Spain’s LaLiga Crackdown Targets VPNs
Copyright Enforcement Hits the Circumvention Layer
The cat-and-mouse game between football rights holders and streamers has levelled up. Spain is now targeting the tools used to bypass blocks, not just the blocks themselves. If you are in Spain and use NordVPN or ProtonVPN, your digital landscape just got more complicated.
Correction & Update Log
Update (23 Feb 2026): The initial reports by Spanish newspaper elEconomista wrongfully claimed that LaLiga ordered the blanket blocking of VPNs in Spain. The judge involved has since clarified on LinkedIn that this order was never given.
Transparent Note: The actual requirement dictates that VPNs block access to the same list of websites that ISPs are ordered to block. As critics have pointed out, this means blocking hundreds of legitimate websites that have nothing to do with piracy or illegal activities.
Spanish newspaper, elEconomista, wrongfully claimed that LaLiga ordered the blocking of VPNs in Spain.
— Proton VPN (@ProtonVPN) February 20, 2026
The judge has just come out on LinkedIn to clarify that they... never actually gave that order. https://t.co/pReWTPtFki
Proton VPN highlighted the discrepancy, summarising the exchange:
- elEconomista: "A judge has allowed LaLiga to block VPNs!"
- The judge: "I never said that."
The same judge further stated: "I hope you say what you really think and that you have no intention of having Proton VPN block thousands of innocent websites. We will always firmly oppose any attempt to continue vandalising the internet in Spain."
The Court Order
Commercial Court No. 1 of Córdoba
A Spanish commercial court has granted precautionary measures requested by LaLiga and Telefónica Audiovisual Digital. The order requires specific VPN providers – namely NordVPN and ProtonVPN – to block access from Spain to IP addresses verified as hosting illegal match streams.
This is legally significant because the court decisions describe VPNs as "technological intermediaries" within the scope of the EU Digital Services Act framework, and therefore subject to requirements to help prevent infringements using their infrastructure – enforcement that has historically focused more on ISPs. LaLiga and Telefónica describe the precautionary measures as dynamic and "with no right of appeal", alongside the ability to supply updated IP lists as new infringements are detected.
VPN Provider Response
We have become aware of recent reports concerning legal proceedings in Spain that may affect VPN services, including Proton VPN.
— Proton VPN (@ProtonVPN) February 17, 2026
At this stage, we were not aware of any proceedings that may have been underway prior to these reports coming to light and have not been formally notified of any proceedings or judgment.
Moreover, any judicial order issued without proper notification to the affected parties, thereby denying them the opportunity to be heard, would be procedurally invalid under fundamental principles of due process.
Spanish courts, like all courts operating under the rule of law, are bound by procedural safeguards that ensure parties are given a fair opportunity to present their case before any binding judgment is rendered.
Moving "Up the Stack"
Spain has already seen dynamic IP blocking aimed at ISPs. However, since VPNs are the primary method users employ to sidestep those ISP blocks, rightsholders are shifting enforcement "up the stack" to the circumvention layer.
| Feature | Standard ISP Blocking | New VPN Blocking |
|---|---|---|
| Target Point | Consumer Broadband (Access Layer) | Tunnel Provider (Circumvention Layer) |
| Legal Basis | Web Blocking Orders | Court order applying DSA intermediary framework |
| Evasion Difficulty | Low (Use a VPN) | Medium (depends on implementation) |
The measures are described as "dynamic", allowing updated lists of IP addresses to be supplied as new infringements are detected, a strategy affirmed by the Barcelona Commercial Court No. 6 judgment in late 2024. Pirate infrastructure moves quickly – servers spin up and down in minutes. A static court order is obsolete before the ink dries, making dynamic updates critical for enforcement.
Collateral Risks
While dynamic blocking is effective against piracy, it raises significant concerns regarding transparency and collateral damage. In the modern web, IP addresses are often shared. A single IP might host a pirate stream alongside legitimate businesses or services.
Previous dynamic blocking campaigns involving ISPs have drawn criticism when shared infrastructure (such as Cloudflare or Vercel endpoints) was blocked, taking legitimate sites offline. By extending this to VPNs, there is a risk that users in Spain may find legitimate destinations unreachable if the target IP is recycled or shared.
What to Watch Next
The key variable is implementation. How will NordVPN and ProtonVPN technically achieve this? They may need to implement Spain-specific geofencing, preventing users connecting from Spain (or traffic exiting in Spain) from reaching specific IPs. Additionally, it remains to be seen if other VPN providers will be targeted using the same legal logic.
