The President of the Paris court issued three judgments rejecting Cloudflare's claim that DNS/CDN/proxy blocking would be “technically impossible,” too costly, or inevitably “international”...

The “Technical Impossibility” Bluff Just Collapsed

by ChatGPT-5.2

A single sentence in a court order can quietly re-balance an entire enforcement landscape. That is what happened in France on 18 February 2026, when the President of the Paris court issued three judgments rejecting a major infrastructure provider’s claim that DNS/CDN/proxy blocking would be “technically impossible,” too costly, or inevitably “international” and therefore disproportionate. One of those judgments concerns a dispute between Canal+ entities and Cloudflare about piracy of live Premier League broadcasts, and it reads like a practical manual for how courts can treat “infrastructure layer” services when they are being used to facilitate mass infringement.

What the case is about

The plaintiffs are Canal+ companies that hold exclusive audiovisual exploitation rights (via contract) and related “neighbouring rights” as audiovisual communication companies for the broadcasting of the English Premier League in France. The judgment describes a familiar pattern: pirate sites and IPTV services stream live matches “almost systematically,” free of charge, to users in France, undermining a subscription-based sports rights business.

The plaintiffs identified 16 domain names linked to those pirate services and sought an order requiring Cloudflare—in three capacities (DNS resolver, content delivery network, and reverse proxy provider)—to implement blocking measures preventing access from French territory (including overseas territories) on the match days listed in the official Premier League calendar, through the end of the 2025/2026 season. They also sought a “dynamic” mechanism for newly identified services during the season, routed through the national regulator ARCOM (the French Audiovisual and Digital Communications Regulatory Authority), plus penalties for non-compliance and related procedural relief.

Cloudflare resisted on several fronts: standing (who may sue; who may be sued), EU-law compatibility and proportionality, and—most prominently—the “technical impossibility / disproportionate burden” argument: that blocking would be infeasible, costly, would require breaking encryption, could not be meaningfully confined to France, and would be easy to circumvent anyway (VPNs/alternative DNS), making it ineffective and non-deterrent.

The court largely rejected those defenses and granted blocking—while still shaping the order to preserve proportionality and the intermediary’s freedom to choose the technical means of compliance.

The issues at hand (and why they matter beyond sports)

This dispute is not really about football. It is about a question that rights holders across every sector now face: when infringement is delivered at scale through infrastructure services rather than a single “website operator,” can courts order remedies against the infrastructure providers that make access reliable and easy?

The judgment turns that big question into several concrete legal issues:

1) Can a DNS/CDN/proxy provider be targeted as a “person likely to contribute” to stopping infringement?

Under Article L.333-10 of the French Sports Code (a “dynamic blocking” mechanism for sports), rights holders can seek proportionate measures against any person likely to contribute to preventing or stopping serious and repeated infringements. Cloudflare argued that DNS resolution providers should not count as technical intermediaries for these purposes.

The court disagreed, emphasizing that the statute is not limited to ISPs and search engines, and that DNS/CDN/proxy services can be misused to facilitate infringement or circumvent other blocking.

2) Does EU law (including the DSA and the E-Commerce framework) block this kind of injunction?

Cloudflare argued the French mechanism conflicted with EU law and core principles like proportionality and freedom to conduct a business.

The court’s answer is telling for litigators: in a dispute between private parties, Cloudflare could not use a directive (here, the E-Commerce Directive arguments) to force the French court to disapply national law. At the same time, the court repeatedly frames the order as narrow, time-bound, territorial, and non-monitoring, to keep it inside the European proportionality “safe zone” built by CJEU case law.

3) What counts as “serious and repeated” infringement—and how much tracing must a rightsholder do?

The plaintiffs relied on sworn-agent reports showing that the disputed sites streamed matches with images and sound identical to Canal+ channels. Crucially, the court rejected the idea that the plaintiffs had to prove viewers accessed the pirate streams using Cloudflare’s specific DNS service (as opposed to an ISP’s default DNS). Requiring that extra step would make enforcement “unnecessarily complex and costly,” and would undermine the mechanism’s point.

This is a subtle but powerful move: it reduces the evidentiary friction of going after non-default infrastructure services that are often used precisely to evade earlier blocks.

4) Proportionality vs. effectiveness: must the rightsholder try “other measures” first?

Cloudflare argued the plaintiffs should pursue simpler or cheaper alternatives, or start with other intermediaries.

The court rejected the premise: where the legal conditions are met, the rightsholder is not required to prove it exhausted other routes or that other measures are inferior. The proportionality analysis is satisfied by designing the injunction with clear limits (scope, time, territory) and by avoiding a general monitoring obligation.

5) The “technical impossibility” defense: who has to prove what?

Here is the line that will be quoted in many future filings. The court states, in substance: if you claim the order is technically impossible, internationally overbroad, prohibitively expensive, or would require breaking encryption, you must provide quantified and verifiable technical evidence. Assertions are not enough—especially where similar measures have already been ordered and implemented.

That shifts the burden in a way that matters not just for Cloudflare, but for any infrastructure actor that hopes to win by saying “it can’t be done.”

6) Dynamic blocking and regulator orchestration (ARCOM)

The decision also sits inside a broader French model: rights holders can feed newly identified pirate services to ARCOM; ARCOM’s authorized agents verify illegal broadcasting; ARCOM then notifies the intermediaries covered by the court order so they apply the measures for the remainder of the relevant period. The judgment notes the legislature’s intent that cost sharing for blocking measures be set via agreements concluded under ARCOM’s aegis (model agreements).

This is not just “court orders.” It is an enforcement pipeline: courts + regulator + standardized operational agreements.

The most surprising, controversial, and valuable findings

Surprising

1. The court treats “alternative DNS” as legally irrelevant to whether it can be sued. Even if only a subset of users choose that service, it can still be a meaningful contributor to stopping infringement—and therefore a legitimate defendant for blocking.

2. The evidentiary bar for plaintiffs is intentionally kept low enough to be operational. The court refuses to force rightsholders into expensive “prove it was Cloudflare DNS” tracing exercises, acknowledging that complexity itself can become a de facto immunity.

3. The “international scope” objection is handled pragmatically, not philosophically. The court focuses on the order’s intended territorial scope and its practical tailoring, rather than accepting that global infrastructure automatically makes targeted compliance impossible.

Controversial

1. Infrastructure-level blocking always raises overblocking anxiety. DNS and CDN measures can have collateral effects if domains host mixed content or if technical implementation is blunt. The judgment tries to mitigate this through narrow scope (identified domains + subdomains) and time limits, but critics will say the risk is still nontrivial—especially as pirates migrate quickly and reuse shared infrastructure.

2. The court declines penalties (“astreinte”) even while acknowledging enforcement problems in prior cases.Some rights owners will view this as underpowered: if compliance is imperfect, penalties can concentrate attention. The court’s response is essentially: don’t presume future non-compliance; come back if enforcement fails.

3. The dynamic mechanism’s legitimacy depends on trust in the regulator pipeline. ARCOM’s role is central: verification, notification, model agreements, and potentially cost-sharing. In jurisdictions where the regulator is weaker, politicized, or under-resourced, this model may not transfer cleanly.

Valuable

1. The burden-shift on “technical impossibility” is the real prize. Courts often get bogged down when defendants flood the record with technical claims. Here, the court demands quantified, verifiable proof, and notes that the burden lies with the party asserting impossibility—especially where similar measures exist in the real world.

2. The court explicitly rejects the “you must try other measures first” narrative.That matters because defendants routinely argue enforcement must proceed in a particular order (ISP first, then search, then DNS, etc.). The judgment preserves strategic choice for rightsholders.

3. It reinforces the “no general monitoring obligation” boundary. The decision repeatedly frames the order as targeted blocking—not monitoring users, not inspecting content, not requiring collection/storage of connection-attempt data. This is the compliance design pattern that makes such orders easier to defend under European fundamental-rights balancing.

4. It normalizes the idea that DNS/CDN/proxy services perform a “transmission function.” That conceptual move matters because it is the bridge between “we’re neutral infrastructure” and “we are an essential agent in access and delivery, so we can contribute to remedying infringement.”

So what does this mean—and how can rights owners worldwide use it?

Even though this is a French sports-rights case, rights owners across publishing, film/TV, music, software, games, and academic content should read it as a playbook for dismantling the infrastructure-immunity story.

1) Treat “technical impossibility” as an evidentiary issue, not a vibe

If a defendant claims the order would be too costly, too complex, internationally overbroad, or would require breaking encryption, don’t just argue back—force quantification.

Practical move: build pleadings that preemptively ask the court to require “quantified and verifiable” proof of impossibility and to treat unsupported technical assertions as insufficient. Then challenge the defendant’s evidence point-by-point (cost assumptions, feasibility, existing implementations, available tooling, and prior industry practice).

2) Target the “circumvention layer,” not only the origin site

Piracy and leakage ecosystems increasingly depend on infrastructure services that:

• stabilize delivery (CDN),

• obscure origin (reverse proxies),

• or help users bypass earlier blocks (alternative DNS, VPN-related routing).

This judgment supports a strategy of multi-intermediary enforcement, where you treat circumvention tooling as part of the infringement supply chain.

3) Design remedies to look like “proportionate injunctions,” not “monitoring regimes”

The court’s proportionality comfort comes from a repeatable recipe:

• narrow scope (identified domains; subdomains tied to them),

• limited duration (season/12-month frame),

• territorial tailoring,

• freedom for the intermediary to choose technical means,

• explicit rejection of user/content monitoring obligations.

Rights owners can replicate this pattern in other jurisdictions by drafting orders that are consciously engineered to survive fundamental-rights balancing.

4) Reduce proof friction: don’t let defendants impose forensic burdens that kill enforcement

A key enabling point here is the court’s refusal to require plaintiffs to prove access via the defendant’s specific DNS product. That principle—don’t make enforcement unworkably costly—is widely portable as an argument, even where the local statute differs.

Use it whenever defendants try to demand “perfect attribution” of every technical step in a user’s path.

5) Build regulator + court pipelines where possible

The ARCOM mechanism is an institutional innovation: it allows dynamic updating of blocked services without starting new full litigation each time.

Rights owners elsewhere can use this case to advocate for:

• statutory “dynamic injunction” frameworks,

• regulator verification + notice pipelines,

• model agreements and cost-sharing mechanisms,

• standardized reporting from intermediaries about compliance.

Even if your country lacks an ARCOM equivalent, you can argue for a functional substitute (specialist agency, court-appointed technical monitor, or trusted third-party verification process).

6) Use the case as leverage in negotiations with intermediaries

Litigation wins like this often have their biggest impact outside court:

• in voluntary takedown/blocking programs,

• in “trusted notifier” relationships,

• in infrastructure provider policy updates,

• and in contractual leverage (e.g., when a service wants to keep operating in a market without escalating legal risk).

Rights owners can cite this judgment to shift the negotiation posture from “we can’t” to “show your proof—or comply.”

7) Translate the logic beyond sports: the same architecture applies to other rights harms

While the statute here is sports-specific, the underlying enforcement reality is not. The same infrastructure stack supports:

• shadow libraries and pirate streaming,

• large-scale ebook and journal piracy,

• counterfeit software distribution,

• leaked courseware and test banks,

• and distribution of infringing datasets.

The transferable lesson is structural: courts can treat access-enabling infrastructure as a remedy point—without turning them into general monitors—if the order is narrow, time-bound, and evidence-driven.