The CNIL activity significantly increased in 2025 : the number of complaints received grew substantially. The total amount of fines imposed reached an unprecedented level and the number of data breach notifications hit a high record. For 2026, the CNIL has set two priorities: cybersecurity, to which half of its inspections will be devoted and the regulation of artificial intelligence, an area in which it is set to exercise new powers.
Indeed, while it has already been designated as the supervisory authority for prohibited uses under the AI Act, it is expected to be designated shortly as market surveillance authority for certain high-risk AI systems as well.