1. Cybercrime & Cybersecurity
1.1. Cybercrime
Cybercrime: According to Cloudflare’s Q3 2025 DDoS report, the Aisuru botnet, which is estimated to control between 1 and 4 million infected hosts, launched 1,304 ‘hyper-volumetric’ attacks, including a record attack peaking at 29.7 Tbps, the largest ever recorded. it should be noted that this attack failed. (Cloudflare press release dated 3 December 2025)
Cybercrime: According to a report released on 1 December 2025 by Koi Security, the ShadyPanda group orchestrated a campaign of malicious browser extensions, released in 2018 and appearing to be legitimate, which several years later were transformed into malware capable of spying on and controlling users’ browsers. (Koi Security press release dated 1 December 2025)
Cybercrime & Cybersecurity: On 4 December 2025, Europol announced the dismantling of a vast international cryptocurrency fraud and money laundering network responsible for more than €700 million in illicit funds. Nine suspects were arrested, and fraudulent platforms and crypto-asset holdings were seized. (Europol press release dated 4 December 2025)
Cybercrime: From 24 to 28 November 2025, Europol coordinated a joint operation with Switzerland and Germany to dismantle the cryptocurrency mixing service ‘Cryptomixer’, suspected of facilitating money laundering and cybercrime. The operation led to the seizure of €25 million in cryptocurrencies and aims to disrupt illicit financial flows linked to online criminal activities. (Press release dated 1 December 2025)
Cybercrime: In South Korea, four hackers exploited weak passwords (often default ones) to take control of more than 120,000 IP cameras, mainly installed in homes and sensitive locations. The stolen images, some of which were intimate, were sold to voyeuristic or pornographic websites, fuelling an illegal market and reigniting the debate on the lack of security of connected devices. (Press release dated 1 December 2025)
Cyberattack: Colis Privé suffered a cyberattack at the end of November 2025, during which a group of French hackers stole the contact details (surname, first name, address, email, telephone number) of 15 million customers, without compromising any banking information or passwords. (Press release dated 24 November 2025)
Cybercrime: Salesforce announced that it had detected unusual activity related to third-party application OAuth tokens, potentially allowing unauthorised access to customer data. The company revoked the compromised tokens and temporarily removed the Gainsight application from its marketplace to prevent any misuse. (Salesforce press release dated 20 November 2025)
Outage: American giant Cloudflare (an online hosting service) has suffered a global outage, making it impossible to access numerous websites and internet services. (Press release dated 18 November 2025)
Cyberattack: Eurofiber, a leader in digital infrastructure, suffered a cyberattack in France on 13 November. Cyberattackers gained access to data from thousands of major organisations such as SNCF, Orange and Auchan. (Press release dated 16 November 2025)
Child sexual abuse: The Directorate-General for Competition, Consumer Affairs and Fraud Control (DGCCRF) has referred the matter to the public prosecutor after finding that Shein was selling child-like sex dolls, which are proven to be child pornography, reminding the public that the distribution of such content is punishable by up to seven years in prison and a fine of €100,000. (Press release dated 1 November 2025)
Cybercrime: Following an operation carried out by the French National Court for Combating Organised Crime and the judicial authorities in Belgium and Cyprus, nine individuals were arrested at their homes on European arrest warrants for fraud involving fake cryptocurrency investments. A total of nearly €1,615,000 was seized. (Press release from the Paris Judicial Court dated 3 November 2025)
Cybercrime: A preliminary investigation has been launched into offences related to the provision of online platforms facilitating organised illegal transactions, organised cyberattacks and pro-suicide propaganda. The investigations aim in particular to verify whether the algorithms comply with their transparency obligations towards users and whether they disseminate content promoting suicide. (Press release from the Paris Judicial Court dated 4 November 2025)
Cybercrime: According to a recent study conducted by Bitdefender, pro-Russian hackers are using virtual environments to discreetly infiltrate their targets’ networks. The Curly COMrades group deploys virtual machines on Windows systems in order to maintain a lasting and invisible presence within the targeted infrastructures. (Press release dated 4 November 2025)
1.2. Cybersecurity
Counter-terrorism: Europol and its partners conducted an operation on 13 November 2025 to combat online radicalisation via gaming platforms. The EU Internet Referral Unit (EU IRU) identified and reported thousands of links to illegal content, including 5,408 to jihadist content, 1,070 to violent far-right extremism and 105 to racist or xenophobic content. (Press release dated 17 November 2025)
Cybersecurity: ClickFix is a new form of phishing that encourages victims to manually copy and paste a command into their terminal, causing malware to be installed. This technique bypasses antivirus software because the execution comes directly from the user. Cybersecurity authorities and services, including the Ohio State University IT Security Office, are warning of an increase in these attacks targeting Windows systems. (Press release dated 11 November 2025)
Digital hygiene: A sophisticated phishing campaign is currently targeting Sephora customers under the guise of a fake ‘free’ offer for an Advent calendar from the brand. The message, with its polished design and credible visual identity, redirects to a fraudulent site aimed at collecting victims’ bank details. (Press release dated 13 November 2025)
Cybersecurity & crime prevention: 1,025 servers belonging to a cybercrime infrastructure used for DDoS, phishing and spear phishing attacks have been dismantled in a coordinated operation led by Europol with national authorities in eight countries. (Press release dated 13 November 2025)
2. Disinformation & Information Warfare
Influence warfare: On 28 November 2025, the DGCCRF organised a morning event devoted to new forms of commercial influence, in particular the use of cognitive biases and digital technologies to influence purchasing behaviour, in order to discuss the issue with experts and explore the appropriate legal framework. (Press release from the Ministry of Economy dated 4 December 2025)
Information warfare and influence: The White House has published its new national security strategy with the objectives of applying the Monroe Doctrine, American domination of the Western Hemisphere, adjusting military presence to prioritise American national security, strengthening cybersecurity, and promoting ‘patriotic’ freedom of expression and traditional American values in order to combat foreign propaganda (China, Russia, Iran) and cultural warfare (‘woke ideologies’ and ‘cancel culture’). (White House press release, 5 December 2025)
Disinformation: The Disinfo.eu report analyses the transparency challenges posed by the algorithmic amplification of disinformation, drawing on regulatory and legal actions taken in Germany. It highlights the limitations of current frameworks for controlling the impact of algorithms on the spread of false information, while drawing lessons for strengthening European regulation. (Report on transparency issues dated 24 November 2025)
Crisis preparedness/disinformation: The French government has published a guide entitled ‘Tous responsables’ (We are all responsible) to help citizens prepare for emergencies such as natural disasters, terrorist attacks, cyberattacks and armed conflict. The document provides practical advice, such as how to put together an emergency kit and what to do in an emergency, and emphasises the importance of remaining vigilant in the face of disinformation campaigns and AI-manipulated content. (French Government press release dated 16 November 2025)
Disinformation: The European Commission presents a ‘democratic shield’ aimed at strengthening resilience against foreign interference, information manipulation and deepfakes, notably through the creation of a European crisis centre and a multilingual network of fact-checkers. (European Commission press release dated 12 November 2025)
Disinformation: A report recently published by Norma analyses French and European legal tools for combating information manipulation, highlighting their limitations in the face of evolving threats (fake news, foreign interference). It emphasises the importance of the European Digital Services Act (DSA) and the need for better cooperation between states and platforms to protect democracy and trust in information. (Report entitled ‘Legal aspects of information manipulation’ dated 26 September 2025)
Disinformation: Disinformation ‘made in the USA’, promoted in particular by the Trump administration, poses a serious threat to global health by promoting dangerous treatments, questioning vaccines on the basis of flawed studies, and appointing controversial figures to key positions, thereby undermining decades of scientific consensus. (Press release from the Observatory of Information and Influence Strategies dated 3 November 2025)
Disinformation: A study conducted by NATO’s Strategic Communications Centre of Excellence analysed the links between Russian propaganda (official texts and television media) and military actions during the war in Ukraine between October 2021 and March 2022. Despite extensive investigation, no clear warning signs of hostile information activities heralding the invasion were identified. (Press release dated 5 November 2025)
3. Personal Data & Privacy
3.1. Data breaches and incidents
Data breach: On 1 December 2025, France Travail announced that it had suffered another cyberattack, exposing the personal data (surname, first name, social security number, contact details) of around 1.6 million young people supported by the Missions Locales. The attack was made possible by the hacking of an agent’s account, allowing the attacker to create two new accounts to view the files of the young people being supported. (Press release dated 1 December 2025)
Data breach: Logitech confirmed that it had suffered a cyberattack after a week of silence and rumours, acknowledging that a group of hackers (Clop) had exploited a vulnerability in third-party software to steal internal data. The company insists that the incident did not affect its operations or products, and that no sensitive personal data was compromised. (Report submitted to the US authorities on 14 November 2025)
Data breach: Pajemploi, an administrative service of Urssaf, was the victim of a cyberattack, compromising the personal data of more than 1.2 million users. (Press release dated 17 November 2025)
Data breach: The French Shooting Federation (FFTir) suffered a cyberattack in October 2025, exposing the personal data (civil status, contact details, licence number) of 274,000 licence holders. Cybermalveillance.gouv.fr warns of the risks of identity theft and scams by fake police officers or gendarmes and calls for vigilance in the face of suspicious calls or messages. (Press release dated 7 November 2025)
3.2. Penalties and regulations
Personal data: The Court of Justice of the EU has ruled that the operator of an online marketplace is responsible, within the meaning of the GDPR, for the personal data contained in the advertisements published on its platform and must identify advertisements containing sensitive data before publication. (Press release No. 150/25 dated 2 December 2025, Court ruling in case C-492/23, Russmedia Digital and Inform Media Press)
Cookies: The CNIL imposed a fine of €1.5 million on American Express for non-compliance with cookie rules: the company placed trackers without valid consent from users and continued to use them even after explicit refusal or withdrawal of consent. (Deliberation SAN-2025-011 dated 27 November 2025)
Digital sovereignty: In observations published on 31 October 2025, the Court of Auditors highlighted the danger and issues posed using non-European IT solutions by certain ministries in France for the management of sensitive data. It noted that the State favours a level of trust rather than absolute sovereignty, while allowing private operators to offer public services without the same constraints. (Observations by the First Chamber of the Court of Auditors dated 31 October 2025)
Personal data protection: The decree of 31 October modifies the school bullying survey by allowing pupils (from Year 3 to Year 13) to voluntarily provide their first and last names to facilitate their care in the event of a report. Identifying data is then kept for up to three years for follow-up purposes, while other questionnaires are destroyed at the end of the school year. (Decree No. 2025-1037 of 31 October 2025 modifying the processing of personal data referred to as the ‘Bullying Survey’)
4. Digital Economy & Competition
Digital Economy & Competition: Micron Technology announced on 3 December 2025 that it is withdrawing from the consumer market and discontinuing the Crucial brand, used in particular for its SSDs and RAM modules for private individuals. Sales will gradually cease by February 2026, with support and warranties remaining in place for existing customers. (Micron press release dated 3 December 2025)
Regulation: In Australia, Meta will block access to Instagram, Facebook and Threads for users under the age of 16 from 4 December 2025, in accordance with legislation adopted to ban accounts held by minors. (Meta press release dated 19 November 2025).
SEO manipulation: The Criminal Division holds that search engines do indeed constitute “Automated data processing system” but considers that the practice of astroturfing (an insidious communication or propaganda strategy that involves artificially simulating a citizen or popular movement in order to influence public opinion) does not constitute an infringement of their functioning. It does not rule out that such practices may constitute such infringements, provided, however, that the infringement of the normal functioning of search engines can be demonstrated. (Opinion of the Criminal Chamber of the Court of Cassation dated 30 September 2025, Appeal No. 25-82.537)
Competition: The Federation of E-commerce and Distance Selling (FEVAD) has announced unprecedented legal action against SHEIN, accusing it of unfair competition against French e-commerce players. The organisation particularly deplores aggressive pricing practices and calls for the authorities to intervene to restore fairness in the market. (FEVAD press release dated 17 November 2025)
Digital economy: Michael Burry warns of a possible speculative bubble in the field of AI linked to artificially extended depreciation and the growing weight of debt in the technology sector. At the same time, he has shorted the market to the tune of around $1 billion, believing that current valuations do not reflect the structural risks in the sector. (Press release dated 12 November 2025).
Complaint: 13 online marketplace executives have written to the EU in support of the DSA and GPSR, which they consider essential to a secure and innovative digital economy. They call for these recent rules to be stabilised before new ones are added, in order to ensure clarity and efficiency for businesses and consumers in Europe. (Press release dated 3 November 2025)
Cooperation: The United States has signed a series of new agreements on technological prosperity with Japan and South Korea. These agreements have various defined objectives: to increase US interaction with the scientific and technological ecosystems of Japan and South Korea, to harmonise regulatory approaches and to strengthen the national security of the countries in question. (Sector briefings from the Treasury Department dated 7 November 2025, No. 2025-37)
5. Artificial Intelligence
5.1. Copyright in the age of AI
AI/Copyright: In Japan, legal experts believe that AI-generated images can be considered copyright-protected works, provided that the prompt given to the AI is sufficiently detailed and that the creation process involves a significant creative step, such as the number and quality of instructions given or iterations performed. (Analysis based on the report ‘General Understanding of AI and Copyright in Japan,’ published by the Legal Subcommittee of the Copyright Subdivision of the Cultural Council, Japanese Copyright Office (JCO), May 2024)
AI/Copyright: Rachida Dati plans to introduce legislation to regulate the conflict between AI and rights holders, by imposing a remuneration system for the use of works protected by AI models. Given the failure of negotiations between AI players and creators, the Minister of Culture may also consider reversing the burden of proof to facilitate the defence of copyright. (Press release dated 28 November 2025)
5.2. Regulation and supervision
AI: In November 2025, the European Commission launched a secure reporting tool for the AI Act, allowing individuals (particularly professionals linked to AI providers) to report suspected breaches of the regulations anonymously and confidentially. (Press release dated 28 November 2025)
Complaint/AI: The Social Media Victims Law Centre and the Tech Justice Law Project have filed seven complaints against OpenAI, accusing ChatGPT of emotionally manipulating users, amplifying dangerous delusions and acting as a ‘suicide coach’, contributing to psychological crises and suicides. The lawsuits specifically target the GPT-4o version, designed to maximise engagement through artificial empathy and complacent responses, without directing users to professional help. (Open letter dated 6 November 2025)
Complaint/AI: Amazon has filed a lawsuit against Perplexity, accusing it of using its artificial intelligence, Comet, to illegally scrape and reproduce content from its online store. Perplexity subsequently posted a message on its browser accusing Amazon of intimidating it and seeking to stifle innovation. (Perplexity press release dated 4 November 2025)
6. Intellectual Property & Counterfeiting
6.1. Legal actions and proceedings
Anti-piracy efforts: DDoS Guard warns against the power granted to LaLiga to block websites and IP addresses on a large scale in its fight against piracy, a capability described as ‘private regulation’ of the internet, which could lead to massive blockages and affect not only illegal streaming sites but also legitimate services. (DDoS-Guard press release, December 2025)
Industrial property: On 29 October 2025 (No. 23/18018), the Paris Court of Appeal ruled that the cancellation of a patent entails the retroactive nullity of the licence granted — the licensee is therefore no longer required to pay the royalties due. (Paris Court of Appeal ruling of 29 October 2025)
Counterfeiting: The Court of Cassation reiterates that publicly accusing someone of counterfeiting without a court ruling constitutes defamation, even if the allegation is cautious. In this case, a company had alerted distributors to alleged counterfeiting after a simple seizure of counterfeit goods (a probative measure), which was punished. (Cass. com., 15 October 2025, No. 24-11.150)
Copyright: OCLC, the organisation behind the WorldCat database, has dropped its claim for £5 million in damages against Anna’s Archive, but has refocused its strategy on seeking a permanent injunction to remove WorldCat data shared by the site. Rather than pursuing financial compensation, OCLC is now seeking a default judgement that would compel intermediaries to block access to Anna’s Archive. (Copy of OCLC’s new motion for default judgement against Anna’s Archive)
Counterfeiting: A coordinated operation by Europol, EUIPO and the Spanish National Police traced €47 million in cryptocurrencies linked to digital piracy services, contributing to the dismantling of illegal platforms. (Europol press release dated 15 November 2025)
Intellectual property & Counterfeiting: The Tokyo District Court ruled that Cloudflare, Inc. is liable for infringement for allowing pirate sites to distribute more than 4,000 manga works and attract 300 million monthly visits. It ordered the payment of 500 million yen (≈ $3.2 million) in damages to the four major Japanese publishers. (Kadokawa Corporation press release dated 19 November 2025)
Piracy: DISH Network obtained a default judgment of $42 million against Ukrainian hosting provider Virtual Systems, which advertised itself as a ‘DMCA-ignored’ service (ignoring requests for removal for copyright infringement). Despite more than 500 DMCA notices being sent, Virtual Systems never responded and continued to host IPTV services that pirated DISH channels. (Order granting default judgement dated 12 November 2025)
Trademark law: The Versailles Court of Appeal ruled that there was a likelihood of confusion between the signs ‘Fantasque’ and ‘Fantasme’ for perfumery products, due to their phonetic and visual similarity. According to the court, this similarity could mislead the average consumer, who is not particularly attentive, as to the origin of the products, thus justifying the protection of the earlier trademark. (Decision of the Versailles Court of Appeal No. 24/01931 dated 28 May 2025)
Parasitism: In a ruling dated 16 October 2025, the Paris Court of Appeal dismissed the case brought by La Rosée Cosmétiques and ruled against the company, which had accused Caudalie of copying the visual codes, shape and communication of its own sunscreen stick in 2024. The Court pointed out that similarities in shape or colour are not sufficient to constitute parasitism, particularly when they reflect market trends. (Decision of the Paris Court of Appeal, Division 1 – Section 2, 16 October 2025, No. 25/00941)
Intellectual property: A German court ruled in favour of the collective management organisation GEMA in a case against OpenAI, finding that the latter had used protected song lyrics without authorisation to train its artificial intelligence models. The ruling requires OpenAI to pay damages and marks a first in terms of copyright law applied to generative AI. (Press release dated 11 November 2025)
Intellectual property: SACD has brought summary proceedings against TikTok before the Paris Court of Justice, arguing that the platform has been distributing protected works from its repertoire for many years without authorisation and without compensation, and is requesting disclosure of TikTok’s turnover. (SACD press release dated 13 November 2025).
Intellectual property: A federal court in New York has ordered OpenAI to hand over 20 million ‘anonymised’ logs in connection with its dispute with the New York Times over alleged copyright infringement. OpenAI is contesting this measure, citing risks to user privacy. (Press release from the United States District Court Southern District Of New York dated 12 November 2025)
Copyright/AI: Meta, accused by two porn production studios of illegally downloading more than 2,000 films to train its AI, defends itself by claiming that these downloads, made from its IP addresses, were for the ‘personal use’ of employees, contractors or visitors, and not for commercial use for its algorithms. (Motion to dismiss filed by Meta with the US District Court for the Northern District of California on 27 October 2025)
Counterfeiting: Nintendo won its lawsuit against streamer Jesse ‘EveryGameGuru’ Keighin, accused of live streaming pirated Switch games before their official release and sharing links to emulators. The court ordered Keighin to pay £17,500 in damages but rejected Nintendo’s requests to destroy his circumvention tools or ban unidentified ‘third parties’. (Decision dated 29 October 2025)
6.2. Regulation and supervision
Intellectual property: The CJEU reiterates that utilitarian objects, such as furniture, can be protected by copyright only if they are the result of free and creative choices reflecting the author’s personality. However, if their form is dictated by technical or functional constraints, no protection is possible. (Press release from the Court of Justice of the European Union dated 4 December 2025)
Intellectual property: On 26 November 2025, the Council of Europe adopted the Convention on the Co-production of Audiovisual Works in the Form of Series, the first international legal framework dedicated to the independent co-production of television or streaming series, aimed at simplifying cross-border collaborations, clarifying the sharing of rights and revenues, and promoting cultural diversity. (Council of Europe press release dated 26 November 2025)
Industrial property: From 1 December 2025, the EU will protect artisanal and industrial products (Bohemian glass, Limoges porcelain, etc.) through geographical indications (GIs), as it does for wines and cheeses. This system, managed by the EUIPO, aims to preserve local know-how, combat counterfeiting and support the regional economy. (Press release dated 1 December 2025)
Intellectual property: The INPI presents the latest global indicators published by WIPO, confirming the continued growth in international patent, trademark and design filings. The report highlights the dynamics of innovation between regions and the growing weight of Asian economies in filings. (INPI press release dated 20 November 2025)
7. Regulation & Justice
7.1. French law
Justice/social media: Emmanuel Macron plans to propose the creation of a summary judicial procedure to enable the rapid removal of false information disseminated on social media, to combat disinformation during elections or crises. (Information from a speech given on 28 November during a meeting with selected readers of the regional press group Ebra, in Mirecourt)
Regulation: The Financial Markets Authority has announced that it will apply ESMA guidelines on outsourcing to cloud service providers, particularly for financial players, to strengthen supervision and compliance with European obligations. These guidelines, applicable from 30 December 2025, aim to regulate policies, procedures and internal controls related to outsourcing to cloud service providers, based on joint recommendations from ESMA and the EBA. (Press release dated 28 November 2025)
Legislation: At the end of November 2025, the Senate adopted an increase in taxation on digital giants (Netflix, Google, Amazon, Meta, etc.), creating a 1% tax on their turnover in France and extending the digital services tax to advertising revenue and the valuation of user data. The aim is to finance the modernisation of digital infrastructure and to make these players, which account for nearly half of internet traffic in France, contribute. (Amendment, 2026 Finance Bill, dated 27 November 2025)
Regulation/Fast fashion: On 23 November 2025, Sandrine Le Feur and 82 MPs called for Shein to be banned in France, denouncing its disastrous impact on the environment, public health and employment. They accused the fast fashion brand of unfair competition and marketing toxic products, after several record fines in 2025. (Press release dated 23 November 2025)
Regulation: Arcom has requested that the website WatchPeopleDie, which is entirely dedicated to broadcasting violent and gory videos, be blocked for violating human dignity. The regulator is relying on the Law on Confidence in the Digital Economy (LCEN) and has summoned six internet service providers to block access to this site, which claims to have more than 4.4 million users worldwide. (Press release dated 24 November 2025)
Platform regulation: The French courts have extended their investigation into X.com after the platform’s integrated AI Grok disseminated Holocaust denial comments. The investigation now focuses on the social network’s responsibility for moderating AI-generated content and possible violations of French law prohibiting the denial of crimes against humanity. (Press release dated 19 November 2025)
Regulation & Justice: In a ruling dated 5 November 2025 (case no. 24/02425), the Paris Court of Justice ruled that Airbnb cannot be classified as a publisher within the meaning of the Digital Services Act, thereby exempting it from the obligation to verify listings in advance. The court further ruled that Airbnb could not be found at fault for removing a disputed listing within eight days. (Judgment of the Paris Court of Justice dated 5 November 2025)
Regulation/Health: The French National Agency for Medicines and Health Products Safety (ANSM) has taken health policy measures to ban the advertising and online sale of aGLP-1 drugs (used to treat diabetes and obesity), targeting around ten fraudulent platforms. These products, which are often counterfeit and sold in the form of patches or injectors, pose health risks and are illegal in France, where they require a prescription. (Press release dated 19 November 2025)
Platform regulation: The Paris Public Prosecutor’s Office has opened a preliminary investigation into TikTok, following a report by MP Arthur Delaporte. The investigation, entrusted to the cybercrime unit, targets offences related to moderation, the recommendation algorithm, the exposure of suicidal content and the collection of data from minors. (Press release from the Paris Public Prosecutor’s Office dated 4 November 2025).
Regulation: The French government obtained Shein’s agreement to remove all illegal products (child pornography dolls, knives, medicines, etc.) sold on its platform after issuing a 48-hour ultimatum. The Directorate-General for Competition, Consumer Affairs and Fraud Control (DGCCRF) confirmed that no illegal products were still on sale, but Shein remains under close surveillance and legal proceedings are continuing. (Press release dated 7 November 2025)
Suspension procedure: The French government has announced that it has initiated a suspension procedure against the e-commerce platform Shein, pending the latter’s demonstration to the public authorities of its compliance with French laws and regulations. (Press release dated 5 November 2025)
7.2. European law
Regulation & Justice: The European Commission has issued its first final decisions under the DSA, imposing a fine of €120 million on X for failing to comply with its transparency obligations, in particular due to the misleading presentation of the blue badge, the lack of transparency in its advertising directory and the refusal to grant researchers access to public data, while TikTok has accepted binding commitments to ensure full transparency on advertisements displayed on its services. (Commission press release for X and Commission press release for TikTok dated of 5 December 2025)
Fraud: The European Parliament and the Council have reached an agreement to strengthen the protection of payment service users against fraud by imposing mandatory prevention measures and clarifying the liability of banks and online platforms. Banks will have to bear a greater share of losses in the event of fraud if they fail to meet their obligations, and online platforms may be required to reimburse banks that have compensated victims. (Press release dated 27 November 2025)
Social media: The European Parliament has adopted a resolution setting the minimum age for unrestricted access to social media, video platforms and AI assistants in the EU at 16, while allowing supervised access from the age of 13 with parental consent. This measure aims to protect minors from psychological risks and exposure to inappropriate content, while harmonising rules between Member States. (Press release dated 26 November 2025)
DSA: The EU Court of Justice has rejected Amazon’s appeal against its designation as a ‘very large online platform’ under the DSA, confirming that the obligations imposed (transparency, access to data, etc.) are justified to prevent systemic risks, despite the costs and constraints for the company. (Press release No. 144/25 dated 19 November 2025)
Regulation: The European Union is working on legislation known as the ‘digital omnibus’ aimed at simplifying and harmonising digital rules, in particular to reduce administrative complexity and promote innovation. This approach is part of a drive to streamline existing standards while maintaining a high level of protection for fundamental rights and users. (Press release dated 19 November 2025)
Digital regulation: The European Commission has presented its draft ‘Digital Omnibus’ regulation, which aims to simplify and harmonise European rules on AI, cybersecurity and data protection. The text aims in particular to reduce administrative burdens and better coordinate existing frameworks. (European Commission press release dated 19 November 2025)
Regulation of the digital economy: The European Commission is considering designating AWS (Amazon Web Services) and Microsoft Azure as ‘cloud gatekeepers’, which would subject them to a new, stricter regulatory regime in the European Union. (Press release dated 20 November 2025)
Regulation & Justice: The European Board for Digital Services adopted its annual work plan at its 16th meeting, setting out the DSA’s supervisory priorities for 2025. It published its second report on systemic risks, assessing in particular the spread of illegal content, attacks on public debate and risks to minors. The Board also launched a coordinated initiative against online fraud and scams to harmonise the actions of national authorities. (Press release from the European Board for Digital Services dated 18 November 2025)
Penalty: Google, fined nearly €3 billion by the EU in September 2025 for abuse of its dominant position in online advertising, has proposed commitments to the European Commission to avoid a break-up of its business. The Commission has not yet ordered this break-up but does not rule out doing so if Google’s proposals are not sufficient to restore fair competition. (Google’s proposal to the European Commission dated 14 November 2025)
Penalty: In its ruling dated 14 November, a Berlin court ordered Google to pay a fine of €572 million for abuse of its dominant position against two German price comparison companies. These two companies accused Google of favouring its own placements (Google Shopping) to the detriment of competing services. (Press release dated 14 November 2025)
DSA: The EU Court of Justice has rejected Amazon’s appeal against its designation as a ‘very large online platform’ under the DSA, confirming that the obligations imposed (transparency, access to data, etc.) are justified to prevent systemic risks, despite the costs and constraints for the company. Amazon challenged the legality of these measures, claiming that they infringed on its fundamental rights, but the Court ruled that the restrictions were proportionate and legitimate. (Press release No. 144/25 dated 19 November 2025)
Regulation and privacy: A draft regulation from the European Commission would relax certain provisions of the GDPR to facilitate the development of artificial intelligence, in particular by authorising the training of models on sensitive data. (Press release dated 10 November 2025)
Regulation & privacy: The European Union is considering merging the GDPR and the ePrivacy Directive into a single Article 88a to create a clearer and more modern legal framework for cookies and trackers. The draft would allow certain data processing operations to be carried out without users’ consent for technical or security reasons, but this has raised concerns about the protection of internet users. (Press release dated 10 November 2025)
Money laundering: JUNALCO coordinated with Belgium and Cyprus to dismantle a network of fake cryptocurrency investments involving $700 million. Nine people were arrested and a judicial investigation was opened for aggravated money laundering and organised fraud. (Press release dated 3 November 2025)
Platform regulation: The Irish regulator Coimisiún na Meán has opened a formal investigation against X (formerly Twitter) for alleged non-compliance with the Digital Services Act, particularly with regard to the mechanisms for appealing moderation decisions. (Coimisiún na Meán press release dated 12 November 2025)
