Publication
7 July 2026

The French Data Protection Authority activity

The year 2025 was marked by a significant increase in the CNIL’s activity, with a rise in complaints, data breach notifications, and an unprecedented total amount of fines.

The CNIL activity significantly increased in 2025 : the number of complaints received grew substantially. The total amount of fines imposed reached an unprecedented level and the number of data breach notifications hit a high record. For 2026, the CNIL has set two priorities: cybersecurity, to which half of its inspections will be devoted and the regulation of artificial intelligence, an area in which it is set to exercise new powers.

Indeed, while it has already been designated as the supervisory authority for prohibited uses under the AI Act, it is expected to be designated shortly as market surveillance authority for certain high-risk AI systems as well.

Related content

Publication
7 July 2026
Strengthening of action by French regulators
The year was characterized by a significant increase in the activity of French regulatory authorities, both in their enforcement actions...
Publication
8 July 2025
2024, an active year for French regulators
French regulators have been highly active in 2024, with more investigations, hefty fines, and stronger cooperation both nationally and internationally.
Publication
14 July 2023
[Infography] Focus on the French data protection authority activity (CNIL)
Over the past months, the French Commission Nationale de l’Informatique et des Libertés (“CNIL”), regulator of personal data, imposed tremendous...
Analysis
CNIL Facebook Google
25 January 2022
CNIL imposes the largest sanctions in its history on Facebook and Google
CNIL issued the largest fines in its history against Facebook and Google for infringements of the existing regulations on cookies.