On January 10, 2025, the CNIL published its strategic plan 2025-2028 (Strategic Plan of the CNIL – 2025-2028). It thus defined its strategic priorities for the next three years, with the main objective of reconciling technological innovation, protection of fundamental rights, and digital security. This plan aims to secure the digital future by focusing on the regulation of AI (in the context of the implementation of the AI Act) and by taking into account certain types of threats, notably cyber threats.
The CNIL’s strategic plan is structured around three main axes.
- Framework for artificial intelligence (AI)
In light of the rise of generative AI, the CNIL intends to play a central role in ensuring that these technologies respect fundamental rights. A dedicated service for AI will be established to anticipate and regulate these developments. - Strengthening cybersecurity
In response to the increase in data breaches, the CNIL will strengthen its actions in the field of cybersecurity to protect personal information and establish a climate of trust, essential to the development of digital uses. It will also take into account the processing of personal data breaches. The CNIL also indicated that controls actions would be reinforced. - Protection of Minors
With the overexposure of young people to screens, the CNIL will implement specific measures to guarantee the online safety of minors and prevent risks related to their digital activities.
This plan also integrates mobile and digital identity.
- Mobile applications: The CNIL will continue its action plan initiated in 2024 to regulate the use of personal data within mobile applications.
- Digital identity systems: The support for these systems aims to ensure their compliance with data protection requirements.
How will the CNIL implement its strategic plan?
To implement this ambitious plan, the CNIL provides for:
- The creation of a team dedicated to economic analysis.
- The strengthening of its dialogue with stakeholders;
- An intensification of cooperation with other regulators at national and European levels.
CNIL Action Plan: Protection of Minors, AI and Cyber Threats
- This strategic plan addresses one of the themes of its 2024 control program, namely the protection of minors’ data and, more specifically, data collected online. Indeed, in light of the increasing exposure of young people to digital platforms, the CNIL had emphasized that it would verify the implementation of age verification mechanisms, security measures, and the respect of the principle of data minimization on websites and applications used by children and adolescents.
- This plan outlines the role that CNIL intends to play within the framework of the implementation of the AI Act and the necessary regulation of AI to protect privacy.
- Finally, CNIL has stated that it will increase enforcement operations following data breaches, in coordination with other competent authorities. A key point to note for professionals.
Aumans Avocats: specialists in IT/Data, data protection and AI
As a law firm specializing in artificial intelligence and data protection, we are at your disposal to assist you with all your projects. Whether you are a startup, a SME or a large company, our expertise will allow you to navigate smoothly in the complex landscape of regulation and compliance. Do not hesitate to contact us to benefit from personalized advice and secure your digital future.
Sources: AI, minors, cybersecurity, digital daily: The CNIL publishes its strategic plan 2025-2028
