1. Cybercrime & Cybersecurity
1.1. Cybercrime
Crypto money laundering: An international operation coordinated by Europol and Eurojust has dismantled a cryptocurrency money laundering service used by ransomware groups. The ‘AudiA6’ platform, which was active between 2022 and 2025, is believed to have laundered approximately €336 million in illicit funds. The operation led to the arrest of two alleged administrators, the seizure of servers and domains, and the freezing of crypto-asset funds. (Europol press release of 11 June 2026)
Cybercrime: The French authorities have announced the dismantling of the ‘DumpSec’ hacking group, which specialised in the theft and resale of personal data. The operation led to the arrest of several individuals and the identification of numerous victims from a range of public and private organisations, with millions of records potentially compromised. (Press release dated 11 June 2026)
Shutdown of First VPN: On May 19, 2026, during an international operation led by French and Dutch law enforcement authorities, the First VPN service—widely used by cybercriminals to conceal their identities—was taken down (Press release on May 21th 2026)
Phishing: Russia is accused of compromising hundreds of Signal accounts through targeted phishing campaigns, primarily aimed at political opponents and journalists in order to gain access to their secure communications. (Press release dated 27 April 2026)
1.2. Cybersecurity
Expansion of the Digital Agency for Internal Security scope of responsibilities: The Digital Agency for Internal Security Forces is expanding its scope of responsibilities. It will now be able to address issues related to cybersecurity, data, artificial intelligence, cloud computing, and the development of digital services shared by internal security forces. (Press release dated June 17, 2026)
EU: The Council has extended sanctions against those involved in cyberattacks threatening the Union until May 2027, including asset freezes and travel bans, in order to deter malicious activities and ensure a secure cyberspace. (press release, 11 May 2026)
Study: In its 2025 report published on 4 May 2026, the National Information Systems Security Authority (ANSSI) recorded 3,586 security incidents, a figure down 22% on the previous year, largely due to the end of the spike linked to the 2024 Olympic Games. The agency nevertheless highlights an increasingly sophisticated and diffuse threat, marked by a resurgence in the misuse of legitimate tools and compromises of cloud services. (ANSSI 2025 Activity Report dated 4 May 2026)
Zero-day exploit: Google has detected, for the first time, a ‘zero-day’ exploit developed with the aid of artificial intelligence, used to bypass two-factor authentication via a logic flaw in an open-source web administration tool, illustrating the growing integration of AI models into cybercriminal attack chains (Google Threat Intelligence Group press release, 11 May 2026)
SGDSN 2025 Activity Report: The General Secretariat for Defense and National Security has published its 2025 report. It highlights a significant deterioration in the global strategic environment and the state’s growing role in interministerial coordination in response to cyber, information, and military crises. (Report on April 29th, 2026)
ANSSI Report: The National Agency for the Security of Information Systems has released its 2025 annual report. The report reviews the measures taken to strengthen France’s cybersecurity in the face of increasingly widespread, sophisticated, and geopolitical threats. (Report on May 4th, 2026)
COMCYBER: The Ministry of the Interior’s 2026 Annual Report on Cybercrime, drafted by the Ministry of the Interior’s Cyber Command (COMCYBER-MI), was published on 24 April 2026 (Press release of 29 April 2026).
Report: Europol’s IOCTA 2026 report highlights the escalation of cyber threats in the EU, driven by encryption, cryptocurrencies and AI. Ransomware, automated fraud and the online sexual exploitation of children remain major risks, calling for enhanced international cooperation. (Press release dated 28 April 2026)
2. Desinformation and information warfare
Cybercrime: The French authorities have announced the dismantling of the ‘DumpSec’ hacking group, which specialised in the theft and resale of personal data. The operation led to the arrest of several individuals and the identification of numerous victims from a range of public and private organisations, with millions of records potentially compromised. (Press release dated 11 June 2026)
Digital interference: The Paris Public Prosecutor’s Office has launched an investigation to determine whether several LFI candidates in the local elections were targeted by a foreign interference operation involving, in particular, disinformation campaigns, fake content and digital manipulation disseminated online in the potential interests of a third country (Press release of 26 May 2026)
Study: According to the AFP’s 2025 Digital Investigation Report (press release dated April 2026), artificial intelligence now poses the greatest threat to information integrity. It facilitates the manipulation of discourse, whether intentional or not. Such manipulation may be driven by ideological or financial motives, heightening the risks of disinformation. (Press release, April 2026).
Report: According to Science Feedback, TikTok remains the platform most affected by disinformation in Europe, accounting for the highest proportion of misleading content among major platforms, which confirms a structural issue linked to its distribution mechanisms. (Report dated 16 March 2026)
Combating disinformation: The Ministry of the Economy has launched “Bercy décode”, an initiative that provides fact-checking and educational analysis on social media and the ministry’s website to enable citizens to access reliable, well-sourced and understandable information and to combat the spread of false information (Press release of 4 May 2026).
Disinformation: The first National Strategy to Combat Manipulation of Information of Foreign Origin has been adopted by the President of the Republic, with the aim of equipping France with enhanced means to guarantee an information space based on freedom of expression and the plurality of opinions. (National Strategy to Combat Manipulation of Information 2026–2030)
Combating disinformation: Adopted in February 2026, France’s first national strategy aims to combat the manipulation of information of foreign origin. Led by the SGDSN, it seeks to better protect public debate against digital interference. It strengthens society’s resilience, regulates the activities of platforms and AI, and develops European and international cooperation. (Press release of 11 February 2026)
3. Personal data and privacy
3.1. Data breaches and incidents
Tchap Messaging Service: A security incident has been detected on the Tchap government messaging service following the compromise of a user account. Access has been blocked and protective measures have been put in place, whilst investigations are underway to determine the extent of the data that may have been accessed. (DINUM press release, 8 June 2026)
Data Breach: A government platform that connects volunteers with nonprofit organizations was the victim of a cyberattack. Approximately 550,000 accounts were affected by a data breach. (Press release on June 16th 2026)
Use of Confidential Information: A Google engineer accused of using confidential information to make $1.2 million on Polymarket is being sued for insider trading (Press release dated May 27, 2026).
Data breach: Three French travel groups have suffered data breaches affecting more than 5 million customers. The stolen information (bookings, personal data) could be used for fraudulent purposes, highlighting security flaws and the risk of GDPR penalties. (Press release dated 18 May 2026)
3.2. Penalties and regulations
Data protection: The Belgian Data Protection Authority has announced its intention to bring more criminal proceedings against data processing practices deemed problematic, arguing that administrative penalties imposed under the GDPR are becoming less effective due to court rulings that have significantly reduced certain fines imposed on companies (Press release of 25 May 2026)
Data Protection: The CNIL has fined IQVIA €5 million for breaches in the handling of sensitive health data. The company failed to comply with rules on security, patient information and the exercise of patients’ rights, despite having obtained the necessary authorisations. It must now rectify these issues promptly, or face further sanctions. (Press release of 28 May 2026)
CNIL: Data protection appears to be a key factor in the success of the digital euro, with the authorities emphasising the need to ensure a high level of privacy in order to bolster public confidence in the face of dominant private-sector solutions. (Press release of 13 May 2026)
Report: The CNIL’s 2025 report highlights a sharp rise in complaints, data breaches and penalties, with a particular focus on cybersecurity and AI regulation. The authority is stepping up its monitoring and support activities in response to the growing risks associated with personal data. (Press release dated 18 May 2026)
News: Disney has reached a settlement with the California Attorney General for misleading users regarding their right to delete their data. The opt-out options on its streaming services were incomplete. The company will pay $2.75 million and must rectify its data deletion mechanisms. (Press release dated 4 May 2026)
Compliance: Following a ruling by the CJEU, the Council of State has ruled that Arcom’s ‘graduated response’ to piracy is not in line with European law. The scheme infringes on privacy by allowing excessive data cross-referencing without sufficient judicial oversight. It orders the Government to review the legal framework, with stricter transitional rules on data access. (Press release dated 30/04/2026)
4. Digital Economy and Competition
Trade sanctions: The DGCCRF has imposed a settlement fine of €35 million on Nintendo for misleading commercial practices relating to faulty controllers. The authority found that consumers had not been adequately informed of a recurring fault that led to avoidable hardware replacements, despite the company being aware of the problem. (DGCCRF press release of 8 June 2026)
Integration of AI into Public Administration: France is launching a strategy to roll out AI across the French public sector. This strategy is expected to focus on digital sovereignty, the productivity of public services, and training for public servants. (Press release on June 16, 2026)
Shein Fined: The General Directorate for Competition, Consumer Affairs, and Fraud Prevention, has imposed an administrative fine of 22 million euros on Shein for serious violations, including failure to comply with the right of withdrawal, withholding mandatory information from consumers, and a lack of transparency regarding the environmental impact of its products (Press release dated June 3, 2026).
Digital sovereignty: The Netherlands has blocked the takeover of the Dutch cloud provider Solvinity by the US company Kyndryl, arguing that the deal posed a risk to the public interest and the country’s sensitive digital infrastructure, notably the government identification system DigiD, illustrating the strengthening of European digital sovereignty policies in the face of foreign investment (Press release of 26 May 2026)
Penalty: The European Commission has fined Temu €200 million for failing to comply with the Digital Services Act and for poor management of risks associated with illegal products. A large number of dangerous items have been identified, putting European consumers at risk. Temu must rectify the situation swiftly, or face further penalties. (Decision of 28 May 2026)
Governance: Bitwarden has raised concerns following low-key changes to its leadership and communication strategy, with certain values—such as transparency, inclusion and free access—temporarily falling by the wayside. Despite recent assurances, these developments raise questions about the service’s future direction. (Press release dated 19 May 2026)
Web Content / AI: A report co-authored by the head of the Wayback Machine at the Internet Archive reveals that approximately 35% of newly published websites are generated by or with the help of artificial intelligence. Before the launch of ChatGPT in 2022, this phenomenon was very rare. However, the report does not show a significant increase in misinformation. (Report on April 30th, 2026)
5. Artificial Intelligence
5.1. Copyright in the age of IA
Human Consent Standard: RSL Media announces the launch of a nonprofit organization dedicated to protecting human consent in the age of AI. Co-founded by Cate Blanchett, among others, the project aims to empower everyone, whether artists or ordinary individuals, to decide how their works, voices, images, or identities may be used by artificial intelligence systems. The organization is introducing the “RSL Human Consent Standard,” an open, machine-readable standard. (Press release on May 12th, 2026)
Lawsuit: A group of US publishers is seeking $19.5 million in damages and an injunction to seize the domain of the “shadow” library Anna’s Archive for massive copyright infringement. (Copy of the publishers’ legal memorandum in support of the application for a default judgment dated 7 May 2026)
AI Training: More than 80 organizations from the cultural, publishing, music, and media sectors are calling for the swift adoption of French legislation to regulate the use of copyrighted works for training generative AI. Cultural stakeholders denounce the “massive plundering” of content by AI models and demand greater transparency regarding training data. (Press release on May 5th, 2026)
5.2. Regulation and supervision
Transparency of AI-Generated Content: A code of best practices published in June 2026 provides a framework for the labeling and marking of AI-generated content. It complements the legal transparency requirements set forth in the AI Act (Article 50), which take effect in August 2026. Although not mandatory, it provides a common framework for demonstrating compliance and combating the risks of manipulation (particularly through deepfakes). (European Commission press release of June 10, 2026)
YouTube Content ID: In 2025, YouTube’s Content ID system processed approximately 2.5 billion copyright claims, an increase of about 14% compared to 2024. (Google Transparency Report 2025)
Generative AI: YouTube is set to roll out a system to automatically detect videos generated or modified using artificial intelligence, with the aim of applying visible labels even when creators do not disclose their use of AI. This is intended to enhance transparency regarding photorealistic content and limit the risks of misinformation and deepfakes on the platform (YouTube press release, 27 May 2026)
Transparency and AI: The European Commission has launched a public consultation on its guidelines on AI transparency, aimed at clarifying the obligations of providers of general-purpose AI models under the AI Act. (Draft guidelines on AI transparency dated 8 May 2026)
AI: Decree No. 2026-70, which aims to expand the remit of VIGINUM, notably through the creation of an AI model for exclusively defensive purposes, was published in the Official Journal on 12 February 2026. (Decree No. 2026-70 of 11 February 2026 on the remit and resources of the service for vigilance and protection against foreign digital interference)
6. Intellectual Property and counterfeiting
6.1. Legal actions and proceedings
Counterfeiting: French customs authorities have helped dismantle Europe’s largest counterfeit perfume factory in Catalonia. The operation led to the seizure of over 1.2 million bottles and large quantities of production equipment, with an estimated value of €95 million. Seven people were arrested. (Press release from the Directorate-General for Customs and Indirect Taxes, 17 February 2026)
Illegal streaming: Bulgaria, with the support of Europol, coordinates the dismantling of nine organized crime groups involved in illegal streaming. (Press release dated June 3, 2026)
Copyright Infringement: The General News Press Alliance has filed a lawsuit against Brave in the Paris Commercial Court for copyright infringement, citing neighboring rights and publishers’ trademark rights (Press Release dated June 1, 2026)
Illegal IPTV: The Paris Commercial Court has ordered the domain registrars Namecheap and Dynadot to block, within three days, twelve domain names and their subdomains that are illegally streaming Ligue 1, Ligue 2 and the Trophée des Champions, in order to protect the LFP’s exclusive broadcasting rights and strengthen legal measures to combat illegal sports streaming (Paris Court of Justice, 13 May 2026, No. 26/05669)
Press: The Court of Justice of the European Union has dismissed Meta’s appeal, thereby confirming that the US tech giant must comply with legislation on related rights. This ruling requires the company to negotiate remuneration with news publishers for the use of their content on its platforms. (Judgment of the Court of Justice of the European Union dated 12 May 2026, Case C-797/23)
Obelix trade mark: The General Court of the European Union has annulled the EUIPO’s decision refusing to cancel the word mark ‘Obelix’ registered for weapons, ammunition and explosives, finding that the Office had failed to take sufficient account of the reputation of the earlier trade mark operated by Les Éditions Albert René and the risk of association with the Asterix and Obelix universe (Press release of the General Court of the European Union of 13 May 2026)
Copyright / Meta: Five publishers, including Hachette Book Group, have filed a class-action lawsuit in New York against Meta and Mark Zuckerberg. The publishers accuse the company of extensively using copyrighted books, textbooks, and scientific articles to train its AI models without authorization or compensation. (Press release on May 5th, 2026)
Streaming/IPTV: On 17 April 2026, the Paris Commercial Court ordered search engines (Google, Microsoft), ISPs (Orange, Free, etc.) and the Proton VPN to block or delist 21 websites and IPTV services illegally broadcasting Formula 1 in order to protect Canal+’s broadcasting rights (Paris Judicial Court, 17/04/2026, 26/00511; 26/00512; 26/00520) .
Streaming/IPTV: On 17 April 2026, the Paris Commercial Court ordered several ISPs, VPNs, DNS providers, CDNs and search engines to block or delist 16 websites and IPTV services illegally broadcasting the 2026 MotoGP races to protect Canal+’s broadcasting rights (Paris Commercial Court, 17/04/2026, 26/00502, 26/00503, 26/00504, 26/00505, 26/00506, 26/00507, 26/00508, 26/00509, 26/00510).
6.2. Regulation and supervision
Illegal sports streaming: the Regulatory Authority for Audiovisual and Digital Communications is stepping up its fight against online sports piracy ahead of the 2026 FIFA World Cup. Arcom is directly targeting the technical infrastructure of pirate sites with an IP address blocking system that is more responsive and harder to circumvent than simply blocking domain names. (Press release on June 16, 2026)
Ruling: The General Court of the EU has annulled a decision by EUIPO concerning the ‘Obelix’ trademark, ruling that the Office had incorrectly assessed its reputation and the risk of damage to that reputation. The case, relating to an application for unrelated goods (weapons), strengthens the protection of well-known trademarks and requires a more rigorous overall analysis. (Press release dated 13 May 2026)
IPTV / Roland Garros: The 2026 edition of the Roland Garros tournament will serve as a test for a new French strategy to combat IPTV piracy of sporting events. The goal is to block illegal streams in real time during the tournament. Led by Arcom, this pilot project is part of a broader reform to combat piracy in France. (Press release on May 13th, 2026)
Decision: The court considers that time-shifting via set-top boxes constitutes a transient technical reproduction incidental to the service, within the meaning of Article L.122-5(6) of the Intellectual Property Code. It therefore does not constitute a genuine, independent private copy. Consequently, remuneration for private copying is ruled out. (Paris Regional Court, 7 May 2026, 22/08444).
Ruling: The Court rules that Member States may provide for fair remuneration for press publishers when they authorise the online use of their publications, in order to ensure fair economic compensation. (Ruling of the Court (Grand Chamber) of 12 May 2026, Meta Platforms Ireland Limited v Autorità per le Garanzie nelle Comunicazioni)
Online piracy of copyrighted works: The Council of State rules that the “graduated response” system designed to combat online piracy of copyrighted works does not comply with European law and orders the government to bring the system into compliance (Press release on April 30th, 2026).
7. Regulation & Justice
7.1. French Law
Dangerous products: Inspections carried out by the DGCCRF since 2025 show that 46% of products tested on major foreign marketplaces are non-compliant and dangerous. More than 100,000 items, many of which are for children, have been withdrawn. Consumers are urged to be vigilant. (Press release dated 29 April 2026)
7.2. European Law
Digital Sovereignty and AI: The European Commission has presented a package of measures aimed at strengthening the European Union’s technological autonomy, particularly in the fields of artificial intelligence, semiconductors and cloud computing. The package includes investment and enhanced coordination between Member States to support European industrial and digital capabilities. (European Commission press release, 10 June 2026)
Digital Omnibus: The European Data Protection Board opposes any reform of the future “Digital Omnibus” regulation that would weaken the definition of personal data or reduce the safeguards provided for under the GDPR. (Press release on June 11th 2026)
Digital Markets Act: the General Court annuls the decision designating Meta as a gatekeeper as regards Marketplace (T‑1078/23)
Advertising: A report by the European Audiovisual Observatory provides an overview of the rules governing advertising for alcohol, gambling, financial services and health. Based on the Audiovisual Media Services Directive (AVMSD), the regulations are often strengthened at national level and extend to streaming platforms and influencers. (Press release dated 5 May 2026)
DSA: The European Commission has issued a formal notice to Croatia for incorrect application of the DSA, criticising the insufficient powers of its national coordinator, particularly with regard to sanctions. The country has two months to comply. (Press release dated 29/04/2026)
