A Paris court has ordered five of the biggest consumer VPN providers to block a fresh batch of pirate streaming domains in France, and - in the same breath - refused to send the underlying legal questions to the European Union's highest court. The July 18, 2026 rulings turn VPN services into front-line censorship tools alongside internet providers and DNS resolvers, and mark the moment France stopped treating VPN blocking as an experiment and started treating it as routine.
What the Paris court ordered
The Paris Judicial Court issued two separate decisions, both siding with sports broadcasters against the VPN industry. The court dismissed the providers' core arguments - that blocking is ineffective, expensive, and technically hard to limit to France alone - and granted the injunctions anyway.
- beIN Sports (WTA tennis): the broadcaster asked NordVPN, Proton VPN and CyberGhost to block seven domains streaming pirated Women's Tennis Association matches. The court granted all seven.
- Canal+ (Formula 1): the Canal+ Group targeted NordVPN, Proton VPN, CyberGhost, Surfshark and ExpressVPN over sixteen domains carrying pirated F1 streams. Here the court was stricter, approving only five and rejecting eleven for lack of proof that Canal+'s own feed was being used.
In both cases the providers were given just three days from the July 18 order to put the blocks in place. The legal hook is Article L. 333-10 of the French Sports Code, a provision written for live-sports piracy that is now being stretched across the VPN sector.
The EU escape hatch, slammed shut
CyberGhost and ExpressVPN tried to pause the case and send it up to the Court of Justice of the European Union, arguing that the "general and abstract" wording of the French Sports Code deserved scrutiny at the EU level. The Paris court refused, ruling that the E-Commerce Directive has no "horizontal direct effect" in a dispute between private companies. That refusal is the part that should worry the wider industry: it closes off the appeal route that could have set a France-wide question into a Europe-wide answer, and it lets national judges keep expanding the orders case by case.
Why this matters beyond France
This is a direct continuation of the fight we reported when France first ordered ProtonVPN to block a list of pirate domains. What was then a single-provider skirmish is now a systemic template applied to the five best-known names at once. A VPN's entire selling point is that it does not filter or record what you reach; a court that can compel it to maintain a national blocklist has, in effect, converted a privacy tool into another layer of the state firewall.
The ruling also sits awkwardly against the broader legal current in Europe. Only recently the EU's top court held that VPN providers are not liable for how their users bypass geo-blocking, and technical experts - including Google, in a formal submission telling the European Commission that blocking VPNs and DNS is useless and harmful - keep pointing out that these measures punish ordinary users far more than determined pirates, who simply move to the next domain.
For anyone who relies on a VPN for privacy rather than piracy, the practical takeaway is about trust and jurisdiction: where a provider is legally reachable shapes what a court can force it to do to your connection. That is also the strongest argument for understanding the tools you use - what a no-logs policy really guarantees, and where the limits sit - before you pick who to route your traffic through.