In a move that fundamentally threatens the neutrality of internet infrastructure, a Spanish court has ordered two of the worldâs leading privacy providersâNordVPN and ProtonVPNâto actively block websites accused of streaming illegal football matches.
The order, issued by Commercial Court No. 1 of CĂłrdoba on February 17, 2026, was granted inaudita parteâmeaning âwithout the other party being heard.â Neither NordVPN nor ProtonVPN were notified of the proceedings, nor were they given a chance to defend themselves before the hammer dropped.
This isnât just about football. It represents a dangerous shift in how Europe views privacy tools: no longer as neutral security utilities, but as accomplices to be commandeered by private corporations.
The Order: âDynamicâ Censorship
The ruling serves the interests of LaLiga (Spainâs top professional football division) and its broadcast partner, TelefĂłnica. Under the mandate, the VPN providers are required to block access to a âdynamic listâ of IP addresses provided by LaLiga.
Unlike traditional court orders which target specific, static domain names (e.g., piratesite.com), this order allows LaLiga to continuously update the blacklist in real-time as new servers pop up. The court seemingly accepted LaLigaâs argument that VPNs fall under the EU Digital Services Regulation (DSA), classifying them not as mere conduits of data, but as âtechnological intermediariesâ with a legal duty to prevent copyright infringement.
Proton Mailâs Legal Battle for Privacy: Challenging Australiaâs eSafety Regulator
Crucially, the court explicitly noted that these measures are non-appealable in the immediate term, stripping the defendants of standard legal recourse.
The âDue Processâ Vacuum
The most alarming aspect of this ruling is the procedural shortcut used to obtain it. By filing for inaudita parte measures, LaLiga effectively successfully argued that notifying the VPN companies would defeat the purpose of the order.
ProtonVPN immediately pushed back on social media, exposing the absurdity of the situation:
âAny judicial order issued without proper notification to the affected parties, thereby denying them the opportunity to be heard, would be procedurally invalid under fundamental principles of due process.â
NordVPN echoed this sentiment in a statement to the press, noting they hadnât even received the court documents yet:
âWe were not part of any Spanish judicial proceedings to our knowledge⌠Given such judgments impact on how the Internet operates, such an approach by rightsholders is unacceptable.â
This creates a chaotic legal standard where a private entity (LaLiga) can effectively rewrite the firewall rules of global security companies without those companies ever stepping foot in a courtroom.
Denmark Withdraws VPN Ban After Public OutcryâBut the Global War on VPNs is Just Beginning
Technical Theater: Why It Wonât Work
Beyond the legal overreach, the ruling betrays a profound misunderstanding of how the internet works. LaLigaâs strategy relies on a game of âWhack-a-Moleâ that they cannot win.
- The Subdomain Shuffle: As NordVPNâs spokesperson Laura Tyrylyte pointed out, âPirates can easily bypass the restrictionsâ by simply spinning up new subdomains or shifting to new hosting providers. Blocking an IP address is a temporary inconvenience for a pirate, not a permanent solution.2. The âFree VPNâ Loophole: The order targets premium, compliance-focused companies like Nord and Proton. However, the vast majority of piracy traffic flows through sketchy, free VPNs or decentralized networks that have no legal presence in Spain and will simply ignore the court order.3. Collateral Damage: Blocking IP addresses is a blunt instrument. In modern cloud hosting (like Cloudflare or AWS), a single IP address can host thousands of legitimate websites alongside one pirate stream. By forcing VPNs to block these IPs, the court risks knocking offline innocent businesses, blogs, and services that happen to share a server with a soccer stream.
UAEâs Battle Against VPN Abuse in The Digital Age: Safeguarding the Cyber Realm
The Dangerous Precedent
This ruling aligns with a growing trend in Europe, following similar aggressive moves in France. The strategy is clear: if you canât catch the pirates, threaten the infrastructure they use.
LaLigaâs announcement tellingly complained that VPNs advertise their ability to âevade restrictions.â They view privacy featuresâmasking your location and encrypting your trafficâas inherent evidence of guilt.
If this legal theory holds, it threatens the core value proposition of any VPN. If a VPN provider is forced to inspect traffic or blindly blacklist IPs at the behest of a copyright holder, they are no longer a âVirtual Private Network.â They become a filtered proxy service for the state.
For now, users in Spain are left in limbo, and privacy advocates worldwide are watching closely. If a copyright claim is enough to bypass due process and break internet infrastructure in Spain, it wonât be long before other industriesâand other governmentsâtry to do the same.
Russiaâs WhatsApp and VPN Restrictions: Separating Fact from Fiction