1. Cybercrime & Cybersecurity
1.1. Cybercrime
Cyberattack : On January 15, Microsoft announced the dismantling of RedVDS, a key infrastructure used in global online scams. It provided cybercriminals with ready-to-use Windows servers and tools, facilitating phishing, data theft, and payment diversion. Thanks to coordinated action with US and UK judicial authorities, as well as European law enforcement agencies including Europol, Microsoft was able to take the platform’s key infrastructure offline. (Press release on January 15, 2026)
Spying : A security flaw has been discovered in Fast and Pair, Google’s technology that facilitates Bluetooth connectivity on Android. If exploited by hackers, they could listen in on audio or even use the microphone. Google has now rolled out fixes for its products and is urging users to install updates from manufacturers. (Press release on January 16, 2026)
Cyberattack: The French Tennis Federation (FFT) was the victim of a cyberattack on 12 January 2026, during which hackers accessed the personal data of thousands of licence holders via a platform used by clubs. The FFT assures that no bank details or passwords were compromised and immediately secured the platform while filing a complaint. (Press release dated 12 January 2026)
Cybercrime: A suspect was arrested in France in January 2026 as part of the investigation into the hacking of the French Shooting Federation and the leak of personal data of approximately one million licence holders, which was then allegedly used to facilitate targeted burglaries. (Press release dated 8 January 2026)
Cyberattack: La Poste suffered another massive cyberattack on the night of 31 December to 1 January 2026, paralysing its online services (parcel tracking, Digiposte digital safe, La Banque Postale app), just a few days after a similar attack on Christmas Day. (Press release dated 1 January 2026)
Spying: According to a study, approximately eight million users were spied on via free VPN extensions that secretly siphoned off their conversations with AI systems, such as ChatGPT, to sell them to advertisers or third parties, despite their promise to protect privacy. (Study conducted by cybersecurity company KOI on 15 December 2025)
1.2. Cybersecurity
Cookies and trackers: The French Data Protection Authority (CNIL) publishes its recommendations on obtaining multi-device consent. The objective is threefold: to regulate the conditions under which multi-device consent must be requested, to adapt user information to the collection of multi-device consent, and to manage situations where users express choices that differ from those recorded on their account before logging in. (Recommendation, January 16, 2026)
Cybersecurity: Google has rolled out a security patch for the Chrome browser to fix a critical vulnerability that could be exploited by a malicious extension and allow access to sensitive data. Users are advised to install the update as soon as it becomes available. (Google press release dated 7 January 2026)
Cybersecurity: The n8n automation platform is affected by a critical vulnerability that allows remote code execution on unpatched instances, exposing affected systems to the risk of compromise. An immediate update is recommended. (Australian Cyber Security Centre press release dated 8 January 2026)
2. Disinformation & Information Warfare
Information Warfare: The association EU DisinfoLab, in partnership with VIGINUM (France’s service for vigilance and protection against foreign digital interference), has published a report entitled “Developing a Common Operational Picture of Foreign Information Manipulation and Interference (FIMI)” to better understand and respond to information manipulation in Europe. The main recommendations of the report are 1) strengthening and coordinating IMS data collection, 2) integrating IMS into content removal mechanisms 3) improving platform transparency 4) targeting operational structures that support these networks. (Press release, January 16, 2026)
Health: The Department of Health announces the launch of a national strategy to combat health misinformation, aimed at promoting concrete and sustainable actions to ensure that everyone has access to reliable, accessible and understandable health information (Press release dated 12 January 2026).
3. Personal Data & Privacy
3.1. Data breaches and incidents
Data leak: Plans for several prisons and a French military base were put up for sale on the dark web. At the end of 2025, the consulting firm DCE Conseil was the victim of a security incident. Hackers reportedly gained access through the account of a sales engineer. The consulting firm now states that “the incident is closed and [that] the parties have been directly informed.” (LinkedIn post on January 9, 2026).
Data leak: The Interministerial Digital Directorate (DINUM) has confirmed a data leak affecting HubEE, an administrative document exchange platform used by the public sector. In total, nearly 70,000 files, or 160,000 documents, some of which contained personal data, were stolen. (Press release, January 16, 2026)
Data breach: The FFT announced that it had been the victim of a cyberattack affecting a platform used by its clubs. This attack resulted in unauthorised access to certain data belonging to licence holders. (Press release dated 12 January 2026)
Data breach: On 13 January 2026, the French Data Protection Authority (CNIL) imposed a total fine of €42 million on Free Mobile (€27 million) and Free (€15 million) for serious data security breaches, following a breach that exposed the personal information of 24 million subscribers, including their IBANs. (CNIL decision dated 13 January 2026)
3.2. Penalties and regulations
Data protection: The European Union has announced the opening of negotiations with the United States to regulate access to certain sensitive data under the visa waiver programme, in order to ensure that the scheme complies with European law. (EU Council press release dated December 2025)
Data protection: Nexpublica was fined €1,700,000 by the CNIL (French Data Protection Authority) for failing to implement adequate security measures relating to the use of software for managing user relations. (Penalty imposed by the CNIL on 22 December 2025)
Data protection: The French Data Protection Authority (CNIL) has issued a ruling on the use of so-called tourist cameras by local authorities, clarifying the rules to be followed to protect individuals’ privacy. Such cameras should not collect personal data. (Press release dated 5 January 2026)
4. Digital Economy & Competition
Transparency: Arcom publishes its analysis report on the transparency reports of French digital intermediary service providers subject to the European Digital Services Regulation (DSR/DSA). (Arcom report published on 12 January 2026)
Digital economy: Telegram is affected by the freezing of approximately €427 million in Russian bonds, blocked due to international sanctions, limiting the company’s access to these funds despite their scheduled repayment at maturity. (Press release dated January 2026)
Digital economy: The French Financial Markets Authority (AMF) and the French Prudential Supervision and Resolution Authority (ACPR) warn the public about several players offering unauthorised services in France related to Forex trading and crypto-assets, exposing investors to high risks of financial loss and fraud. (Press release from the AMF and ACPR dated January 2026)
Audiovisual: A recent study by the European Audiovisual Observatory explains that the news media sector in Europe has been profoundly transformed by digital technologies, shifting from a traditional model (press and broadcasting) to ecosystems dominated by social media and AI. The report highlights the importance of new European regulatory frameworks and media literacy. (Press release dated 18 December 2025)
5. Artificial Intelligence
5.1. Copyright in the age of AI
.
5.2. Regulation and supervision
Deepfake : Faced with criticism, X finally decided to update Grok’s terms of use to limit the creation of sexual deepfakes. This decision follows numerous pressures on the social network, including the opening of an investigation by the OFCOM (the British telecommunications regulator) on January 12. In France, the High Commissioner for Children, Sarah El Haïry, announced that she would refer the matter to the European Commissioner for Digital Sovereignty, arguing that deepfakes fall under the scope of the DSA and DMA. (Post on X on the 14th of January).
Deepfake: In France, several ministers have reported to the judicial authorities and the Pharos platform sexual content generated without consent by X’s Grok AI tool, leading to the extension of an ongoing judicial investigation into these deepfakes and their possible criminal violations. (Press release dated 2 January 2026)
AI: Google and start-up Character.AI have reached amicable agreements to settle several lawsuits in the United States brought by families who claim that chatbots contributed to the suicide or serious injury of minors, without the details of the settlements being made public. (Press release dated 7 January 2026)
AI: In its ‘flash interference’ #117, the DGSI warns of the risks associated with the use of artificial intelligence in companies, in particular attempts at interference via deepfakes, the exposure of confidential documents, and excessive dependence on AI tools, which can reduce human vigilance and encourage fraud. (Flash Ingérence #117, December 2025)
AI/Mental health: At the end of 2025, China proposed the strictest regulations for AI ‘companions’. The aim is to prohibit any incitement to violence, suicide or emotional dependence by requiring platforms to regularly remind users that they are interacting with a machine, with a view to preventing psychological and social abuse. (Official press release dated 27 December 2025)
AI/Health: A study has highlighted the fact that artificial intelligence is enabling the proliferation of websites offering fake obesity drugs (such as Ozempic, Wegovy and Mounjaro) using deepfakes, fake health authority logos and misleading promotions. These practices are carried out with the aim of deceiving consumers and pose major health risks. (Study published on 21 November 2025)
6. Intellectual Property & Counterfeiting
6.1. Legal actions and proceedings
IA : Actor Matthew McConaughey is taking the lead in combating AI abuses by legally protecting his image and voice as trademarks. He has obtained approval to register eight trademarks with the USPTO. This move gives the actor a solid legal basis to take action against any unauthorized use of his voice and prevent deepfakes. According to McConaughey, the main objective of this move is to “create a clear perimeter around ownership” in the era of widespread AI. His initiative could well inspire other celebrities to do the same. (Press release January 15, 2026).
Anti-piracy: Cloudflare has been fined €14.2 million by Italian regulator AGCOM for failing to block access to pirate sites via its public DNS service 1.1.1.1. In response, Cloudflare denounced the measure as ‘Internet censorship’ and threatened to withdraw its servers from Italy, discontinue its free cybersecurity services for local users, and cancel its planned investments in the country. (Decision of the Italian authority published on 8 January 2026)
Complaint/DMCA: X (formerly Twitter) has filed a complaint against the National Music Publishers’ Association (NMPA) and several major music publishers (including Sony, Universal and Warner Chappell), accusing them of ‘weaponising’ the DMCA to force a commercial partnership. According to the complaint, after X refused to sign an agreement in 2021, the NMPA launched a massive campaign of takedown notices targeting more than 200,000 posts and resulting in the suspension of more than 50,000 users. (Complaint filed by X on 9 January 2026)
Anti-piracy: The High Court of New Delhi has granted Disney, Netflix, Crunchyroll and other film giants a new order to block pirate sites, targeting notorious platforms. This decision, which relies on domain name registries and even foreign governments, seeks to have a global impact, although some sites remain accessible by changing domains. (Court order issued on 18 December 2025)
Shadow library: The underground library Anna’s Archive has lost access to its main .org domain name, which has been suspended by the relevant registry, making the site temporarily inaccessible via this address. However, the platform remains accessible via alternative domains. (Press release dated January 2026)
Copyright: The Court of Cassation has clarified that a person’s participation in an interview is not sufficient in itself to confer co-authorship under copyright law; only an original contribution to the conception or structure of the work can be considered. (Court of Cassation ruling dated 15 October 2025)
Counterfeiting/Parasitism: In a ruling dated 5 November 2025, the Paris Judicial Court convicted the leader of the ‘Les Survivants’ movement for counterfeiting and parasitism after he affixed 10,000 anti-abortion stickers that reproduced the Vélib’ logo without authorisation. The judges ruled that freedom of expression did not justify this infringement of the City of Paris’ copyright, as the message could be disseminated by other means. (Decision of the Paris Judicial Court, No. 23/13625, 5 November 2025)
6.2. Regulation and supervision
IPTV: Arcom reiterates that IPTV is legal as a technology, but that certain offerings are illegal when they provide unauthorised access to copyright-protected content, particularly audiovisual channels and events. (Arcom press release dated 8 January 2026)
.
7. Regulation & Justice
7.1. French law
.
7.2. European law
Digital sovereignty: In early January 2026, the European Commission launched a public call for contributions on its future open-source strategy, which aims to strengthen Europe’s digital sovereignty by promoting the development and commercialisation of European free software. Contributions are expected by 3 February 2026. (Call for contributions)
Protection of minors: The European Commission has proposed extending the 2021 temporary regulation (EU 2021/1232) until 3 April 2026, which allows for a derogation from the ePrivacy Directive to facilitate the detection and reporting of online child sexual abuse. This extension aims to avoid a legal vacuum pending the adoption of a permanent legislative framework. (Press release dated 19 December 2025)
DSA / VLOP : Zalando’s appeal against a General Court ruling challenging its classification under the Digital Services Act was published in the EU’s Official Journal on Monday. The online retailer of shoes, fashion, and accessories put forward six legal grounds, arguing that it is not an online platform within the meaning of the DSA, that user exposure was wrongly presumed, and that the EU judges misapplied the rules on hosting services. It also claimed that the court reversed the burden of proof, violated its rights of defense, and undermined legal certainty. (Appeal before the CJEU against the judgment of the EU General Court of 3 September 2025)
