Italy's First Porn Site Blocks: What You Need to Know About Age Verification Rules

Italy's national telecom regulator has issued its first enforcement orders to block pornographic websites that failed to implement mandatory age-verification systems, marking a significant escalation in the country's effort to shield minors from adult content online.

The Autorità per le Garanzie nelle Comunicazioni (AGCOM), Italy's communications watchdog, announced on March 18, 2026 that it has compelled internet service providers to block two websites—giochipremium.com and hentai-ita.net—after their operator, Onlab S.R.L.S., repeatedly ignored warnings to comply with age-verification requirements. The move represents the first concrete use of blocking powers granted under controversial child-protection legislation passed in 2023.

Why This Matters:

• All adult sites operating in Italy must now verify users are 18+ or face DNS-level blocking by major ISPs.

• Enforcement deadline for Italy-based and non-EU platforms was November 12, 2025—failures now trigger immediate action.

• Technical mandate: Sites must use age checks that minimize personal data collection while maintaining "adequate security" standards.

• Precedent set: These initial blocks signal AGCOM will aggressively enforce the law, not merely issue symbolic warnings.

The Legal Framework Behind the Crackdown

The enforcement stems from Article 13-bis of Decree-Law 123/2023, commonly known as the Caivano Decree, which took effect in late 2023 following public outcry over youth exposure to explicit material online. The statute requires any website or video-sharing platform distributing pornographic content to Italian users to implement robust age-verification mechanisms before granting access.

In October 2025, AGCOM published detailed technical guidelines—Resolution 96/25/CONS—that spell out exactly how operators must comply. The standards emphasize a balance: verification must be rigorous enough to prevent minors from slipping through, yet designed to minimize the collection and storage of personal data, addressing privacy advocates' concerns about surveillance and identity theft.

The regulation applies differently based on where a company is incorporated. Entities established within Italy or outside the European Union faced a compliance deadline of November 12, 2025. Platforms headquartered elsewhere in the EU operate under a separate timetable, reflecting jurisdictional complexities within the bloc's digital single market.

How the Blocks Unfolded

AGCOM's enforcement process unfolded in stages, reflecting a graduated approach designed to give operators a chance to comply before resorting to outright blocking. During routine monitoring of adult content providers, inspectors identified that giochipremium.com and hentai-ita.net—both operated by Onlab S.R.L.S., a limited liability company registered in Italy—were allowing unrestricted access without any age gate whatsoever.

The regulator formally notified Onlab of the violation and issued a legal notice (diffida) granting the company 20 days to install compliant age-verification systems. When that deadline passed with no action taken, AGCOM moved to the next level: on March 18, 2026, it adopted Resolutions 73/26/CONS and 74/26/CONS, which order all Italian internet service providers classified as "mere conduit" operators to disable DNS resolution for the two domains.

DNS blocking—essentially instructing ISPs to stop translating the websites' domain names into IP addresses—is a blunt but effective tool. Users attempting to visit the sites will encounter error messages or redirect pages. The blocks remain in force until Onlab demonstrates full compliance with the original order, at which point AGCOM can lift the restriction.

What This Means for Residents

For everyday internet users in Italy, the immediate impact is straightforward: access to the two blocked sites vanishes unless users employ technical workarounds like VPNs or alternative DNS servers. But the broader significance extends well beyond two niche platforms.

Expect more blocks in the pipeline. AGCOM has published a running list of sites subject to the Caivano Decree's requirements, and enforcement teams are actively auditing compliance across the industry. Major international adult platforms have already begun rolling out age-verification systems for Italian users, often using third-party identity verification services or credit card checks. Smaller operators, particularly those outside the EU, may face a stark choice: invest in compliance infrastructure or lose the Italian market entirely.

Privacy trade-offs are real. While AGCOM's guidelines stress data minimization, any age-verification system requires users to disclose some form of identity information—whether a government ID, payment card, or digital token. Privacy advocates warn that even anonymized verification creates risks, particularly if databases are breached. Users should scrutinize how sites handle their data and consider whether visiting an adult platform justifies the privacy cost.

Precedent for broader content regulation. The Caivano Decree's enforcement mechanism could serve as a template for regulating other types of online content deemed harmful to minors, from gambling sites to violent video platforms. Italy is testing the limits of what national regulators can accomplish in a borderless internet, setting up potential conflicts with free-speech principles and EU digital governance frameworks.

Industry Reaction and Technical Challenges

Adult content operators face a dilemma. Compliant age-verification systems are expensive to implement and maintain, especially for smaller sites with modest revenue. Some platforms have responded by geoblocking Italian users entirely rather than absorbing the compliance costs. Others have adopted minimalist verification schemes—such as requiring users to click a checkbox confirming they are over 18—that may not satisfy AGCOM's standards and could invite future enforcement action.

The technical details matter. AGCOM's guidelines specify that verification must achieve an "adequate level of security relative to the risk" and respect the principle of data minimization. In practice, this means systems should verify age without storing unnecessary biographical information, ideally using tokenized identity solutions where a third-party verifies age and issues a cryptographic token that the site accepts without learning the user's real identity. Few platforms have invested in such sophisticated infrastructure.

Industry groups have also raised concerns about uneven enforcement. Large international platforms with legal teams and engineering resources can more easily adapt, while smaller Italian startups like Onlab may lack the capital or expertise to comply swiftly. The result could be market consolidation, with a handful of global operators dominating the Italian adult content space.

Legal and Political Context

The Caivano Decree originated from a broader law-and-order package named after a town near Naples where youth crime and social disorder prompted national debate over child protection policies. While the decree's age-verification provisions enjoy broad political support, implementation has been contentious.

Civil liberties organizations argue that mandatory identity checks for accessing legal content infringe on privacy rights and could chill free expression. The Italian Data Protection Authority has yet to weigh in formally, but data protection experts warn that centralized age-verification databases could become attractive targets for hackers or authoritarian misuse.

Meanwhile, the European Union's Digital Services Act (DSA), which took full effect in 2024, establishes harmonized rules for very large online platforms but leaves significant regulatory discretion to national authorities for smaller services. Italy's aggressive stance under the Caivano Decree tests the boundaries of that discretion, and legal challenges invoking EU law are likely if enforcement expands significantly.

What Comes Next

AGCOM has signaled this is just the beginning. The regulator's public registry of non-compliant sites will serve as a hit list for future enforcement rounds, and operators that ignore warnings can expect DNS blocks to follow swiftly. The agency has not disclosed how many additional sites are under investigation, but observers expect a steady drumbeat of blocking orders in the coming months.

For Onlab, the path to restoration is clear but demanding: implement a compliant age-verification system, notify AGCOM, and undergo a technical audit. Only then will the DNS blocks be lifted. Whether the company has the resources or will to comply remains uncertain.

The broader question is how Italy's approach will influence other EU member states. France, Germany, and Spain are all debating similar measures, and Italy's experiment with DNS-level blocking could either serve as a model or a cautionary tale—depending on how the legal, technical, and political challenges unfold over the next year.