Cloudflare’s New AI Defaults Could Cost You Traffic

Cloudflare has made AI bot filtering the default for new sites. The new settings, announced last week, automatically block AI bots from scraping website content unless they are explicitly allowed or have agreed to compensation. If you’ve added a site to Cloudflare recently, you’ve probably noticed these settings as one of the first steps in their updated onboarding flow.

The change is part of a broader initiative to enforce what Cloudflare calls “content independence,” aimed at stopping unauthorized use of web content for AI training or summarization. AI crawlers that do not pay or negotiate permission will be blocked from accessing sites protected by Cloudflare unless site owners opt in by changing the Cloudflare default settings.

The new program includes a pay-to-crawl option where AI companies can register and pay a fee per thousand requests. Otherwise, their bots will receive a 403 Forbidden response.

Cloudflare’s policy comes as scrutiny grows over how AI companies use public content. Cloudflare seems to be positioning itself as an enforcer of content rights, especially for publishers and media companies concerned about uncompensated reuse.

Sounds good right? Not so fast… let’s take a closer look.

Blocking AI bots could create serious visibility issues for websites that are more concerned about content marketing than content licensing. AI overviews are now the default in Google SERPs, and sites that block AI crawlers may find themselves excluded from mentions altogether.

Here’s the key question for us and our clients: Are you publishing to get paid for your words, or to get people to pay you for something else?

For many businesses and organizations, content is a means to gain visibility and attract customers, not a product to monetize directly. In those cases, being discoverable by AI tools may be more valuable than protecting content from being summarized.

Blocking bots might feel like protection, but invisibility is a high price to pay for control.

EU Digital ID Wallet Puts Citizens in Control of Their Data

• The EU Digital Identity Wallet is a new initiative that aims to give every EU citizen a secure and standardized way to store and share digital credentials such as IDs, diplomas, prescriptions, and bank account information.
• The wallet is designed to function across all 27 member states, supporting both public services (like applying for a passport) and private-sector uses (like renting a car or verifying age).
• Adoption is not mandatory for citizens, but all member states are required to offer at least one wallet app, either developed by the government or a private provider. Each wallet must meet strict technical architecture and reference framework standards published on GitHub.
• Unlike many commercial digital ID systems, the EU wallet is decentralized and user-controlled, with users deciding which data to share and with whom. It will use verifiable credentials and cryptographic proofs to ensure security and privacy.
• The wallet also aims to reduce reliance on Big Tech logins by offering a government-backed alternative for secure authentication across services.
• The wallet is being rolled out through a series of large-scale pilots across Europe, including use cases like hotel check-ins, university enrollment, and prescription fulfillment.
• The system is built on open standards like W3C Verifiable Credentials and follows a self-sovereign identity (SSI) model that puts users in full control of their identity data.
• The first production-ready versions of the wallets are expected later this year.

These Privacy Laws May Reshape Web Requirements in 2025

• Several major privacy regulations are expected in 2025 that could significantly impact website compliance requirements.
  • The EU’s ePrivacy Regulation, intended to replace the current ePrivacy Directive, remains stalled but could be revived, especially after the European Parliament elections.
  • The UK’s Data Protection and Digital Information Bill (DPDI) would simplify some GDPR rules and shift enforcement power to a new Information Commission. It is expected to pass sometime this year.
  • In the U.S., the American Privacy Rights Act (APRA) is the most serious federal data privacy proposal yet. It has bipartisan support and would override most state privacy laws.
  • A newly introduced bill in New York, the Digital Fairness Act, could bring one of the strictest state-level frameworks yet, with broader definitions of sensitive data and an opt-in model.
• Read more about how these new laws could impact your clients as Termageddon’s Trevor Willingham shares his insights on The Admin Bar blog.

Worth a Look

• Is Your Agency Ready for the European Accessibility Act? Equalize Digital’s Amber Hinds talks about the issues with Kyle Van Deusen.
• Create your own color contrast checker using this nice tutorial from Esther Vaati.
• Google’s AI Overviews are a target of a new EU anti-trust lawsuit.
• What if CSS could think for itself? An interesting read from Gabriel Shoyombo
• Automattic’s plan to migrate Tumblr’s backend to WordPress has been placed on hold.
• The State of Devs has released its 2025 survey results.
• How generative AI is making running an online business a nightmare.