"The 4xx class of status code is intended for cases in which the client seems to have erred"
vs
"Response status codes beginning with the digit '5' indicate cases in which the server is aware that it has encountered an error or is otherwise incapable of performing the request."
There's always that quote people chuck around a lot about censorship being an error so the internet routes around it. By that definition the server knows it has errored so it should be a 5xx response.
I think it is a 4xx client error, and not necessarily one that needs a new status code. It seems to me that it is a fairly simple case of 403 Forbidden:
The server understood the request, but is refusing to
fulfill it. Authorization will not help and the request
SHOULD NOT be repeated. If the request method was not HEAD
and the server wishes to make public why the request has
not been fulfilled, it SHOULD describe the reason for the
refusal in the entity. If the server does not wish to make
this information available to the client, the status code
404 (Not Found) can be used instead.
The 4xx class of status code is intended for cases in which the client seems to have erred. "
The client has not erred by requested a document that exists and which the server can technically provide (separately, the server has not erred by refusing to provide a document to the client which the exists and which access control would allow the client to have, because a government is threatening the server operator in some manner).
> The client has not erred by requested a document that exists and which the server can technically provide
The client has erred in requesting a document which the server is legally forbidden to provide to that client. As specified for 403, the server understands the request and refuses to fulfill it.
Admittedly, a hypothetical 6xx Third-Party Interference series of error codes might be useful for these kind of cases (and some instances currently handled by 503.)
- 4xx isn't appropriate as it's not a client error. - 5xx isn't appropriate because it's not a server error either.