1. Cybercrime & Cybersecurity
1.1. Cybercrime
Cybercrime: Information without physical media (hard drive, USB stick, etc.) obtained as a result of a criminal offence may be subject to concealment under Article 321-1, paragraph 2, of the Criminal Code (Cass. Crim. 18 February 2026, No. 24-82.611).
Phishing: Many people have fallen victim to a scam via a video circulating on social media and generated by artificial intelligence, which pretended to be from the Kinder brand and offered the chance to win sweets delivered to your home. (Press release dated February 13, 2026)
Cybercrime: Information without physical media (hard drive, USB stick, etc.) obtained as a result of a crime may be subject to concealment under Article 321-1, paragraph 2, of the Criminal Code (Cass. Crim. February 18, 2026, No. 24-82.611).
Cybercrime: The founder of the Incognito Market website, Rui-Siang Lin, has been sentenced to 30 years in prison for running one of the largest drug markets on the dark web, generating over $100 million in sales. (Press release of February 3rd 2026)
Cybercrime: The Paris Public Prosecutor’s Office has raided the French premises of Platform X as part of an investigation into the possession and distribution of child pornography, sexual deepfakes, data falsification and the administration of an illegal platform by an organised gang. Summonses for voluntary interviews were sent to Elon Musk, Linda Yaccarino and employee witnesses.(Press release dated 3 February 2026)
Cybercrime: The US Department of Justice coordinated with Bulgarian authorities and Europol to seize three piracy websites (zamunda.net, arenabg.com and zelka.org) distributing protected works without authorisation. The websites now display a seizure notice reminding users that copyright infringement is a crime. (Press release dated 30 January 2026)
Kick: The Paris Public Prosecutor’s Office has opened a judicial investigation into Kick and its executives for disseminating violent content online, money laundering and failure to assist a person in danger. This proceeding follows the death of a videographer who was broadcasting live on the platform. The investigation has been entrusted to the Central Office for the Fight against Cybercrime and aims to determine the criminal liability and misconduct of the company’s executives. (Press release from the Paris public prosecutor’s office dated 27 January 2026)
Cyberattack: In France, following recent revelations concerning a data leak at DINUM, the Real Estate Department was the target of a cyberattack on January 19. Although no data was stolen, the website was suspended while investigations were carried out, with the support of ANSSI. (Press release dated January 19, 2026)
International Criminal Court: At the end of the year, the ICC published a policy paper on crimes related to the use of cyberspace under the Rome Statute. The Court’s stated aim is to adapt to the growing use of cyberspace in the commission of international crimes. Although the Court and its decisions currently have limited legal recognition, this document highlights the willingness of international authorities to fight cybercrime. (Report release on December 2025)
Cyberattack : On January 15, Microsoft announced the dismantling of RedVDS, a key infrastructure used in global online scams. It provided cybercriminals with ready-to-use Windows servers and tools, facilitating phishing, data theft, and payment diversion. Thanks to coordinated action with US and UK judicial authorities, as well as European law enforcement agencies including Europol, Microsoft was able to take the platform’s key infrastructure offline. (Press release on January 15, 2026)
Spying : A security flaw has been discovered in Fast and Pair, Google’s technology that facilitates Bluetooth connectivity on Android. If exploited by hackers, they could listen in on audio or even use the microphone. Google has now rolled out fixes for its products and is urging users to install updates from manufacturers. (Press release on January 16, 2026)
Cybercrime: A suspect was arrested in France in January 2026 as part of the investigation into the hacking of the French Shooting Federation and the leak of personal data of approximately one million licence holders, which was then allegedly used to facilitate targeted burglaries. (Press release dated 8 January 2026)
1.2. Cybersecurity
Information manipulation: On February 11, the Interministerial Directorate for Public Transformation published a report entitled “Effectively combating information manipulation.” The aim is to summarize scientific knowledge on ways to reduce the spread of and belief in false information. The report is based primarily on behavioural and sociological sciences. (Press release of 11th February 2026)
Digital Omnibus: The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have adopted an opinion on the proposed Digital Omnibus Regulation. This proposal aims to simplify European digital regulations and strengthen competitiveness. Among other things, the opinion expresses reservations about the new definition of personal data. (Press release of February 12th 2026)
National Cybersecurity Strategy: The National Cybersecurity Strategy 2026-2030 aims to strengthen France’s cyber sovereignty and resilience by developing skills, securing critical infrastructure and public services, supporting technological innovation, and intensifying European and international cooperation in the face of cyber threats (Press release from the General Secretariat for Defense and National Security, January 29, 2026).
Certification: French company Virtual Browser has just obtained First Level Security Certification (a.k.a CSPN in French) from ANSSI, becoming the first CSPN-certified web browsing security solution. This certification recognizes the company’s work in developing web browsing isolation technology. In practical terms, this means that the browser will run on a remote system, preventing malicious code from being executed on the user’s local computer. CSPN certification will give the company official security recognition, providing it with a major commercial advantage. (Press release, January 20, 2026)
Cookies and trackers: The French Data Protection Authority (CNIL) publishes its recommendations on obtaining multi-device consent. The objective is threefold: to regulate the conditions under which multi-device consent must be requested, to adapt user information to the collection of multi-device consent, and to manage situations where users express choices that differ from those recorded on their account before logging in. (Recommendation, January 16, 2026)
Cybersecurity: Google has rolled out a security patch for the Chrome browser to fix a critical vulnerability that could be exploited by a malicious extension and allow access to sensitive data. Users are advised to install the update as soon as it becomes available. (Google press release dated 7 January 2026)
2. Disinformation & Information Warfare
Social media manipulation: The report Social Media Manipulation for Sale 2025 Experiment on Platform Capabilities to Detect and Counter Inauthentic Social Media Engagement reveals that platforms allow services that purchase inauthentic engagement via thousands of fake accounts to remain commercially accessible, demonstrating persistent limitations in detecting and removing inauthentic behaviour on social media. (NATO StratCom COE press release, 30 January 2026)
Information interference: The Election Coordination and Protection Network (RCPE), coordinated by the General Secretariat for Defence and National Security (SGDSN), reviews the types of foreign digital interference that could target the 2026 municipal elections. As of the week of 2 February, no operations aimed at discrediting the electoral process, damaging the reputation of candidates or polarising the debate have been identified, and the risk of mistrust of the media is considered low. (Press release from the General Secretariat for Defence and National Security dated 6 February 2026)
Disinformation: Following the publication on a website, masquerading as France Soir, of an article claiming to reveal a link between Emmanuel Macron and the Epstein affair, the Quai d’Orsay denounced it as fake news via the official French Response account. (Press release dated 5 February 2026).
Information warfare: The Service for Vigilance and Protection against Foreign Digital Interference (VIGINUM) publishes a note on the concept of “« Information Manipulation Set » (IMS) (Press release January 22, 2026)
Information warfare: Publication by the Swedish Psychological Defense Agency, a Swedish public administrative authority under the Ministry of Defense, of the manual “Psychological Defense and Information Influence” for better protection of democratic values. (Press release of January 2026)
Information Warfare: The association EU DisinfoLab, in partnership with VIGINUM (France’s service for vigilance and protection against foreign digital interference), has published a report entitled “Developing a Common Operational Picture of Foreign Information Manipulation and Interference (FIMI)” to better understand and respond to information manipulation in Europe. The main recommendations of the report are 1) strengthening and coordinating IMS data collection, 2) integrating IMS into content removal mechanisms 3) improving platform transparency 4) targeting operational structures that support these networks. (Press release, January 16, 2026)
Health: The Department of Health announces the launch of a national strategy to combat health misinformation, aimed at promoting concrete and sustainable actions to ensure that everyone has access to reliable, accessible and understandable health information (Press release dated 12 January 2026).
3. Personal Data & Privacy
3.1. Data breaches and incidents
Health: A medical data leak was revealed on February 26, affecting several million people. A hacker was able to retrieve sensitive medical data by hacking into medical management software. Made freely available on the dark web, this database provides information that could, among other things, facilitate discrimination. The company acknowledges the incident and limits the leak to administrative data. The National Commission for Information Technology and Civil Liberties is unable to provide further information. (Press release dated February 26, 2026)
Bank account details: On February 18, the Ministry of Economy and Finance announced a breach of the national bank account database, which lists all bank accounts opened in France. The Directorate General of Public Finances (DGFIP) warns that approximately 1.2 million accounts are affected. The hackers allegedly stole the login details of a government employee with access to this database. Bercy has announced that it will be filing a complaint. (Press release dated February 18, 2026)
Data leak: The Interministerial Digital Directorate (DINUM) has confirmed a data leak affecting HubEE, an administrative document exchange platform used by the public sector. In total, nearly 70,000 files, or 160,000 documents, some of which contained personal data, were stolen. (Press release, January 16, 2026)
Data breach: On 13 January 2026, the French Data Protection Authority (CNIL) imposed a total fine of €42 million on Free Mobile (€27 million) and Free (€15 million) for serious data security breaches, following a breach that exposed the personal information of 24 million subscribers, including their IBANs. (CNIL decision dated 13 January 2026)
3.2. Penalties and regulations
Data protection: German security services are warning of a wave of phishing attacks targeting Signal users, aimed at stealing verification codes to hack into accounts. Attackers are using fraudulent messages imitating technical support to trick victims into clicking on malicious links and bypassing encryption by taking control of access to the application. (Press release of February 2nd 2026)
Parasitism: Pursuant to Article 1240 of the Civil Code, the following constitutes parasitic behaviour: a commercial company, as part of a digital communication campaign to promote the arrival of new ‘talent’ on its platform and inviting its followers to invest in players presented as the best during the 2022 Six Nations Tournament, to massively relay messages from the accounts of players of the French national rugby union team and the French Rugby Federation on its social networks without authorisation or compensation (TJ Paris, 06/01/2026, 23/08148).
CNIL sanction: The CNIL imposed a fine of €5 million on FRANCE TRAVAIL for failing to ensure the security of personal data following a breach in the first quarter of 2024, which exposed the data of millions of people registered or previously registered on francetravail.fr, and ordered the organisation to justify corrective measures or face penalties (Press release from the French Data Protection Authority dated 29 January 2026).
Transmission of personal data: On December 30, a company was sanctioned by the CNIL, which imposed a fine of €3.5 million for transmitting the personal data of members of its loyalty program to a social network. This data was then used by the social network to display targeted advertisements promoting the company’s products. The CNIL criticized the company in particular for the fact that the consent obtained was neither explicit nor informed. (Press release January 22, 2026)
Data protection: The European Union has announced the opening of negotiations with the United States to regulate access to certain sensitive data under the visa waiver programme, in order to ensure that the scheme complies with European law. (EU Council press release dated December 2025)
Data protection: Nexpublica was fined €1,700,000 by the CNIL (French Data Protection Authority) for failing to implement adequate security measures relating to the use of software for managing user relations. (Penalty imposed by the CNIL on 22 December 2025)
4. Digital Economy & Competition
Meta: In Cases C‑496/23 P and C‑497/23 P, Advocate General Athanasios Rantos asks the Court of Justice of the European Union to dismiss Meta Platforms Ireland’s appeals against judgments confirming the legality of the European Commission’s requests for documents in the context of an investigation into abuse of a dominant position concerning Facebook Marketplace and Facebook Data. (Press release from the Court of Justice of the European Union dated 26 February 2026)
DSA/ Shein: The European Commission has launched a formal investigation into Shein to verify whether the platform complies with the Digital Services Act (DSA). The investigation focuses in particular on the sale of illegal products, the lack of transparency of its recommendation algorithms, and its “addictive” design (point and reward systems) which could be detrimental to users’ well-being. (Press release dated February 17, 2026)
DSA: The European Commission has released its preliminary conclusions regarding TikTok’s compliance with the European Digital Service Act. The Commission warns about TikTok’s addictive design, with its endless scrolling, notifications, and autoplay. These features encourage excessive use and violate the user safety and protection requirements imposed by the DSA. Brussels is demanding structural changes before making a final decision. (Press release of February 6th 2026)
Ticket resale: Legislators in California and New York have introduced bills to combat the high prices of resold tickets for concerts and other events on the secondary market. The California Fans First Act aims to prohibit the resale of tickets at more than ten percent above their original value. In New York, a similar measure provides for a cap on resale prices. (Press release of February 5th 2026)
DMA: The European Commission rules in favor of Apple, with Maps and Ads services not subject to the strict restrictions of the Digital Marketing Act. While these two services were deemed less central to the lives of Europeans, iOS and the Apple Store remain subject to this regulation. (Press release dated January 5, 2026)
Fraud: The European Insurance and Occupational Pensions Authority, the European Banking Authority, and the European Securities and Markets Authority have published practical guidelines to help consumers protect themselves against crypto-asset fraud and online financial scams in the age of AI. (Press release dated January 30, 2026)
DSA: In accordance with the Digital Services Act (DSA), the European Commission considers the social network WhatsApp to be a Very Large Online Platform (VLOP), thereby imposing specific obligations on it. (Press release dated 26 January 2026)
Chatbot: The founder of the secure messaging app Signal is launching an alternative to conversational assistants such as ChatGPT. Confer, the new chatbot, combines several technologies focused on personal data protection. In practice, this includes strong encryption and secure environments so that only the user can read their conversations. (Press release on January 5, 2026)
Transparency: Arcom publishes its analysis report on the transparency reports of French digital intermediary service providers subject to the European Digital Services Regulation (DSR/DSA). (Arcom report published on 12 January 2026)
Digital economy: The French Financial Markets Authority (AMF) and the French Prudential Supervision and Resolution Authority (ACPR) warn the public about several players offering unauthorised services in France related to Forex trading and crypto-assets, exposing investors to high risks of financial loss and fraud. (Press release from the AMF and ACPR dated January 2026)
Audiovisual: A recent study by the European Audiovisual Observatory explains that the news media sector in Europe has been profoundly transformed by digital technologies, shifting from a traditional model (press and broadcasting) to ecosystems dominated by social media and AI. The report highlights the importance of new European regulatory frameworks and media literacy. (Press release dated 18 December 2025)
5. Artificial Intelligence
5.1. Copyright in the age of AI
Cinema/AI: Nearly 4,000 French artists and film professionals (actors, voice actors, musicians) have published a manifesto denouncing the ‘systematic plundering’ of their works and voices by artificial intelligence companies. (Press release dated 22 February 2026)
Music/AI: Music streaming platform Deezer has announced that, after developing a tool capable of identifying music generated entirely by artificial intelligence, it has detected that up to 85% of plays of these tracks are fraudulent. This tool allows the platform to exclude them from royalty calculations in order to protect artists. Deezer is now making this detection technology available to the entire music industry to promote greater transparency in the face of the rise of AI content in streaming. (Press release dated January 29, 2026)
Copyright/AI: At the end of January 2026, members of the European Parliament’s Legal Affairs Committee adopted several important proposals in an own-initiative report, which will be debated at the end of March. The aim is to regulate the use of copyright-protected works by generative artificial intelligence (GAI) systems. The main points advocated by MEPs include: full transparency on the data used, a right of option for rights holders, and fair remuneration for creators, all in accordance with EU law. (Press release dated January 28, 2026)
Dubbing: Eight French actors have issued formal notice to two AI platforms to remove unauthorised voice clones of famous French voice actors (such as Donald Reignoux and Brigitte Lecordier). This action aims to protect the actors’ personality rights and intellectual property against the unauthorised use of their voices. (Press release dated 3 February 2026)
AI and copyright: NVIDIA is facing legal action in the United States following allegations that the company contacted Anna’s Archive, a pirate library, in order to gain quick access to protected books for training its artificial intelligence models. NVIDIA disputes these allegations and maintains that this simple contact does not constitute any illegal use of protected works. (Press release dated 4 February 2026)
5.2. Regulation and supervision
Generative AI: The government has launched a commission of experts on generative AI to assess the risks (social, economic, ethical) and opportunities of this technology in order to inform public policy decisions. This high-level committee is tasked with proposing concrete measures to regulate the use of AI while promoting French innovation. (Press release dated 21 February 2026)
CNIL: The CNIL, together with ANSSI, PEReN and Inria as part of the PANAME project, is launching a call for expressions of interest to test a software library for auditing the confidentiality of AI models in order to assess their compliance with the GDPR. (CNIL press release dated 26 February 2026)
AI/GDPR: The Irish Data Protection Authority has launched legal proceedings against X (Twitter) to ensure that its AI training, Grok, complies with the GDPR. The investigation focuses on the use of European users’ personal data without their prior consent to feed the company’s models. (Press release dated February 17, 2026)
AI assessment and security: The National Institute for AI Assessment and Security has just adopted its action plan for 2026-2027. The goal is to strengthen France’s sovereign capacity to assess and secure advanced artificial intelligence systems, while supporting innovation and protecting citizens. (Press release of February 12th 2026)
Competition: The European Commission has accused Meta of abusing its dominant position by blocking access to competing AI assistants on WhatsApp in favour of its own technology, Meta AI. Brussels is now considering emergency measures to force the group to reopen its platform in order to prevent irreparable damage to competition in Europe. (Press release dated 9 February 2026)
Legal action: A class action lawsuit has been filed against NVIDIA for copyright infringement. The company, which specializes in designing graphics processors and AI models, is alleged to have not only used third-party datasets containing pirated books, but also to have contacted Anna’s Archive directly to obtain millions of books. The authors are seeking compensation for damages suffered. (Amended complaint filed in the District Court for the Northern District of California, Oakland Division)
Deepfake : Faced with criticism, X finally decided to update Grok’s terms of use to limit the creation of sexual deepfakes. This decision follows numerous pressures on the social network, including the opening of an investigation by the OFCOM (the British telecommunications regulator) on January 12. In France, the High Commissioner for Children, Sarah El Haïry, announced that she would refer the matter to the European Commissioner for Digital Sovereignty, arguing that deepfakes fall under the scope of the DSA and DMA. (Post on X on the 14th of January).
Deepfake: In France, several ministers have reported to the judicial authorities and the Pharos platform sexual content generated without consent by X’s Grok AI tool, leading to the extension of an ongoing judicial investigation into these deepfakes and their possible criminal violations. (Press release dated 2 January 2026)
AI: Google and start-up Character.AI have reached amicable agreements to settle several lawsuits in the United States brought by families who claim that chatbots contributed to the suicide or serious injury of minors, without the details of the settlements being made public. (Press release dated 7 January 2026)
AI: In its ‘Flash interference’ #117, the French DGSI warns of the risks associated with the use of artificial intelligence in companies, in particular attempts at interference via deepfakes, the exposure of confidential documents, and excessive dependence on AI tools, which can reduce human vigilance and encourage fraud. (Flash Ingérence #117, December 2025)
AI/Mental health: At the end of 2025, China proposed the strictest regulations for AI ‘companions’. The aim is to prohibit any incitement to violence, suicide or emotional dependence by requiring platforms to regularly remind users that they are interacting with a machine, with a view to preventing psychological and social abuse. (Official press release dated 27 December 2025)
AI/Health: A study has highlighted the fact that artificial intelligence is enabling the proliferation of websites offering fake obesity drugs (such as Ozempic, Wegovy and Mounjaro) using deepfakes, fake health authority logos and misleading promotions. These practices are carried out with the aim of deceiving consumers and pose major health risks. (Study published on 21 November 2025)
6. Intellectual Property & Counterfeiting
6.1. Legal actions and proceedings
Piracy: A California court has ordered a network of pirate websites to pay $6 million in damages to Amazon for selling counterfeit DVDs of its original series. The judge also ordered the transfer of the domain names of these sites to Amazon to permanently stop their illegal activities. (Decision dated February 11, 2026)
Marketplace: A lawsuit between a buyer and the Leboncoin platform was heard on January 29, 2026, by the Saint Quentin Judicial Court. The question put to the court was whether the hosting company, Leboncoin, could be held civilly liable for fraud committed during a transaction between users, in particular regarding its obligation to ensure the security and monitoring of content/users. In this case, the Court dismissed the buyer’s claim on the grounds that “As a hosting company, Leboncoin has no general obligation to monitor content published by users. (…) the platform is not responsible for the actions of sellers.” (TJ Saint Quentin, January 29, 2026, 25/00350)
IPTV: Dish Network, an American pay-TV provider, has filed a federal lawsuit in the United States against the operators of a pirate streaming service, DMTN IPTV. Dish Network accuses DMTN IPTV of providing thousands of live channels and more than 100,000 movies and series on demand without legal authorization. Deceptive techniques used to conceal the illegal activity are also denounced. DISH is seeking more than $21 million in damages for copyright infringement, or up to $150,000 per protected work. (Complaint filed February 17, 2026)
Counterfeit perfumes: A clandestine counterfeit perfume factory was dismantled in Spain during a joint operation between Spanish and French customs authorities. Believed to be the largest counterfeit perfume factory, authorities found more than 1.2 million bottles on site, with an estimated value of around €94 million based on the price of authentic products. (Press release dated 18 February 2026)
VPN: Spanish courts have ordered NordVPN and ProtonVPN to block IP addresses facilitating the piracy of LaLiga matches in Spain, considering VPNs responsible if they contribute to circumventing geographical restrictions or assisting pirate sites. (Press release dated February 17, 2026)
Spotify / Anna’s Archive: The digital library Anna’s Archive has published some of the torrent links for millions of audio files obtained through unauthorized scraping of content from Spotify. This release comes despite the site already having a January 16 injunction prohibiting it from distributing copyrighted works. (Press release of February 12th 2026)
Piracy: A US federal court has ruled that DMCA subpoenas cannot be used by rights holders to identify alleged pirates in lawsuits filed abroad. This decision limits the scope of US law, preventing companies from using US courts as mere data collection tools for international litigation. (Press release of February 11th 2026)
IPTV/ Streaming: The Italian authorities announced that they had dismantled a major Internet Protocol Television (IPTV) network, one week before the opening ceremony of the Winter Olympics. The action targeted key infrastructures and a hierarchy of resellers that would have served millions of users worldwide. (Press release dated January 28, 2026)
Piracy: The Shanghai Public Security Bureau raided the home of an individual accused of running one of the world’s largest manga piracy sites (BATO.TO and its affiliated sites). He later admitted to managing all the affiliated sites. (Press release dated January 29, 2026)
Online gaming: The Paris Court of Appeal upholds the imposition of a dynamic injunction on Meta, requiring it to prevent, through automatic filtering, the dissemination of online gaming advertisements that infringe on the Barrière group’s trademarks. It dismisses the ban on generalised monitoring provided for by the DSA and the e-commerce directive on the grounds that gambling and gambling advertisements are excluded from this protective framework for hosting providers. (Paris Court of Appeal, Division 5 – Chamber 1, ruling of 28 January 2026)
Copyright: An advisor to the Court of Justice of the European Union has ruled that the use of a Virtual Private Network (VPN) to circumvent geographical restrictions is not sufficient to constitute copyright infringement. Liability therefore lies with the actions of publishers, and not with technical circumventions by users. (Press release 15 January 2026)
Copyright: Chinese police raided a suspect linked to the manga piracy site BATO.TO and its affiliated sites, which have been shut down since November 2025, following complaints from Japanese publishers via CODA, illustrating international cooperation to protect intellectual property and combat the illegal distribution of manga. (Press release from the Content Overseas Distribution Association dated 29 January 2026)
LCEN’s applicability: No breach of Article 6 of the LCEN (Law on confidence in the digital economy) in the event of content being removed by the host, in this case Amazon, within three weeks of receiving a notification. (CA Versailles, January 7, 2026, 24/03975)
IA : Actor Matthew McConaughey is taking the lead in combating AI abuses by legally protecting his image and voice as trademarks. He has obtained approval to register eight trademarks with the USPTO. This move gives the actor a solid legal basis to take action against any unauthorized use of his voice and prevent deepfakes. According to McConaughey, the main objective of this move is to “create a clear perimeter around ownership” in the era of widespread AI. His initiative could well inspire other celebrities to do the same. (Press release January 15, 2026).
Anti-piracy: Cloudflare has been fined €14.2 million by Italian regulator AGCOM for failing to block access to pirate sites via its public DNS service 1.1.1.1. In response, Cloudflare denounced the measure as ‘Internet censorship’ and threatened to withdraw its servers from Italy, discontinue its free cybersecurity services for local users, and cancel its planned investments in the country. (Decision of the Italian authority published on 8 January 2026)
Complaint/DMCA: X (formerly Twitter) has filed a complaint against the National Music Publishers’ Association (NMPA) and several major music publishers (including Sony, Universal and Warner Chappell), accusing them of ‘weaponising’ the DMCA to force a commercial partnership. According to the complaint, after X refused to sign an agreement in 2021, the NMPA launched a massive campaign of takedown notices targeting more than 200,000 posts and resulting in the suspension of more than 50,000 users. (Complaint filed by X on 9 January 2026)
Anti-piracy: The High Court of New Delhi has granted Disney, Netflix, Crunchyroll and other film giants a new order to block pirate sites, targeting notorious platforms. This decision, which relies on domain name registries and even foreign governments, seeks to have a global impact, although some sites remain accessible by changing domains. (Court order issued on 18 December 2025)
Shadow library: The underground library Anna’s Archive has lost access to its main .org domain name, which has been suspended by the relevant registry, making the site temporarily inaccessible via this address. However, the platform remains accessible via alternative domains. (Press release dated January 2026)
Copyright: The Court of Cassation has clarified that a person’s participation in an interview is not sufficient in itself to confer co-authorship under copyright law; only an original contribution to the conception or structure of the work can be considered. (Court of Cassation ruling dated 15 October 2025)
Counterfeiting/Parasitism: In a ruling dated 5 November 2025, the Paris Judicial Court convicted the leader of the ‘Les Survivants’ movement for counterfeiting and parasitism after he affixed 10,000 anti-abortion stickers that reproduced the Vélib’ logo without authorisation. The judges ruled that freedom of expression did not justify this infringement of the City of Paris’ copyright, as the message could be disseminated by other means. (Decision of the Paris Judicial Court, No. 23/13625, 5 November 2025)
6.2. Regulation and supervision
Streaming/IPTV: Spanish courts now require VPN providers to block access to illegal streaming and IPTV services, a radical measure to combat piracy that could soon inspire regulation in France. (Press release dated 17 February 2026)
IPTV blocking in Belgium: The FPS Economy has ordered the blocking of several illegal IPTV services by compelling access providers and services such as Cloudflare and Google, while specifying that their public DNS are not targeted, in order to strengthen the fight against piracy in Belgium. (Press release of 12 February 2026)
Creation of online video content: The Competition Authority has announced that it will take up the matter on its own initiative in order to analyze the creation of online video content in France and the relationships between the various players in the sector. In particular, the Authority has noted a structural imbalance between the various platforms, favoring dominant platforms such as YouTube and TikTok. In order to conduct this analysis, the Competition Authority has launched a public consultation with industry players and questioned the major platforms. (Press release dated February 18, 2026)
State VPN: The United States is considering creating a public portal to allow access to restricted content in Europe, presented as a tool to defend freedom of expression online. This project, which may include a mechanism to circumvent blocks, raises questions about a possible challenge to European digital regulations. (Press release dated 18 February 2026)
Industrial property: The judge presiding over summary proceedings at the Paris Commercial Court reiterated the binding nature of contractual commitments in relation to software licences, ordering VMware to continue to perform a global enterprise licence agreement entered into with Thales despite a change in commercial policy, emphasising the legal protection of the exploitation rights granted. (Interim order of the Paris Commercial Court dated 19 July 2024)
IPTV: The French Regulatory Authority for Audiovisual and Digital Communication (Arcom) reiterates that IPTV is legal as a technology, but that certain offerings are illegal when they provide unauthorised access to copyright-protected content, particularly audiovisual channels and events. (Arcom press release dated 8 January 2026)
.
7. Regulation & Justice
7.1. French law
National Assembly: creation of a commission of inquiry into structural dependencies and systemic vulnerabilities in the digital sector and the risks to France’s independence, chaired by MP Philippe Latombe (Press release dated 19 February 2026).
Blocking social media: The National Assembly has adopted a bill prohibiting minors under the age of 15 from accessing social media services, in order to better protect the mental health of children and adolescents. The bill requires the platforms concerned to verify users’ ages and is expected to come into force at the start of the 2026 school year. (National Assembly press release dated 26 January 2026)
7.2. European law
Media: The European Union has published guidelines (Art. 18 of the EMFA) to protect the media from arbitrary moderation by very large online platforms such as Google or Meta. These rules now require platforms to notify the media before removing their content and to offer a privileged channel of dialogue to preserve press freedom. (Press release of February 6th 2026)
Digital regulation: The European Commission has preliminarily found that TikTok violates European digital services law due to its design, which is considered addictive and potentially harmful to users. This finding follows an investigation conducted under the Digital Services Act, which aims to ensure the safety and accountability of online platforms in the EU. (Press release dated 6 February 2026)
DSA: The European Commission opens a new formal investigation against X under the DSA and extends the investigation opened in 2023 into X’s recommendation systems. This new investigation will determine whether X has properly assessed the various risks associated with the deployment of Grok’s features within the European Union (EU). (Press release dated 26 January 2026)
DMA: Google’s promotion of its Gemini AI assistant on Android and its restriction of the interoperability of competing assistants and fair access to search data constitute a breach of the obligations of the Digital Markets Act, justifying the European Commission’s initiation of two proceedings to clarify the obligations of access to Android functions and sharing of anonymised search data in order to restore effective competition (European Commission press release of 27 January 2026)
Digital sovereignty: In early January 2026, the European Commission launched a public call for contributions on its future open-source strategy, which aims to strengthen Europe’s digital sovereignty by promoting the development and commercialisation of European free software. Contributions are expected by 3 February 2026. (Call for contributions)
Protection of minors: The European Commission has proposed extending the 2021 temporary regulation (EU 2021/1232) until 3 April 2026, which allows for a derogation from the ePrivacy Directive to facilitate the detection and reporting of online child sexual abuse. This extension aims to avoid a legal vacuum pending the adoption of a permanent legislative framework. (Press release dated 19 December 2025)
DSA / VLOP : Zalando’s appeal against a General Court ruling challenging its classification under the Digital Services Act was published in the EU’s Official Journal on Monday. The online retailer of shoes, fashion, and accessories put forward six legal grounds, arguing that it is not an online platform within the meaning of the DSA, that user exposure was wrongly presumed, and that the EU judges misapplied the rules on hosting services. It also claimed that the court reversed the burden of proof, violated its rights of defense, and undermined legal certainty. (Appeal before the CJEU against the judgment of the EU General Court of 3 September 2025)
