly CDN-adjacent routing services)—raising questions about where courts will draw lines.

Most valuable (for rights owners)

• A clear path to reach “circumvention infrastructure.” This closes a practical loophole: you can block at ISP level and still lose the war if users can switch resolvers in seconds.

• A template for proportionality. The Court repeatedly rewards specificity, time limitation, geographic scope limitation, and documented safeguards, while punishing unsupported claims of burden.

• A roadmap for surviving EU-law procedural attacks. The e-Commerce Directive / notification issue is a favourite defense strategy; the Court’s reasoning shows one way to neutralize it.

Outcome: who won, and what happened next

The Paris Court of Appeal affirmed the core injunction approach against Google, Cloudflare, and Cisco and rejected their major defenses (including Google’s “inopposability” argument). It also shifted the money question: unlike the first-instance approach where each side bore its own costs, the Court imposed appeal costs and ordered each DNS operator (grouped by company) to pay Canal+ a defined amount for unrecoverable costs on appeal.

In practical terms, Canal+ got what it needed most: confirmation that alternative DNS resolvers are reachable by injunction, and that dynamic DNS blocking—structured with safeguards—can be lawful and proportionate.

Impact and importance: why this is bigger than sports piracy

This ruling is not just about football. It is about where enforcement power can land in a layered internet stack.

1. It reframes DNS resolvers from “neutral plumbing” to “enforceable chokepoints.”
   That is a structural shift. DNS resolvers have historically sat in the background of content disputes. This decision moves them closer to the front line.

2. It strengthens the European trend toward “follow the circumvention.”
   Blocking the original pirate site is necessary but not sufficient; enforcement increasingly targets the services that make avoidance easy.

3. It aligns anti-piracy logic with the DSA era rather than being displaced by it.
   The DSA is often invoked as a new constraint. Here, DNS’s classification as a mere-conduit intermediary did not immunize it; the Court treated injunction capacity as intact.

4. It sets up the next battlefield: encrypted DNS and “privacy” infrastructure.
   DNS over HTTPS (DoH) and similar technologies are marketed as privacy and security tools—but they also make blocking orders easier to circumvent. This decision signals that courts may be willing to impose obligations on providers who operate those pathways, especially where the provider already offers filtering products.

5. It creates negotiation leverage.
   Once a court confirms injunction exposure, commercial “voluntary cooperation” frameworks become more likely—because the alternative is recurring litigation, costs, and compliance oversight.

How other rights owners can use this verdict

If you’re a rights owner—sports, film/TV, music, publishing, software—this decision is a playbook. Here’s how to operationalize it.

1. Build the “circumvention narrative” with evidence, not vibes.
   Don’t only show that piracy exists. Show that prior ISP/search blocks are being bypassed specifically via alternative DNS and that alternative DNS meaningfully sustains access.

2. Design your requested order like a proportionality checklist.
   The Court responds to disciplined tailoring:

   • narrow territory (only where you hold exclusive rights),

   • narrow timeframe (event windows / season segments),

   • domain lists with clear formatting,

   • explicit redress mechanisms for over-blocking,

   • judicial/regulatory supervision for dynamic updates.

3. Ask for “dynamic” relief—but anchor it in safeguards.
   The controversial part becomes survivable when you build a verification workflow and provide a path to challenge mistaken blocks quickly.

4. Pre-empt the “technical impossibility / cost” defense.
   The Court was unimpressed with unsupported engineering claims—especially where the provider sells filtering products. Rights owners should:

   • demand concrete proof (time estimates, architecture diagrams, cost breakdowns),

   • collect public product evidence showing the provider already performs filtering,

   • propose phased or narrowly scoped implementation options to undercut the “impossible” framing.

5. Treat EU-law defenses as predictable, and draft around them.
   Expect the e-Commerce Directive / “country of origin” argument and prepare a response:

   • frame the relief as a targeted judicial measure responding to specific infringements (not a general/abstract national restriction),

   • emphasize the limited territorial scope and harm-prevention function,

   • keep the request grounded in the EU injunction logic for intermediaries rather than any claim of intermediary liability.

6. Use the ruling as leverage in multi-intermediary strategies.
   Courts like to see that rightsholders are not simply targeting the easiest defendant. Combine DNS with:

   • ISP blocking,

   • search de-indexing,

   • app store takedowns,

   • payment disruption where relevant,

   • hosting/CDN actions where feasible.
     The broader your coherent enforcement story, the harder it is for an intermediary to paint you as overreaching.

7. Think beyond sports: “event-value” framing travels.
   The logic that delay destroys value applies to:

   • paywalled journalism around breaking news,

   • new release windows for film/TV,

   • textbook drops and exam seasons,

   • live concerts / PPV events,

   • high-value software releases.
     Where time-sensitivity is real, the case supports fast, dynamic remedies.