Legal development

Passing of the French Law SREN

Insight Hero Image

    The French law on securing and regulating the digital environment (“SREN”) was officially passed on 21 May 2024 and published in the Official Journal dated 22 May 2024, representing a major legislative step towards strengthening the security and regulation of technology and online spaces in France. It marks a significant advancement in safeguarding digital environments and ensuring responsible digital governance in France and introduces the following key provisions:

    1. Heightened protection for citizens, especially minors, from new online threats:

    • Safeguards children from pornographic content by introducing age verification systems on pornographic sites. 
    • Criminalises non-consensual deepfake pornography, with violations sanctioned by up to 2 years' imprisonment and a EUR 60.000 fine.
    • Implements stronger measures against online hate, cyber-bullying and other serious offences.
    • Establishes a "digital citizens' reserve" ("réserve citoyenne du numérique"), a network which enables volunteers to participate in campaigns to prevent online threats and raise awareness of responsible digital practices among users.

    2. Pre-enacts EU Data Act provisions for cloud computing services.

    3. Establishes a national coordination network for the regulation of digital services (including the Directorate-General for Competition, Consumer Affairs and Fraud Control and the Directorate-General for Enterprise) to ensure a global and coherent vision of regulation.

    4. Implements new powers for national regulatory authorities under the Digital Services Act and the Digital Markets Act:

    • The Autorité de Régulation de la Communication Audiovisuelle et Numérique has been designated as the coordinator for digital services, ensuring consistent application of regulations for entities established in France.
    • The Commission nationale de l'Informatique et des Libertés is responsible for issues pertaining to personal data.
    • The Direction générale de la concurrence, de la consommation et de la répression des fraudes monitors compliance marketplace provider obligations.

    5. Strengthens users’ rights and personal data protections

    6. Regulates online advertising, requiring platforms to ensure transparency regarding the origin and nature of displayed advertisements.

    7. Regulates games with monetisable digital objects for a three-year experimental period, aiming to prevent the risks of fraud, money laundering and exploitation of players.

    CNIL appointed as France's competent authority for data altruism under the European Data Governance Act  

    On 21 June 2024, the CNIL publicly announced its appointment as France's designated authority for data altruism, effective since the implementation of the French law SREN on 21 May 2024, under Article 23 of the European Data Governance Regulation.

    "Data altruism", defined by the CNIL, involves the voluntary sharing of data with the consent of data subjects or authorisation from data holders, without financial compensation beyond covering associated costs. The CNIL:

    • will regulate how organisations share data deemed beneficial for the public interest;
    • will maintain the national public register of data altruistic organisations, investigate complaints against these entities, participate in the European Data Innovation Board, and provide informative content on its website tailored for stakeholders involved in altruistic data processing - such as organisations, data holders, and data subjects; and 
    • can be contacted by altruistic data organisations at:

    The information provided is not intended to be a comprehensive review of all developments in the law and practice, or to cover all aspects of those referred to.
    Readers should take legal advice before applying it to specific issues or transactions.


    Stay ahead with our business insights, updates and podcasts

    Sign-up to select your areas of interest