During the first three months of 2026, government-ordered internet blackouts were a major theme, with prolonged online outages in both Uganda and Iran — a sharp contrast to the near-absence of such government-imposed shutdowns during the same period the previous year. This quarter also saw a range of power failures disrupting internet access, including three separate collapses of Cuba’s national power grid. Military operations continued to interfere with connectivity in Ukraine and also affected major cloud infrastructure providers in the Middle East. Severe weather knocked out internet service in Portugal, while damaged cables disrupted connections in the Republic of Congo. A technical glitch impacted Verizon Wireless in the United States, and unidentified issues briefly cut off service for customers of providers in Guinea and the UK.
This post serves as a high-level summary of observed and confirmed disruptions and is not meant to be a comprehensive or exhaustive list of all incidents that occurred during the quarter. A more extensive catalog of detected traffic anomalies can be found in the Cloudflare Radar Outage Center. Note that both bytes-based and request-based traffic graphs are referenced throughout this post to illustrate the impact of each disruption, with the chosen metric typically selected based on which one more clearly conveys the severity of the event.
Government-directed shutdowns
Leading up to the January 15 presidential election, Uganda’s government ordered a nationwide internet blackout. The Uganda Communications Commission (UCC) directed mobile network operators to cut off public internet access, effective at 6:00 PM local time (15:00 UTC) on January 13. The UCC reportedly justified the shutdown as necessary to “curb misinformation, disinformation, electoral fraud and related risks.” Domestic traffic at the Uganda Internet Exchange Point (UIXP) plummeted from approximately 72 Gbps to just 1 Gbps as a result of the measure.
Similarly, Cloudflare data shows an almost total disappearance of traffic from Uganda coinciding with the start of the shutdown, with traffic remaining effectively at zero through 11:00 PM local time (20:00 UTC) on January 17, when internet connectivity was partially restored after incumbent President Yoweri Museveni was declared the winner of his seventh term.
Full internet restoration was announced by the UCC on January 26, with mobile network operators MTN Uganda and Airtel Uganda both confirming via social media that the restrictions had been lifted. The shutdown triggered lawsuits against the UCC and the telecom companies and drew criticism from digital rights organizations including CIPESA.
Uganda had also blocked internet access during its 2021 election. Authorities had repeatedly promised this time would be different, asserting as recently as January 5 that “claims suggesting otherwise are false, misleading.”
Iranian citizens spent a significant portion of Q1 2026 offline or with severely restricted connectivity due to two nationwide internet shutdowns. The first began around 8:00 PM local time (16:30 UTC) on January 8, and we examined the impact observed over the initial days in our What we know about Iran’s internet shutdown blog post. Traffic from Iran remained near zero until January 21, when a small amount of traffic returned, only to vanish again a little over 24 hours later. A similar brief restoration also occurred on January 25, before traffic began recovering more substantially starting January 27.
A near-total loss of announced IPv6 address space began several hours before the traffic drop on January 8. Asiatech (AS43754) was by far the single largest contributor, dropping 4.46 million /48-equivalents, accounting for roughly 9.4% of Iran’s total IPv6 address space loss on its own. RASANA (AS31549) was the second-largest, dropping 4.19 million /48-equivalents (approximately 8.8% of the national total). As expected, this caused the share of IPv6 traffic in Iran to fall to zero. Given the timing gap between this change and the nationwide traffic loss, this may have served as an early warning sign of what was about to unfold, though it was likely not a direct cause. Some minor shifts in announced IPv4 address space were observed during the shutdown, but levels remained fairly stable throughout the outage period. These observations suggest the shutdown was implemented through other means, such as traffic filtering.
Cloudflare Radar social media posts (X, Bluesky, Mastodon) throughout January and into early February documented our observations regarding the state of connectivity in Iran over the course of that month.
On February 28, as military strikes on Iran intensified, a second nationwide internet shutdown began. Cloudflare Radar detected a sharp decline in traffic from Iran starting around 10:30 AM local time (07:00 UTC). Traffic levels fell to well below 1% of prior levels, with only small amounts of web and DNS traffic leaving the country.
No significant shifts in announced IP address space were observed around the onset of this shutdown. IPv4 space remained fairly stable, and IPv6 space continued to be persistently volatile, indicating that route withdrawals were not the cause of this second shutdown.
The ongoing announcement of IP address space, along with some residual traffic from the country, supports the conclusion that the shutdown was achieved through intensive filtering, using so-called “whitelists” and “white SIM cards” to restrict approved websites to select users.
Iran stayed effectively offline through the end of the quarter. As of late April, this disruption remains largely in place, qualifying it as one of the longest sustained internet outages in recent memory.
On March 15, the Republic of Congo held a presidential election expected to further extend President Denis Sassou Nguesso’s 42-year rule, and a nearly complete blackout of internet connectivity was observed nationwide. Traffic from the country plummeted around 06:30 local time (05:30 UTC), falling close to zero for approximately 60 hours over the election period and its immediate aftermath. Traffic began to recover around March 17 at 18:20 local time (17:20 UTC), quickly rebounding to pre-shutdown levels. Although Congolese officials provided no formal explanation for the traffic drop, comparable shutdowns had previously been enacted during the 2021 and 2016 elections.
On January 7–8, Russian attacks on energy infrastructure in Ukraine caused power failures that disrupted internet connectivity in Dnipropetrovsk and nearby regions. Cloudflare Radar detected a significant decline in traffic from the area, falling to nearly 50% below the prior week’s baseline, beginning around 22:45 local time (20:45 UTC) on January 7. Restoration commenced around 06:00 local time (04:00 UTC) on January 8.
On January 26, Russia launched a drone and missile attack targeting energy infrastructure in Kharkiv. Cloudflare Radar detected an approximately 50% traffic decline from the region starting around 19:15 local time (17:15 UTC). Recovery progressed through January 27 as power was gradually restored.
Amazon Web Services Middle East (United Arab Emirates and Bahrain)
Among the unusual disruptions of the quarter was the physical damage inflicted on Amazon Web Services data centers in the Middle East by drone strikes linked to the ongoing regional conflict. On the morning of March 1 (UTC), Amazon reported that a fire had started after objects struck a UAE data center. The following day, the company confirmed that two of its facilities in the United Arab Emirates (me-central-1 region) had been “directly struck” by drones, and that a facility in Bahrain (me-south-1 region) was also taken offline after being damaged by a nearby strike.
Cloudflare’s Cloud Observatory data showed elevated connection failure rates for the me-central-1 and me-south-1 regions starting March 1–2 and persisting at higher levels for several days. Connection failures occur when Cloudflare is unable to successfully connect to an origin server when attempting to retrieve uncacheable content, or content not in or expired from cache. These charts reflect the increased failure rate experienced when trying to reach servers in these affected regions.
In a status update on the AWS Health Dashboard, Amazon stated: “These strikes have caused structural damage, disrupted power delivery to our infrastructure, and in some cases required fire suppression activities that resulted in additional water damage.” The company cautioned that instability in the Middle East was likely to continue, making operations “unpredictable,” and advised customers running workloads in the affected areas to back up their data or migrate to other AWS regions.
The AWS me-south-1 region in Bahrain experienced a further disruption on March 23, following additional drone activity.
On January 15, a power outage hit Buenos Aires amid a summer heat wave. The outage caused minor disruptions to internet connectivity for customers of several providers in the Buenos Aires area, including Telecom Argentina (AS7303), Telecentro (AS27747), and IPLAN (AS16814), with traffic from these networks dropping between 17:30 and 19:30 local
At roughly 8:30 a.m. (20:30 – 22:30 UTC), a failure at the Richmond energy station in the Virgin Islands caused a widespread power outage. The Virgin Islands Water and Power Authority (WAPA) reported the incident on Facebook. The disruption to web traffic in the affected area began around 21:30 UTC and lasted for approximately two hours, with user activity returning to normal levels by about 23:30 UTC.
A plant making contact with an underground cable caused a power blackout that hit St. Croix and St. Thomas within the U.S. Virgin Islands. Cloudflare Radar information reveal internet visitors from native supplier VI Powernet (AS14434), the main ISP within the U.S. Virgin Islands, plunging to just about zero from round 12:15 native time (16:15 UTC), earlier than coming again online by roughly 14:45 native time (18:45 UTC). Even with the outage practically wiping out VI Powernet’s connectivity, visitors from St. Thomas solely dropped by about 60%, and about 40% from St. Croix, because of different suppliers serving these islands.
Storm Kristin struck mainland Portugal on January 28, leaving a trail of destruction and widespread energy failures in its wake. Roughly 1,500 emergencies had been logged by Civil Protection between midnight and 08:00 native time (00:00 – 08:00 UTC), with Leiria and Coimbra districts bearing the brunt of the injury. Key infrastructure suffered harm, and by 07:00 native time (07:00 UTC), greater than 850,000 E-Redes clients had discovered themselves at midnight.
Getting issues again to regular wasn’t fast: greater than 290,000 clients had been nonetheless with out energy as late as January 30, and Cloudflare tracked a drawn-out return of regional traffic over the next weeks. (Coimbra bounced again to regular ranges inside the first few days following the storm.) Three weeks after the storm handed, over 6,000 clients in Leiria had been reportedly nonetheless with out electrical energy.
Simply after the New 12 months, Web service within the Republic of Congo was thrown off course by a fault on the WACS (West Africa Cable System) beneathsea cable. Congo Telecom (AS37451) wed out an update on X stating that “a world incident on the WACS cable” was accountable for the connectivity issues, and that backup preparations had been being put into place. Cloudflare Radar picked up on a pointy decline in visitors from Congo starting at about 00:00 native time on January 2 (23:00 UTC January 1), sinking to 82% under anticipated ranges. A future message from Congo Telecom confirmed that repairs had been underway, with clients probably dealing with slower speeds throughout busy durations. Visitors climbed again to regular ranges by roughly 15:00 native time (14:00 UTC) on January 4.
Verizon Wi-fi (United States)
On January 14, a software program fault knocked out voice and information providers for Verizon Wi-fi (AS6167) subscribers throughout the United States. Verizon launched a public assertion confirming the outage started January 14 and had been mounted by 22:15 ET (03:15 UTC January 15). Common posts from @VerizonNews on X stored clients up to date all through the night time. Cloudflare Radar information reveals a noticeable dip in visitors beginning at round 12:30 ET (17:30 UTC) on January 14, matching the reported begin of the disruption.
On February 9–10, subscribers of Move Grenada (AS46650) — the principle Web supplier for Grenada — had been hit by an island-wide blackout lasting about 12 hours. The corporate shared a message on Facebook confirming the service disruption, although no rationalization for the trigger was supplied. Cloudflare Radar information exhibits visitors from the community starting to slide round 11:30 native time (15:30 UTC) on February 9, vanishing completely round 20:00 native time (midnight UTC February 10), and returning by roughly 23:30 native time (03:30 UTC February 10). Routing data reveals a full withdrawal of introduced IPv4 prefixes on the similar level visitors hit zero. Outstanding spikes in BGP announcements across the time the disruption first surfaced, and framing the total outage, level to a routing-related trigger for the entire episode.
Prospects of Orange Guinée (AS37461) in Guinea had been not capable of make cellphone calls or entry the Web beginning round 10:45 native time (10:45 UTC) on January 6. Orange Guinée deliberately confirmed an “exceptional breakdown” affecting cell phone and Web providers following a technical incident, with groups mobilized to revive service. Service was restored by roughly 14:00 native time (14:00 UTC) that very same day. No additional particulars on the basis reason behind the incident had been publicly disclosed.
TalkTalk (United Kingdom)
On March 25, clients of UK broadband supplier TalkTalk (AS13285) reported widespread service disruptions. TalkTalk acknowledged the problems on X however didn’t publicly disclose a root trigger. Cloudflare Radar noticed visitors from the supplier drop practically 50% as in comparison with the earlier week starting round 07:00 native time (07:00 UTC), with service restored by roughly 08:15 native time (08:15 UTC).
1 / 4 marked by main disruptions
The primary quarter of 2026 was marked by an unusually excessive variety of extreme and extended Web disruptions. The key executive-directed shutdowns, notably the extended blackouts in Uganda and Iran, underscore how Web entry continues to be weaponized as a machine of political management. Cuba’s three separate nationwide grid collapses in a single month paint a troubling image of infrastructure fragility with direct penalties for connectivity. And the drone strikes on AWS information facilities within the Center East signify an unprecedented escalation as lively navy battle straight and bodily broken main cloud infrastructure, with disastrous penalties for the web sites and functions hosted there.
The Cloudflare Radar workforce is continually monitoring for Web disruptions, sharing our observations on the Cloudflare Radar Outage Heart, through social media, and in posts on weblog.cloudflare.com. Comply with us on social media at @CloudflareRadar(X), noc.social/@cloudflareradar (Mastodon), and radar.cloudflare.com (Bluesky), or contact us through e mail.
