1. Cybercrime & Cybersecurity
1.1. Cybercrime
Shutdown of First VPN: On May 19, 2026, during an international operation led by French and Dutch law enforcement authorities, the First VPN service—widely used by cybercriminals to conceal their identities—was taken down (Press release on May 21th 2026)
Phishing: Russia is accused of compromising hundreds of Signal accounts through targeted phishing campaigns, primarily aimed at political opponents and journalists in order to gain access to their secure communications. (Press release dated 27 April 2026)
1.2. Cybersecurity
EU: The Council has extended sanctions against those involved in cyberattacks threatening the Union until May 2027, including asset freezes and travel bans, in order to deter malicious activities and ensure a secure cyberspace. (press release, 11 May 2026)
Study: In its 2025 report published on 4 May 2026, the National Information Systems Security Authority (ANSSI) recorded 3,586 security incidents, a figure down 22% on the previous year, largely due to the end of the spike linked to the 2024 Olympic Games. The agency nevertheless highlights an increasingly sophisticated and diffuse threat, marked by a resurgence in the misuse of legitimate tools and compromises of cloud services. (ANSSI 2025 Activity Report dated 4 May 2026)
Zero-day exploit: Google has detected, for the first time, a ‘zero-day’ exploit developed with the aid of artificial intelligence, used to bypass two-factor authentication via a logic flaw in an open-source web administration tool, illustrating the growing integration of AI models into cybercriminal attack chains (Google Threat Intelligence Group press release, 11 May 2026)
SGDSN 2025 Activity Report: The General Secretariat for Defense and National Security has published its 2025 report. It highlights a significant deterioration in the global strategic environment and the state’s growing role in interministerial coordination in response to cyber, information, and military crises. (Report on April 29th, 2026)
ANSSI Report: The National Agency for the Security of Information Systems has released its 2025 annual report. The report reviews the measures taken to strengthen France’s cybersecurity in the face of increasingly widespread, sophisticated, and geopolitical threats. (Report on May 4th, 2026)
COMCYBER: The Ministry of the Interior’s 2026 Annual Report on Cybercrime, drafted by the Ministry of the Interior’s Cyber Command (COMCYBER-MI), was published on 24 April 2026 (Press release of 29 April 2026).
Report: Europol’s IOCTA 2026 report highlights the escalation of cyber threats in the EU, driven by encryption, cryptocurrencies and AI. Ransomware, automated fraud and the online sexual exploitation of children remain major risks, calling for enhanced international cooperation. (Press release dated 28 April 2026)
2. Desinformation and information warfare
Study: According to the AFP’s 2025 Digital Investigation Report (press release dated April 2026), artificial intelligence now poses the greatest threat to information integrity. It facilitates the manipulation of discourse, whether intentional or not. Such manipulation may be driven by ideological or financial motives, heightening the risks of disinformation. (Press release, April 2026).
Report: According to Science Feedback, TikTok remains the platform most affected by disinformation in Europe, accounting for the highest proportion of misleading content among major platforms, which confirms a structural issue linked to its distribution mechanisms. (Report dated 16 March 2026)
Combating disinformation: The Ministry of the Economy has launched “Bercy décode”, an initiative that provides fact-checking and educational analysis on social media and the ministry’s website to enable citizens to access reliable, well-sourced and understandable information and to combat the spread of false information (Press release of 4 May 2026).
Disinformation: The first National Strategy to Combat Manipulation of Information of Foreign Origin has been adopted by the President of the Republic, with the aim of equipping France with enhanced means to guarantee an information space based on freedom of expression and the plurality of opinions. (National Strategy to Combat Manipulation of Information 2026–2030)
Combating disinformation: Adopted in February 2026, France’s first national strategy aims to combat the manipulation of information of foreign origin. Led by the SGDSN, it seeks to better protect public debate against digital interference. It strengthens society’s resilience, regulates the activities of platforms and AI, and develops European and international cooperation. (Press release of 11 February 2026)
3. Personal data and privacy
3.1. Data breaches and incidents
Data breach: Three French travel groups have suffered data breaches affecting more than 5 million customers. The stolen information (bookings, personal data) could be used for fraudulent purposes, highlighting security flaws and the risk of GDPR penalties. (Press release dated 18 May 2026)
3.2. Penalties and regulations
CNIL: Data protection appears to be a key factor in the success of the digital euro, with the authorities emphasising the need to ensure a high level of privacy in order to bolster public confidence in the face of dominant private-sector solutions. (Press release of 13 May 2026)
Report: The CNIL’s 2025 report highlights a sharp rise in complaints, data breaches and penalties, with a particular focus on cybersecurity and AI regulation. The authority is stepping up its monitoring and support activities in response to the growing risks associated with personal data. (Press release dated 18 May 2026)
News: Disney has reached a settlement with the California Attorney General for misleading users regarding their right to delete their data. The opt-out options on its streaming services were incomplete. The company will pay $2.75 million and must rectify its data deletion mechanisms. (Press release dated 4 May 2026)
Compliance: Following a ruling by the CJEU, the Council of State has ruled that Arcom’s ‘graduated response’ to piracy is not in line with European law. The scheme infringes on privacy by allowing excessive data cross-referencing without sufficient judicial oversight. It orders the Government to review the legal framework, with stricter transitional rules on data access. (Press release dated 30/04/2026)
4. Digital Economy and Competition
Governance: Bitwarden has raised concerns following low-key changes to its leadership and communication strategy, with certain values—such as transparency, inclusion and free access—temporarily falling by the wayside. Despite recent assurances, these developments raise questions about the service’s future direction. (Press release dated 19 May 2026)
Web Content / AI: A report co-authored by the head of the Wayback Machine at the Internet Archive reveals that approximately 35% of newly published websites are generated by or with the help of artificial intelligence. Before the launch of ChatGPT in 2022, this phenomenon was very rare. However, the report does not show a significant increase in misinformation. (Report on April 30th, 2026)
5. Artificial Intelligence
5.1. Copyright in the age of IA
Human Consent Standard: RSL Media announces the launch of a nonprofit organization dedicated to protecting human consent in the age of AI. Co-founded by Cate Blanchett, among others, the project aims to empower everyone, whether artists or ordinary individuals, to decide how their works, voices, images, or identities may be used by artificial intelligence systems. The organization is introducing the “RSL Human Consent Standard,” an open, machine-readable standard. (Press release on May 12th, 2026)
Lawsuit: A group of US publishers is seeking $19.5 million in damages and an injunction to seize the domain of the “shadow” library Anna’s Archive for massive copyright infringement. (Copy of the publishers’ legal memorandum in support of the application for a default judgment dated 7 May 2026)
AI Training: More than 80 organizations from the cultural, publishing, music, and media sectors are calling for the swift adoption of French legislation to regulate the use of copyrighted works for training generative AI. Cultural stakeholders denounce the “massive plundering” of content by AI models and demand greater transparency regarding training data. (Press release on May 5th, 2026)
5.2. Regulation and supervision
Transparency and AI: The European Commission has launched a public consultation on its guidelines on AI transparency, aimed at clarifying the obligations of providers of general-purpose AI models under the AI Act. (Draft guidelines on AI transparency dated 8 May 2026)
AI: Decree No. 2026-70, which aims to expand the remit of VIGINUM, notably through the creation of an AI model for exclusively defensive purposes, was published in the Official Journal on 12 February 2026. (Decree No. 2026-70 of 11 February 2026 on the remit and resources of the service for vigilance and protection against foreign digital interference)
6. Intellectual Property and counterfeiting
6.1. Legal actions and proceedings
Press: The Court of Justice of the European Union has dismissed Meta’s appeal, thereby confirming that the US tech giant must comply with legislation on related rights. This ruling requires the company to negotiate remuneration with news publishers for the use of their content on its platforms. (Judgment of the Court of Justice of the European Union dated 12 May 2026, Case C-797/23)
Obelix trade mark: The General Court of the European Union has annulled the EUIPO’s decision refusing to cancel the word mark ‘Obelix’ registered for weapons, ammunition and explosives, finding that the Office had failed to take sufficient account of the reputation of the earlier trade mark operated by Les Éditions Albert René and the risk of association with the Asterix and Obelix universe (Press release of the General Court of the European Union of 13 May 2026)
Copyright / Meta: Five publishers, including Hachette Book Group, have filed a class-action lawsuit in New York against Meta and Mark Zuckerberg. The publishers accuse the company of extensively using copyrighted books, textbooks, and scientific articles to train its AI models without authorization or compensation. (Press release on May 5th, 2026)
Streaming/IPTV: On 17 April 2026, the Paris Commercial Court ordered search engines (Google, Microsoft), ISPs (Orange, Free, etc.) and the Proton VPN to block or delist 21 websites and IPTV services illegally broadcasting Formula 1 in order to protect Canal+’s broadcasting rights (Paris Judicial Court, 17/04/2026, 26/00511; 26/00512; 26/00520) .
Streaming/IPTV: On 17 April 2026, the Paris Commercial Court ordered several ISPs, VPNs, DNS providers, CDNs and search engines to block or delist 16 websites and IPTV services illegally broadcasting the 2026 MotoGP races to protect Canal+’s broadcasting rights (Paris Commercial Court, 17/04/2026, 26/00502, 26/00503, 26/00504, 26/00505, 26/00506, 26/00507, 26/00508, 26/00509, 26/00510).
6.2. Regulation and supervision
Ruling: The General Court of the EU has annulled a decision by EUIPO concerning the ‘Obelix’ trademark, ruling that the Office had incorrectly assessed its reputation and the risk of damage to that reputation. The case, relating to an application for unrelated goods (weapons), strengthens the protection of well-known trademarks and requires a more rigorous overall analysis. (Press release dated 13 May 2026)
IPTV / Roland Garros: The 2026 edition of the Roland Garros tournament will serve as a test for a new French strategy to combat IPTV piracy of sporting events. The goal is to block illegal streams in real time during the tournament. Led by Arcom, this pilot project is part of a broader reform to combat piracy in France. (Press release on May 13th, 2026)
Decision: The court considers that time-shifting via set-top boxes constitutes a transient technical reproduction incidental to the service, within the meaning of Article L.122-5(6) of the Intellectual Property Code. It therefore does not constitute a genuine, independent private copy. Consequently, remuneration for private copying is ruled out. (Paris Regional Court, 7 May 2026, 22/08444).
Ruling: The Court rules that Member States may provide for fair remuneration for press publishers when they authorise the online use of their publications, in order to ensure fair economic compensation. (Ruling of the Court (Grand Chamber) of 12 May 2026, Meta Platforms Ireland Limited v Autorità per le Garanzie nelle Comunicazioni)
Online piracy of copyrighted works: The Council of State rules that the “graduated response” system designed to combat online piracy of copyrighted works does not comply with European law and orders the government to bring the system into compliance (Press release on April 30th, 2026).
7. Regulation & Justice
7.1. French Law
Dangerous products: Inspections carried out by the DGCCRF since 2025 show that 46% of products tested on major foreign marketplaces are non-compliant and dangerous. More than 100,000 items, many of which are for children, have been withdrawn. Consumers are urged to be vigilant. (Press release dated 29 April 2026)
7.2. European Law
Advertising: A report by the European Audiovisual Observatory provides an overview of the rules governing advertising for alcohol, gambling, financial services and health. Based on the Audiovisual Media Services Directive (AVMSD), the regulations are often strengthened at national level and extend to streaming platforms and influencers. (Press release dated 5 May 2026)
DSA: The European Commission has issued a formal notice to Croatia for incorrect application of the DSA, criticising the insufficient powers of its national coordinator, particularly with regard to sanctions. The country has two months to comply. (Press release dated 29/04/2026)
