From DNS blocking to domain name seizure: towards stronger enforcement of illegal sites Towards new frontiers in digital enforcement: domain name seizure as a global tool

However, these measures often referred to as 'IP and DNS blocking', although useful, have obvious limitations in terms of effectiveness and possibility of circumvention.
Starting from this consideration, this in-depth study proposes a reflection on a possible instrument that has not yet been adopted in our system: the direct seizure of domain names, which already exists in US law. A measure that could represent a quantum leap in digital enforcement, with a concrete impact that is difficult to circumvent.

The current tools: DNS blocking, IP blocking and court orders
Established practice sees, as the main measure, the blocking of DNS (1) resolution of domain names, more precisely of Fully Qualified Domain Names (FQDN) (2)  . Providers are obliged to prevent their DNS from translating the site name into an IP address, making the domain unreachable to Italian users. Sometimes, this measure is accompanied by the blocking of routing to specific IP addresses.
One of the first and most important case law precedents is represented by the decision of the Court of Bergamo (3), which sanctioned the legitimacy of preventive seizure as a tool to order access providers to inhibit the connection. This was a real measure, applied as a precautionary measure, with the aim of interrupting the dissemination of content in breach of copyright that was taking place through the BitTorrent tracker site known as ThePirateBay.
Another relevant case is that of the well-known BtJunkie site, in which the Cagliari Public Prosecutor's Office adopted, perhaps for the first time in Italy, a Public Prosecutor's Order directly requesting the inhibition of access to certain domains. In the BtJunkie case (Order of the Public Prosecutor of the Prosecutor's Office of Cagliari of 21 April 2011), an injunction was ordered, through the Guardia di Finanza, to inhibit access to the site www.BtJunkie.org, the digital maxi-platform to download music, films, books and video games illegally, in some way the heir of the Pirate Bay. This order was adopted on the basis of the legislation on electronic commerce, i.e. Articles 14 et seq. of Legislative Decree No. 70 of 2003, which provide that the judicial authority may demand, even as a matter of urgency, that the ISP prevent or put an end to the violations committed.

AGCOM's role in administrative enforcement
With the entry into force of AGCOM Regulation No. 680/13/CONS (later amended by Resolution 490/18/CONS) (4), a rapid administrative tool was introduced for the protection of online copyright. Right holders can report entirely unlawful content or sites, quickly obtaining a determination that obliges providers to block access, by DNS or IP inhibition.
This procedure constituted an important development for enforcement, but was further enhanced with the approval of Law No. 93 of 14 July 2023 (5)  , which introduced new urgent measures to combat digital piracy.
Among the main innovations is the emergence of PiracyShield, a technology platform operational from 2024 and managed by AGCOM, which enables:
•   to shorten the intervention time for useful inhibition and limit copyright infringements to a maximum of 30 minutes after notification:
•    automated notification of ISPs, who must immediately block the IPs and FQDNs involved;
•    direct access by licensed audiovisual and sports operators through a secure backend system.
Law 93/2023 also introduced administrative sanctions of up to EUR 5,000 for users who voluntarily access unlawful content (Article 1(7)), and granted AGCOM enhanced powers in the precautionary and investigative phases.
This procedure has led to a significant increase in the effectiveness of enforcement actions, but remains confined to a national dimension and does not act on the domain itself, but only on the accessibility through the data connections provided by the operators reached by the injunction request.
In this context, Italy is at the forefront at European level, endowing itself with a hybrid enforcement system that combines technological readiness, streamlined administrative tools and the possibility of coordination with the ordinary judiciary. However, even PiracyShield, although innovative, acts at the access level: the hypothesis of domain name seizure could represent the missing piece to make the response even more structural and global.

Structural limits of current instruments
Notwithstanding the above, which highlights the diligence of the national legislator in reacting to new hacking technologies, we must also point out that there are still known and significant limitations in the current system, such as
- Ease of circumvention: alternative DNS, VPNs and mirror sites make it possible to bypass blocks.
- Proliferation of substitute domains: operators of illicit sites quickly replicate content.
- Territorial limitation: blocking is only effective for Italian users. For this, it is necessary to evaluate instruments capable of striking at the root of the illicit digital infrastructure.

Domain name seizure: an opportunity for Italy
The direct seizure of a domain name takes the form of a real precautionary measure applicable to the domain as an intangible asset. Technically, it may entail the suspension, deactivation or forced transfer of the domain, rendering it unreachable on a global scale.
In the United States, this practice is well established. In coordinated operations between the FBI, ICANN and accredited registrars (e.g. GoDaddy, VeriSign), domains used for cybercrime, piracy or counterfeiting are seized, as happened in the notorious 'Operation In Our Sites' and 'Card Shop Seizure'. A recent emblematic example of the application of domain name seizure is the international operation that led to the closure of Garantex, a Russian-based cryptocurrency exchange. In March 2025, the US Department of Justice, in cooperation with Germany and Finland, seized the online infrastructure of Garantex, accused of facilitating money laundering for transnational criminal organisations and violations of international sanctions. As of 2026, Garantex had processed cryptocurrency transactions worth at least $96 billion (6).
At the same time as the domain seizure, the indictments of two Garantex administrators were made public, accused of money laundering conspiracy and other violations. This intervention marked a significant blow to money laundering operations via cryptocurrency, demonstrating the effectiveness of domain name seizure as an enforcement tool.
This case highlights how the seizure of domain names can be used effectively to dismantle digital infrastructures involved in illicit activities on a global scale, offering an operational model that could also be adopted in Italy to deal with similar threats in cyberspace.In Italy, however, this tool has not yet been adopted in ordinary judicial proceedings, although it is potentially compatible with Article 321 of the Code of Criminal Procedure (preventive seizure) (7) , if the domain is used as a tool for the commission of a crime.

What would be the advantages of applying also in Italy the seizure of domain names under Article 321 of the Code of Criminal Procedure?
-    Global impact: the domain becomes unreachable everywhere.
-    Difficult to circumvent: loss of the possibility of redirecting incoming traffic to new domain names/ sites.
-    Deterrent effect: greater disincentive for illegal operators.

Operational and legal challenges
- Jurisdiction and territoriality: many registrars are foreign, agreements would be needed (which are not currently being discussed) or international rogatory letters (which would lengthen the time)
- ICANN's role (8) : there is a need for international institutional cooperation that can assist global harmonisation on this issue
- Protection of rights: seizure must be balanced with defence guarantees, especially in cases of abuse of alerts (always a long-standing problem in telematic areas and one that has led to numerous criticisms of the measures taken by national authorities over the years)


Insight Box:
The ICANN guide for preparing domain name seizure and takedown orders
In March 2012, ICANN published a document entitled 'Guidance for Preparing Domain Name Orders, Seizures & Takedowns' (9). This document provides detailed guidelines for legal and regulatory authorities on how to draft effective orders for the seizure or deactivation of domain names. The aim is to facilitate cooperation between authorities and domain registration service providers by ensuring that requests are clear and contain all the necessary information for rapid execution.
The guide emphasises the importance of understanding the operational components of the domain name system (DNS), including registration services, the DNS itself and WHOIS services. It also provides a checklist of information to be included in legal orders, such as domain details, required actions and contact information of the parties involved. This tool is a valuable resource to harmonise domain seizure procedures internationally, promoting a standardised and collaborative approach to tackling illicit online activities.

Future perspectives: a proposal for regulatory harmonisation
The Digital Services Act (10) opens up interesting perspectives. In particular, Art. 8 of the European regulation (EU Regulation 2022/2065) provides for the possibility for member states to designate competent authorities to take precautionary measures, including emergency measures. Despite the publication of the Regulation in the year 2022, this provision has not yet found concrete application.

Conclusion
DNS and IP blocking, represent fundamental tools for online protection. However, it is clear that it is necessary to think about an evolution of the regulatory and operational framework, which would allow one to act directly on domain names, disabling the very basis of illicit activities.
Domain seizure could become the pivotal tool of a new, more incisive, integrated and global digital enforcement.
We therefore believe that it would be desirable:
-    A national regulatory intervention expressly recognising the seizure of domain names.
-    A harmonised European mechanism for extra-territorial interventions, in synergy with registrars.
-    A protocol shared between judicial authorities, AGCOM and bodies such as EURid or ICANN.

***************************************************************************************

Notes:

(1) The meaning of DNS (Domain Name System, plural DNSs) is literally Domain Name System. It is a fundamental component of the Internet, but one that is often overlooked or misunderstood. In simple terms, the DNS acts as a bridge between human-readable web addresses, such as www.agendadigitale.eu, and the IP addresses used by machines, such as 3.165.255.25
(2) The term 'Fully Qualified Domain Name' is the complete domain name for a specific computer or host on the Internet. A fully qualified domain name consists of two parts: the host name and the domain name. To give an example, an FQDN is typically the web address www.agendadigitale.eu, which on the web identifies Agendadigitale. In this case, www is the host name in the domain agendadigitale.eu.
(3)  Court, Bergamo, ordinance 01/08/2008 no. 3277
(4)   https://www.agcom.it/provvedimenti/delibera-490-18-cons
(5)  https://www.gazzettaufficiale.it/eli/id/2023/07/24/23G00103/sg
 (6)  Ref. URL
(7)  Operative part of Art. 321 Code of Criminal Procedure
Sources → Code of Criminal Procedure → FOURTH BOOK - Precautionary measures → Title II - Real precautionary measures → Chapter II - Precautionary seizure
1. When there is a danger that the free availability of a thing pertaining to the offence [253] may aggravate or prolong the consequences of the offence or facilitate the commission of other offences, at the request of the public prosecutor, the judge competent to rule on the merits shall order its seizure by reasoned decree [262 3](1). Before the prosecution is brought [405], the judge in charge of preliminary investigations shall do so.
2. The judge may also order the seizure of the property for which confiscation is permitted [240 of the criminal code](2).
2-bis. In the course of criminal proceedings relating to offences provided for in Chapter I of Title II of Book II of the Penal Code, the judge shall order the seizure of the assets which may be confiscated.
3. The seizure shall be immediately revoked at the request of the Public Prosecutor or of the person concerned when the conditions for its applicability envisaged in paragraph 1 are no longer met, also due to facts which have arisen. In the course of the preliminary investigations the Public Prosecutor shall decide by reasoned decree, which shall be notified to those entitled to appeal. If there is a request for revocation from the person concerned, the public prosecutor, when he considers that it should be rejected even in part, shall forward it to the judge, to whom he shall submit specific requests as well as the elements on which he bases his assessments. The request shall be transmitted no later than the day after it is lodged with the secretariat.
3-bis. In the course of the preliminary investigation, when it is not possible, due to urgency, to wait for the order of the Judge, the seizure is ordered by reasoned decree of the Public Prosecutor. In the same cases, prior to the intervention of the public prosecutor, the seizure shall be carried out by officers of the judicial police, who, within the following forty-eight hours, shall transmit the report to the public prosecutor of the place where the seizure was carried out [386]. The latter, if he does not order the restitution of the seized things, shall apply to the judge for validation and the issuance of the decree provided for in paragraph 1 within forty-eight hours from the seizure, if ordered by the same public prosecutor, or from the receipt of the report, if the seizure was carried out on the initiative of the judicial police.
3-ter. The seizure loses its effectiveness if the terms provided for in paragraph 3-bis are not observed or if the judge does not issue the validation order within ten days of receipt of the request. A copy of the order shall be notified immediately to the person from whom the property has been seized.
(8)  ICANN is an international management body, set up on 18 September 1998 to continue the numerous management tasks related to the Internet that were previously devolved to other bodies. URL reference: https://www.icann.org/
(9)  Ref. URL
(10)  https://www.agendadigitale.eu/mercati-digitali/digital-services-act-cose-e-cosa-prevede-la-legge-europea-sui-servizi-digitali/