According to Art. L851-1 of the Internal Security Code, the Prime Minister can authorise the collection of connection data and other technical data for law enforcement purposes without a court order. Furthermore, under Art. L851-2, in exceptional cases, real-time online surveillance of individuals connected to a terror suspect can be authorised. The maximum number of authorisations for this is determined by the Prime Minister.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The E-Commerce Directive was transposed into French law by Law No. 2004-575 of 21 June 2004. According to this law, the hosting provider is liable for the stored contents only if (i) he was actually aware of the illicit character of the content or if (ii) he did not delete the illicit content or did not forbid access to such content promptly after becoming aware of its illicit character.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The E-Commerce Directive was transposed into French law by Law No. 2004-575 of 21 June 2004. According to this law, the hosting provider is liable for the stored contents only if (i) he was actually aware of the illicit character of the content or if (ii) he did not delete the illicit content or did not forbid access to such content promptly after becoming aware of its illicit character.

It is reported that France imposes an identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card or a passport in case of foreigners to activate a new prepaid SIM card.

According to the Postal and Electronic Communications Code, passive infrastructure sharing is mandated in France (Art. 47-49). The operators of networks open to the public can occupy the public road domain by setting up works there insofar as this occupation is not incompatible with its assignment. In addition, co-location is not required but is strongly encouraged by the Postal and Electronic Communications Code. Passive access to optical local loops is regulated by the Autorité de Régulation des Communications Électroniques, des Postes et de la Distribution de la Presse (Arcep) in a symmetrical manner. On copper, an asymmetric regulation applies to Orange on passive and active access.
In addition, Directive 2014/61/EU (Art. 3.2) establishes that Member States shall ensure that, upon written request of an undertaking providing or authorised to provide public communications networks, any network operator must meet all reasonable requests for access to its physical infrastructure under fair and reasonable terms and conditions, including price, with a view to deploying elements of high-speed electronic communications networks. Such written request shall specify the elements of the project for which the access is requested, including a specific time frame.

It is reported that Certification framework for cloud service providers (SecNumCloud) “sovereignty requirements” disadvantage—and effectively preclude—foreign cloud firms from providing services to government agencies. The latest SecNumCloud guidance retains foreign ownership and board limits, which would effectively force foreign firms to set up a local joint venture to be certified under SecNumCloud as “trusted” and thus able to manage European data and digital services. These new provisions are in addition to their current use as a de facto discriminatory barrier, as France has not certified firms from other EU member states and from outside the EU.
Since 2016, only four companies, all French, have been certified (3DS Outscale (a subsidiary of Dassault Systemes), OVHcloud, Oodrive, and Worldline Cloud services). It is mandatory for public agencies to use SecNumCloud-certified services. Art. 19.6 of the SecNumCloud requires that cloud service providers be “immune to non-EU laws” established via corporate ownership structure limitations. Specifically, the law specifies that individual shareholders outside the EU cannot possess more than 25% of the company and collectively 39% of the value and voting rights of the company. They also cannot have veto rights, nor can they nominate a majority of members of boards. Together, all of these requirements essentially preclude the majority of foreign-owned and run cloud firms from SecNumCloud certification.

Under Section 19.6.a of the Certification framework for cloud service providers (SecNumCloud) requirements repository, the registered office, central administration or main establishment of the service provider must be established within a member state of the European Union.. France's Policy on the Security of Information Systems of the State states that if certificates are available, certified products or services are to be preferred, effectively putting non-EU providers at a disadvantage.

Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
In France, the Directive has been transposed with the Public Order Code (CCP), which contains the provisions governing public order contracts, following a distinction between public contracts and concessions.

The Public Procurement Code, Chapter 3, Section 1, stipulates that French public authorities shall guarantee equivalent treatment to economic operators and works, supplies and services from States that are signatories to the WTO Government Procurement Act and economic operators from EU Member States. In other cases, authorities may introduce criteria or restrictions in the tender documents based on the origin of the goods or services.

It is reported that the lack of transparency is a challenge for public procurement procedures in France, especially for foreign bidders, including with respect to overly narrow definitions of tenders, and implicit biases in favor of local vendors and state-owned enterprises.

With a few exceptions in specific sectors not relevant to digital trade, there are no statutory limits on foreign ownership of companies. Foreign entities have the right to establish and own business enterprises and engage in all forms of remunerative activities.

Decree 2019-1590 on foreign investments in France, which amends the French Monetary and Financial Code (FFIR) and was last revised by Decree No. 2023-1293, establishes a screening procedure for foreign acquisitions of French companies. An investment transaction is subject to the FFIR if certain cumulative criteria are met, such as the percentage of ownership and the sector involved. Specifically, this procedure applies when a foreign entity is part of the ownership chain, and the investor (i) acquires control, (ii) acquires all or part of a line of business, or (iii) exceeds the threshold of 10% of the voting shares, reduced from the original 25% by Decree No. 2020-892 and permanently amended by Decree No. 2023-1293 if the investor's home state is not part of the EU. The investment must also be in critical sectors, including information systems security, cryptography, surveillance, digital security audits, gambling (excluding casinos), telecommunications networks, and media (Art. R151-3).
When applying the procedure, the Ministry of Economy considers factors such as the permanence of the activities on French territory, the potential to maintain related know-how in France, the governance structure of the resulting company, and information-sharing arrangements (Art. R151-8). The Ministry has the authority to refuse the transaction or impose certain conditions. For example, in 2020, the acquisition of the French photonic sensor manufacturer Photonis by the American company Teledyne was blocked.

France is a party to the Patent Cooperation Treaty (PCT).

There is no general principle for the use of copyright-protected material comparable to the fair use/fair dealing principles. Directive 2001/29/EC defines an optional but exhaustive set of limitations from the author´s exclusive rights under the control of the “three-step test” in line with the Berne Convention that establishes three cumulative conditions to the limitations and exceptions of a copyright holder’s rights. The Directive has been transposed by Member States with significant freedom.
Art. L122-5 of the French Intellectual Property Code establishes far-reaching copyright exemptions, including private reproductions, analyses and critiques, parodies, and pedagogical uses.