Cloudflare has released its latest transparency report, covering the first half of 2025. This report is part of an ongoing commitment to transparency, published biannually to detail how legal requests for customer information and reports of service abuse are managed. Over more than a decade of publishing these reports, the company has continuously adapted its reporting and commitments to reflect its growth and changes. Recent updates to the report format aim to make it even more comprehensive and accessible.
The transparency report typically includes updates on Cloudflare’s approach and the types of requests received. For the first half of 2025, there are significant updates, though the report itself can only provide so much detail on the figures.
This article offers a deeper look into one specific area: Cloudflare’s strategy for addressing streaming and copyright infringement claims. With the rise of AI tools and other systems for abuse, malicious actors have become increasingly sophisticated in their attempts to stream copyrighted content, often employing methods to conceal their activities. Cloudflare has responded by developing new methods to tackle allegations of streaming and copyright infringement. This involves close collaboration with rightsholders to more effectively identify domains and accounts potentially engaged in streaming, thereby accelerating response times and better pinpointing potential risks.
This initiative aligns with the shared goals of policymakers, rightsholders, and online service providers to prevent the pirated streaming of sports and other events online. Those who infringe legitimate intellectual property rights through unauthorized streaming may also misuse Cloudflare’s services, potentially affecting performance, costs, and reliability for legitimate users. This common interest in detecting and responding to unauthorized streaming has fostered opportunities for partnerships and improved information sharing. Preventing unauthorized streaming is a complex challenge that necessitates such collaborations, as streamers constantly devise new ways to evade detection and preventive measures.
Innovating to address abuse and identify new threats
With approximately 20% of the internet relying on Cloudflare’s network, establishing intelligent and scalable abuse processes is essential. Even as a smaller entity with fewer services, the importance of creating a system that efficiently directs abuse reports to the appropriate parties—typically the website owner or hosting provider—was recognized. The aim was to facilitate the delivery of abuse allegations to these entities without compromising their security.
As new services have been developed, a service-specific approach to abuse has been implemented, considering the nature of the services, legal requirements, and human rights. This means that hosted content is handled differently from content on websites utilizing Cloudflare’s security and CDN services, a distinction reflected throughout the transparency report.
Beyond responding to individual abuse reports, the value of systems that learn from received reports is acknowledged. Efforts to identify abuse patterns not only enhance the ability to detect and mitigate abuse on the network but also improve protection for customers against a wide array of cyber threats.
Rapid advancements in AI and technology continuously present new challenges and opportunities. Malicious actors have learned to leverage AI for quickly launching sophisticated phishing campaigns or distributing unauthorized streaming traffic to avoid detection. Large Language Models (LLMs) can also be misused to generate high volumes of low-quality or even malicious abuse reports.
Conversely, the application of machine learning and AI to the vast amounts of traffic and information within Cloudflare’s network has enabled the creation of new tools to detect and mitigate abusive behavior. Cloudflare has developed automated systems capable of managing the scale of these issues while more accurately identifying genuine abuse. In 2024, as indicated by a temporary increase in phishing actions reported in its abuse transparency report, Cloudflare expanded the use of automated systems to address technical abuse reports like phishing. Behind the scenes, similar measures have been taken to identify new patterns of abusive behavior, aiming to prevent malicious actors from using the services in the first place.
Recognizing that malicious actors are unlikely to cease their efforts, Cloudflare has continued to innovate in 2025. The company is exploring new methods to understand and respond to abuse, with the goal of identifying and pursuing strategies that offer the most promising long-term impact.
Technical responses to streaming abuse
Cloudflare has consistently maintained that all websites, regardless of size, deserve a secure, fast, and reliable online presence. To ensure that cyberattacks do not incur costs for users, a free plan for websites has been available since Cloudflare’s inception in 2010. This system, which provides free cyberattack protection globally, functions effectively because typical websites do not consume significant bandwidth.
Streaming, however, presents a different challenge. Each second of video streaming can require as much bandwidth as loading an entire webpage. To sustain the provision of free services, the use of free services for delivering streaming video has always been restricted. While most customers adhere to these limitations and understand their role in enabling free service provision, some users occasionally attempt to misconfigure services for video streaming.
In the first half of 2025, Cloudflare collaborated with several major rightsholders to combat unauthorized streaming. This collaboration involved providing rightsholders with an API for streamlined reporting, offering feedback on report quality to ensure actionable information, and, after verifying reports against internal metrics, implementing large-scale responses to streaming reports.
These efforts yielded positive results, improving the ability to identify and address unauthorized streaming. The engagement led to a substantial increase in DMCA reports received by Cloudflare for websites using its hosted services, rising from approximately 11,000 in H2 2024 to about 125,000 in H1 2025. This also accelerated the notice and takedown process, with actions taken in response to 54,000 reports, compared to 1,000 reports in H2 2024. Information from these reports helped identify additional signs of abusive behavior, resulting in the termination of hosting services for another 21,000 accounts.
Cloudflare also utilized information from rightsholders to enhance its technical tools for preventing unauthorized streaming over its network by websites using non-hosted services. To continue offering free and low-cost services to static websites, action may be taken against websites using these services if they appear to be streaming, irrespective of copyright infringement. Over the years, various tools have been developed to identify and restrict this type of streaming. While rightsholders’ streaming reports focus on infringement, these reports serve as valuable signals to inform technical tools and improve response. Close collaboration with rightsholders has not only improved response times for specific abuse reports but has also helped prevent thousands of similar websites from attempting unauthorized streaming over the network before being identified as infringing.
Insights into streamer tactics and techniques gained from these efforts contribute to broader cybersecurity initiatives. For instance, earlier this year, information from the streaming program assisted a smaller customer whose services were being unknowingly abused to host streaming content. Understanding how illegal streamers accessed and misused their services allowed for guidance and tools to prevent such behavior.
Despite significant progress on this issue, it is anticipated that streamers will adapt their behavior in response to the measures taken. Cloudflare’s efforts are ongoing, with a continued search for innovative ways to prevent and address this form of abuse.
Addressing blocking demands
While Cloudflare has been working with rightsholders on real-time technical solutions for streaming, many regulators and rightsholders have adopted a less refined approach: pursuing legally mandated internet blocking. A lack of technical expertise or indifference can lead to significant overblocking of legitimate websites, often without transparency or accountability. The view shared by civil society groups like the Internet Society is that the most effective method remains removing illegal content at its source.
A notable instance of overblocking involves the Spanish football league LaLiga. Through ISPs in Spain, LaLiga has implemented widespread blocking of IP addresses shared by thousands of websites during matches, without government oversight. This has resulted in severe internet outages across Spain during match times. The disproportionate impact of IP address blocking is well known. Despite this, LaLiga has shown no remorse for blocking numerous unrelated websites, implying that its commercial interests should outweigh the rights of Spanish internet users to access the broader internet during matches. Although this approach disregards established legal principles requiring proportionate blocking, the Spanish government has not intervened to protect the rights of its internet users. Given these clear harms and the lack of sufficient government oversight, no concrete evidence suggests that such blunt blocking efforts effectively resolve the issue.
Cloudflare believes that regulators and rightsholders are responsible for seeking proportionate methods to prevent online infringement. Collaborative work with service providers is considered the most effective way to address abuse without fundamentally harming the internet. As demonstrated by the LaLiga example, infrastructure-layer blocking is often overly broad, lacks transparency, and proves ineffective.
Despite significant concerns about blocking, particularly how rightsholders have leveraged it for commercial gain over the rights of ordinary internet users to access lawful content, Cloudflare has explored ways to apply blocking more targetedly and proportionately. Generally, blocking has been found to have limited effectiveness, as determined users often find ways to circumvent restrictions. Nevertheless, Cloudflare has complied with valid orders related to its CDN services that uphold human rights principles concerning proportionality, due process, free expression, and transparency. In jurisdictions with laws allowing for content blocking and providing appropriate oversight, Cloudflare may geoblock websites to restrict access through its CDN services in the relevant region.
Cloudflare has never implemented blocking through its public DNS resolver. As previously stated, demands to block via public DNS are seen as contrary to the vision of an open internet and would necessitate creating new tools incompatible with the resolver’s design. Litigation continues against efforts to mandate such capabilities. Cloudflare has, at times, geoblocked access to websites through its CDN and security services in response to DNS blocking orders.
In the first half of 2025, Cloudflare observed a notable increase in blocking orders received in Europe. Private rightsholders secured multiple orders instructing Cloudflare to block website access in Belgium, France, and Italy. While Cloudflare has contested certain aspects of these orders, steps have been taken to comply by geoblocking access to the affected websites in the respective countries via its CDN and security services.
Cloudflare also began implementing UK court orders that directed other service providers to block websites identified as primarily dedicated to copyright infringement. Based on a voluntary agreement with rightsholders, Cloudflare is geoblocking websites subject to these orders through its pass-through CDN and security services. When action is taken on domains under these orders, an interstitial page displaying a 451 status code is presented to visitors, directing them to the specific order, which includes a process for affected parties to challenge the blocking action.
Example of a 451 error page in the UK.
Efforts in the UK to block content based on an infringement finding in an order directed at a third party reflect a desire to experiment with more targeted approaches, contrasting with the overblocking observed in other European countries. This also acknowledges that the UK’s system incorporates important protections regarding proportionality, due process, and transparency, including avenues for affected parties to seek redress. The impact of this approach is currently being monitored, with the understanding that the course can be altered if the system is found to be abused.
Finally, the first half of 2025 saw an expansion in the types of content for which blocking has been requested. Official government notices were received from France and Belgium regarding websites using Cloudflare’s hosted services that were illegally offering gambling services in those jurisdictions. In both instances, the notice was shared with the customer, who then took action to resolve the issue. This demonstrates the advantage of connecting customers directly with government regulators to address website issues, rather than immediately resorting to blocking demands.
Looking forward
Cloudflare remains committed to collaborating with rightsholders and regulators to identify effective and proportionate methods for addressing online abuse. As a company that values transparency, its biannual transparency reports serve to outline the principles applied in this work and in responding to abuse reports or customer information requests more broadly. Further details and data are available here.
