According to Art. 289A of the General Taxation Code, a person not established in the European Union, who is liable for the value added tax or must fulfill reporting obligations, is required to have a taxable representative established in France accredited to the tax office.

Under the Policy on the Security of Information Systems of the State, only providers which are certified under the SecNumCloud standard have access to public procurement tenders for cloud services. The SecNumCloud standard requires providers to use root certificates emitted by the certification authority of an EU Member State in the presence of the provider.

Under the "Act aiming to preserve the interests of defence and national security in the framework of exploiting mobile radioelectric networks", any components used to connect consumers with mobile telecommunications networks are subject to prior approval by the Prime Minister, whose decision is based on the permanence, integrity, security and the availability of networks, as well as confidentiality of the messages transmitted. Fourth generation networks and older generations are exempted.

The EU Directive on Audiovisual Media Services (AVMS) covers traditional broadcasting services as well as audiovisual media services provided on-demand, including via the Internet. Art. 13(1) provides for Member States to secure a minimum 30% share of European works in the catalogues as well as "ensuring prominence" of those works. "Prominence" involves promoting European works through facilitating access to such works using any appropriate means to ensure prominence of European works. The Directive has been implemented by Member States in different ways, ranging from very extensive and detailed measures to a mere reference to the general obligation to promote European works.
According to Art. 14 Decree 2021-793 on on-demand audiovisual services, providers of audio-visual streaming services active in the French market have to invest 25% of their annual turnover in France into European or French-language productions if they show at least one cinematic work that has been released to theatres in the previous 12 months; in all other cases, the contribution is lowered to 20%. Details can be fixed in an agreement with the Superior Audiovisual Council.

The Act No. 2014-1104 on taxis and transport cars with drivers bans ride-sharing apps and other digital services that put consumers in contact with unlicensed drivers, including companies like Uber and Lyft. A complaint has been brought against the regulation in front of the European Court of Justice.

According to Article L851-3, telecommunication providers can be required to automatically analyse connection data in their networks to detect terrorist threats.

It is reported that France imposes identity requirement for SIM registration. Anyone wanting to purchase a SIM card has to provide their national ID card, or a passport in case of foreigners, to activate a new prepaid SIM card.

Under Art. 11 of the Act related to the fight against the manipulation of information, platform operators have to implement measures to fight against the spread of false information that may disrupt public order or affect general elections. To this end, they have to provide a complaint mechanism and are invited to establish complementary voluntary measures such as blocking accounts that massively spread disinformation, and increasing transparency over their algorithms and the sources of information.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The E-Commerce Directive was transposed into French law by Law No. 2004-575 of 21 June 2004. According to this law, the hosting provider is liable for the stored contents, only if (i) he was actually aware of the illicit character of the content or if (ii) he did not delete the illicit content or did not forbid access to such content promptly after becoming aware of its illicit character.

Under Art. L851-1 of the Internal Security Code, the Prime Minister can authorise the collection of connection data and other technical data for law enforcement purpose without a court order. Under Art. L851-2, in exceptional cases, real-time online surveillance of individuals connected to a terror suspect can be authorised. The maximum number of authorisations for this is determined by the Prime Minister.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbor. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The E-Commerce Directive was transposed into French law by Law No. 2004-575 of 21 June 2004. According to this law, the hosting provider is liable for the stored contents, only if (i) he was actually aware of the illicit character of the content or if (ii) he did not delete the illicit content or did not forbid access to such content promptly after becoming aware of its illicit character.

Under Art. L34-1 of the Postal and Electronic Communications Code, telecommunication service providers have to keep personal data like the name and address of consumers for simple law enforcement purposes, as well as users' payment information and other information. For the purpose of fighting grave crime, as well as national security and public security threats, providers can be obliged to keep data on the source and destination of communications as well as data on the devices used. In cases where there is a grave threat to national security, currently or in the immediate future, the Prime Minister can enjoin providers to keep other data, including location data.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws which implemented the Directive have been overturned.
France implemented the Directive with Decree no. 2006-358 Relating to the conservation of electronic communication data. In 2021, the Conseil d'Etat upheld the law despite the CJEU ruling, arguing that it remained compatible as it was necessary to safeguard national security.

Under Arts. L-111-1 and L-111-2 of the Heritage Code, public archives that are kept because of scientific interest or ongoing administrative utility are national treasures. As such, they must be stored on French territory, even in electronic form.

It is reported that the Postal and Print media distribution Regulatory Authority (ARCEP), the executive authority for the supervision and administration of services in the telecommunications sector, is independent from the government in the decision-making process.