News

Introduction

The Data Protection Act (Loi Informatique et Libertés), of January 6, 1978, has since then evolved to meet the new challenges posed by digital technologies and the management of personal data.

The successive reforms, particularly with the implementation of the General Data Protection Regulation (GDPR), the EU Directive 2016/680’s transposal, and recent amendments, have allowed the law to adapt to contemporary issues.

This article explores the major changes to this legislation and analyzes their impact on personal data protection in France.

The origin and evolution of the data protection Act

The Data Protection Act was initially adopted in 1978 to protect citizens’ privacy in the context of personal data management. This law established the Commission Nationale Informatique & Libertés (CNIL), French independent administrative authority, to ensure that data processing practices comply with the law’s fundamental principles. The original law aimed to regulate the collection and processing of personal data by both public and private sectors and has been amended twice:

• In 2004, with the introduction of new provisions to strengthen data protection, notably through the transposal of the European Directive 95/46/EC, which implemented adjustments to the law.

• In 2016, with the adoption of the General Data Protection Regulation (GDPR) in May, which came into effect in 2018, marking a significant evolution in both French and European legislation.

Major changes brought by the GDPR

The GDPR had a significant impact on the Data Protection Act by strengthening personal data protection and harmonizing rules at the European level. While it is not directly a modification of French law, its application forced national legislation to integrate its core principles.

The GDPR has enabled to guarantee :
• The right to clear and accessible information when collecting data.
• The right to access, rectify, and erase (right to be forgotten).
• Data portability from one service to another.

The GDPR also expanded the CNIL’s powers in terms of enforcement, allowing fines up to 4% of a company’s global turnover for non-compliance. The CNIL now plays a more proactive role in monitoring corporate compliance.

Relationship between national law and the GDPR

The Data Protection Act continues to play a complementary role to the GDPR on issues where the European regulation allows for national discretion.

For example:
• The processing of health data, offense-related data, or journalistic data.
• Criminal law files, governed by specific rules derived from the European directive introduced alongside the GDPR.

These provisions allow the legal framework to adapt to areas where security and protection concerns are particularly high.

The evolution of the Data Protection Act remains dynamic, with regular amendments, notably decrees published since 2018, specifying the operational modalities of the new rules.

New obligations for businesses

The Data Protection Act, as amended by the GDPR, now imposes additional obligations on businesses regarding the management of personal data:

• Appointment of a Data Protection Officer (DPO):
Certain businesses must appoint a DPO to ensure that data processing practices comply with the legislation.

• Explicit and Documented Consent:

Businesses must obtain explicit consent from users before collecting their data, and this consent must be documented and easily accessible.

• Privacy Impact Assessment (PIA):

Businesses must conduct PIAs when data processing presents a high risk to individuals’ rights and freedoms, especially in the case of automated processing.

Challenges of data protection in the digital Age

1) The rise of Big Data and AI

The massive processing of data (Big Data) and the growing use of artificial intelligence (AI) in personal data processing pose new challenges. Businesses must now justify the necessity of collecting data and can no longer rely on a lax approach.

2) The risks of data breaches

Despite efforts to strengthen security, data breaches remain frequent. Companies must not only take preventive measures but also be prepared to notify competent authorities and affected individuals in case of a data breach.

3) International Data Transfers
The transfer of data outside the European Union is strictly regulated. Businesses must implement appropriate mechanisms, such as standard contractual clauses or comply with adequacy regulations (e.g., the Privacy Shield for transfers to the United States), to ensure the security of personal data.

Conclusion

The Data Protection Act, as amended by the GDPR, represents a strengthened legal framework for personal data protection, particularly in the context of rapid technological advancements. Businesses must comply with these new rules, not only to avoid penalties but also to ensure the trust of their users.

Dreyfus & Associés assists its clients in managing complex intellectual property cases, offering personalized advice and comprehensive operational support for the complete protection of intellectual property.

Dreyfus & Associés works in partnership with a global network of specialized intellectual property lawyers.

Nathalie Dreyfus with the support of the entire Dreyfus team.

Q&A

1.How does the GDPR affect companies that process sensitive data?
Companies that process sensitive data must implement enhanced security measures and obtain explicit consent from the individuals concerned. They must also conduct a Data Protection Impact Assessment (DPIA) to assess the risks associated with these processing activities.

2.Which companies must appoint a DPO?
Companies that process personal data on a large scale or sensitive data must appoint a Data Protection Officer (DPO). It is also mandatory for public organizations and those involved in regular monitoring of individuals.

3.What are the risks for companies in case of non-compliance?
In case of non-compliance, companies risk financial penalties of up to 4% of their global turnover or €20 million, depending on the severity of the violation. They may also face legal action and damage to their reputation.

4.How can companies ensure the security of personal data?
Companies must implement technical and organizational security measures, such as data encryption, strict access controls, and continuous training for employees on security best practices.

5.What is a Data Protection Impact Assessment (DPIA)?
A Data Protection Impact Assessment (DPIA) allows companies to analyze the risks to data protection before launching processing activities that may affect individuals’ privacy. It is mandatory for high-risk processing, particularly in cases of large-scale surveillance.

6.Is user consent always necessary for the processing of their data?
Explicit consent is required when data is processed based on this consent. However, in certain cases (e.g., for contract execution or legal obligations), other legal bases, such as legitimate interest, can be used without the need for prior consent.

This publication is intended for general public guidance and to highlight issues. It is not intended to apply to specific circumstances or to constitute legal advice.

Introduction

ICANN (Internet Corporation for Assigned Names and Numbers) established the system of national top-level domains, known as ccTLDs (country code Top-Level Domains), the management of which is entrusted to each country. Specific rules govern the registration and use of these extensions, depending on local legal and regulatory requirements.

Choosing an appropriate ccTLD makes it possible to clearly indicate to search engines and users the intended target audience, thereby strengthening the relevance of content at a national or regional level. As such, the ccTLD constitutes an essential legal, technical, and strategic lever for any company developing an online activity, whether domestic or international.

Definition: what is a ccTLD?

A ccTLD (Country Code Top-Level Domain) is a domain name extension composed of two letters, assigned to a State or territory on the basis of the international ISO 3166-1 standard.

Each ccTLD corresponds to a clearly identified geographical area, for example .fr for France, .de for Germany, .it for Italy, .es for Spain, or .cn for China.

In addition, certain territories have been assigned specific codes under the ISO standard, in particular overseas territories, in order to reflect their particular geographical situation. Accordingly, alongside the French .fr extension, there are also .gf (French Guiana), .mq (Martinique), .re (Réunion), .nc (New Caledonia), .yt (Mayotte), and .gp (Guadeloupe).

Certain exceptions also exist. The United Kingdom, for instance, does not use the standard ISO code .gb, but rather the ccTLD .uk. Likewise, although the European Union is not a State, the ccTLD .eu is widely used by institutions and organisations in order to strengthen their visibility and identification at the European level.

The role of governance authorities

From an institutional perspective, the allocation of all ccTLDs is coordinated by ICANN. However, the management and registration of national domain names are carried out by the respective national registries, commonly referred to as NICs (Network Information Centers).

In France, for example, the .fr extension is administered by AFNIC (Association française pour le nommage Internet en coopération), which sets specific rules relating to eligibility, dispute resolution mechanisms, and the protection of prior rights.

Accordingly, a ccTLD is not merely a technical extension. It is the expression of national digital sovereignty, governed by specific rules that are often firmly rooted in local law.

What are the conditions for registering a ccTLD?

Each ccTLD is subject to its own registration rules, which are often stricter than those applicable to generic top-level domains (gTLDs) such as .com, .net, or .org. Certain extensions require a local presence, a national registration, or the appointment of a legal representative within the relevant territory.

By way of example, the registration of a .fr domain name is limited to holders established within the European Union, as well as in Iceland, Liechtenstein, Norway, or Switzerland.

Registration conditions vary depending on the policy adopted by the relevant registry. For more information about the eligibility rules for the .fr extension, please refer to our previously published article.

Similarly, the Canadian ccTLD .ca is strictly reserved for companies and individuals having their registered office or residence in Canada.

As a result, ccTLDs are not subject to a uniform regime.

What are the advantages of ccTLDs for businesses?

A lever of credibility and local trust

A ccTLD sends a strong signal of geographical proximity to users. It enhances trust, improves the clarity of the offer, and reinforces commercial credibility, particularly in markets where local presence is decisive. For many consumers, a national extension is naturally associated with a company established locally and subject to the applicable national law.

A strategic advantage for search engine optimisation

From an SEO perspective, a ccTLD clearly indicates the geographical target to search engines. It improves rankings for local searches and enables the implementation of a more precise international SEO strategy than reliance on a generic domain name alone.

A tool for protecting trademarks and digital assets

ccTLDs play a key role in the fight against cybersquatting, phishing, and other fraudulent uses. The defensive registration of strategic country-code extensions helps reduce the risk of trademark infringement, traffic diversion, and online impersonation, while facilitating recovery actions based on local law.

Conclusion

The ccTLD (Country Code Top-Level Domain) has become a structuring tool at the heart of corporate digital strategies. Far beyond a simple geographical extension, it serves as a vector of credibility, a lever for local visibility, and an essential legal instrument for protecting trademarks and online intangible assets.

The firm Dreyfus & Associés works in partnership with a global network of intellectual property lawyers.

Nathalie Dreyfus with the support of the entire Dreyfus firm team

Q&A

Does registering a domain name under a ccTLD automatically protect a trademark?
No, but it is an effective tool for preventing and combating online infringements.

Are all ccTLD extensions subject to the same registration requirements?
No. There is no uniform regime applicable to ccTLDs. Registration requirements vary depending on the policy of the relevant registry. Some extensions are open without specific conditions, while others require a local presence, national incorporation, or the appointment of a local representative.

Can a ccTLD be used as an indicator of territorial targeting in a dispute?
Yes. Courts and IP offices frequently take the national extension into account when assessing the intended audience, particularly in cases involving trademark infringement or unfair competition.

Can a ccTLD domain name be deleted if the eligibility requirements are no longer met?
Yes. Many registries provide for the suspension or deletion of a domain name if the holder no longer satisfies the required criteria, in particular where local presence is lost.

Are dispute resolution procedures identical for all ccTLDs?
No. Each ccTLD applies its own mechanisms, which may be based on the UDRP, local alternative dispute resolution procedures, or national courts.

Introduction

In December 2009, the new Montenegrin regulation applicable to .me domain names entered into force, entitled Regulation on Procedures for the Registration and Use of Domain Names under the National .ME Domain. This regulation paved the way for the introduction of an arbitration mechanism in addition to theUDRP (Uniform Domain-Name Dispute Resolution Policy), which had until then been the preferred means of resolving disputes relating to this extension.

This arbitration mechanism represents a structural development in the domain name dispute resolution framework, as it now makes it possible to address more complex situations that go beyond the strict scope of cybersquatting, and to integrate contractual, commercial, or strategic issues closely linked to contemporary domain name use.

The legal and institutional framework of the .me domain

From its launch in 2007, the .me extension enjoyed immediate and unparalleled success. Although formally attached to Montenegro, it quickly established itself as an extension with a clear international vocation, with more than 320,000 domain names registered within just a few months, an unprecedented pace for a ccTLD and a clear indication of its attractiveness to economic players and trademark owners worldwide.

The .me is a ccTLD operated in accordance with international standards, while remaining subject to Montenegrin law. This hybrid nature explains the early integration of the UDRP and the gradual opening to complementary national mechanisms.

The UDRP procedure as applied to .me domain names

The UDRP and arbitration are not mutually exclusive. They serve distinct yet complementary purposes, offering rights holders a broader strategic range. While the UDRP is often described as a form of arbitration, it is in fact a specific extrajudicial administrative procedure.

The UDRP is characterized by a deliberately narrow scope, limited to situations of manifest abuse, based on strictly defined criteria, and leading exclusively to technical remedies, namely the transfer or cancellation of the disputed domain name. It does not produce res judicata effects, as state courts remain competent in all circumstances. The procedure remains particularly well suited to cases of clear bad faith, but it shows its limits when confronted with complex contractual or commercial disputes.

For further information on the UDRP framework, readers are invited to consult our previously published guide.

The arbitration procedure applicable to .me domain names

The Montenegrin regulation governing .me domain names provides for the implementation of an autonomous arbitration mechanism, distinct from the UDRP procedure. The coexistence of these two dispute resolution avenues requires prior strategic reflection, based on the nature of the dispute, the economic interests at stake, and the legal effect sought.

Fully falling within the scope of arbitration law, this mechanism is based on the existence of an arbitration agreement, whether express or implied. It is distinguished by its ability to address complex disputes involving contractual, commercial, or competitive elements, whereas the UDRP remains confined to cases of abusive registration and use of domain names, in particular cybersquatting. The procedure allows for in-depth examination, extensive administration of evidence, and results in an arbitral award capable of recognition and enforcement at the international level, notably under the New York Convention.

For trademark owners, arbitration therefore constitutes a complementary tool with significant strategic value. It offers a more flexible and structured dispute resolution framework when the domain name forms part of an existing business relationship, while ensuring a comprehensive assessment of the dispute and a decision with enhanced legal force.

Conclusion

The introduction of arbitration for .me domain names, alongside the UDRP procedure in Montenegro, significantly strengthens the enforcement tools available to rights holders. It allows the legal response to be tailored to the increasing complexity of domain name uses.

Dreyfus & Associés law firm assists its clients in designing bespoke strategies that integrate all available mechanisms for resolving digital disputes.

Dreyfus & Associés works in partnership with a global network of specialized intellectual property lawyers.

Nathalie Dreyfus, with the support of the entire Dreyfus team.

Q&A

1. Does arbitration allow remedies other than the transfer or cancellation of the domain name ?

Yes. Unlike the UDRP, arbitration may, depending on the applicable framework, address broader claims, such as contractual obligations, corrective measures, or future commitments between the parties.

2. Is arbitration riskier for a trademark owner than the UDRP procedure ?

Arbitration is not riskier, but it is more demanding. It requires thorough legal preparation, strong factual arguments, and a clear strategic vision, whereas the UDRP is based on strict and limited criteria.

3. Can one freely choose between the UDRP procedure and arbitration for a .me dispute ?

Yes, in most cases. The choice depends on the nature of the dispute, the objectives pursued, and the respondent’s profile. Prior analysis is essential to avoid an inappropriate or ineffective procedure.

4. Is arbitration confidential, unlike the UDRP procedure ?

Yes. Confidentiality is one of the major advantages of arbitration, particularly valued by companies seeking to avoid public exposure of sensitive or strategic disputes.

5. Is arbitration suitable for disputes involving international groups ?

Absolutely. Arbitration offers procedural, linguistic, and legal flexibility, making it particularly well suited to international groups operating across multiple markets and facing cross-border issues.

This publication is intended for general public guidance and to highlight issues. It is not intended to apply to specific circumstances or to constitute legal advice. 

Introduction

The receipt of fraudulent invoices has become one of the most recurrent and costly risks for intellectual property rights holders. The scheme is now well known : fraudsters exploit public data from official registers, reproduce visual codes and institutional language, and then request payments for services that are either non-existent or devoid of any legal value. Beyond the financial loss, these practices undermine trust in the intellectual property ecosystem and compel companies to adopt genuine risk governance mechanisms.

When invoicing becomes a tool for fraud : heightened vigilance for intellectual property rights holders

A fraudulent invoice is a payment request designed to resemble an official communication, referring to a trademark filing, a publication, an opposition period, or a renewal. It frequently proposes registration in so-called “private registers” presented as mandatory, even though they have no official status whatsoever.

The fraud relies on ambiguity between official fees and optional services lacking any legal relevance, while insinuating that failure to pay could jeopardize rights. Intellectual property offices, including the EUIPO, publish warnings and examples of misleading communications on their websites, identifying companies involved in such scams.

By way of example, in 2023 a series of fraudulent emails was reported. These messages originated from email accounts using domain names closely resembling those of the EUIPO. Such phishing emails falsely claimed to come from the Office’s Deputy Executive Director and requested payment of an alleged registration fee to a foreign bank account that in no way belonged to the Office.

This constitutes identity theft fraud, evidenced in particular by a fake registration certificate imitating the name, acronym, and logo of the Office.

The vulnerability of rights holders

The exposure of rights holders begins as soon as an application is published and continues through to renewal. Publication acts as a trigger, as it makes visible the applicant’s identity, the filing date, and the procedural status. A second critical phase arises during opposition periods, when internal organizations may hesitate as to the appropriate steps to take in response to earlier rights holders. Finally, the approach of renewal deadlines offers fertile ground for fraudsters, especially when teams receive purported “final reminders” even before the office has issued any official communication. The risk is heightened when intellectual property management is spread across several subsidiaries or brands, and when payment processes prioritize speed over verification.

Identifying warning signs

The most reliable method is to verify structural elements rather than debating the tone or style of the message. Authenticity depends on the identity of the sender, the payment channel, and the beneficiary bank account. Where an office provides a secure online portal, legitimate payments and notifications should be checked primarily through that channel, not through unsolicited emails.

Fraudsters typically use domain names very close to official ones, with minor typographical variations, and attach documents imitating certificates or decisions. Within companies, the decisive reflex is procedural : no payment relating to intellectual property should be approved without verification of the file in the official portal or internal records, and without formal confirmation of the beneficiary’s legitimacy.

The accelerating effect of artificial intelligence (AI)

Generative AI increases both credibility and scalability. It facilitates multilingual drafting of messages with a convincing legal tone, removes obvious errors, and enables mass personalization based on public data. It also allows optimization of timing : by observing corporate processing habits, fraudsters can target periods when the likelihood of payment is highest. Observations by European authorities and anti-fraud cooperation bodies describe a structured phenomenon, fueled by significant gains reinvested in tools, front entities, and international logistics. The practical consequence is clear : awareness alone is no longer sufficient, and security increasingly depends on robust internal controls.

Best practices in combating fraud

When faced with a suspicious request, the appropriate response is not simply to delete the fraudulent email. Internally, legal teams and the person responsible for intellectual property must be informed to verify whether an official fee is genuinely due, and accounting departments should be alerted to block payment execution.

If a payment has already been made, the bank should be contacted immediately to explore cancellation or recovery options, as speed is often decisive. Externally, reporting is not incidental: it feeds investigations, enables offices to issue alerts, and contributes to dismantling fraudulent campaigns. From an evidentiary standpoint, it is essential to preserve the message in its original form in order to retain headers and technical data, as simple forwarding may erase useful information.

Conclusion

Fraudulent invoices exploit the transparency of official registers, which calls for a structured response : validation procedures, secure channels, training, and an internal culture in which urgency never overrides verification.

Dreyfus & Associés law firm assists its clients in implementing preventive measures, managing incidents, liaising with offices and authorities, and analyzing phishing and identity theft components when they overlap.

Dreyfus & Associés works in partnership with a global network of lawyers specialised in intellectual property.

Nathalie Dreyfus, with the support of the entire Dreyfus firm team.

Q&A

1. What types of fraudulent invoices most commonly circulate in the field of intellectual property ?
The most common involve registrations in private registers with no legal value, fake renewal or opposition notices, and purportedly mandatory service offers. Some directly imitate communications from offices or advisors to create confusion as to the official nature of the request.
2. At which key stages in the life of an intellectual property right is the risk of fraud highest ?
The risk is particularly high at the time of publication, during opposition periods, and as renewal deadlines approach. These stages make information public and create time pressure conducive to unchecked payments.
3. How can a legitimate request be distinguished from an attempted fraud ?
Any payment request must be verified through the offices’ official secure channels; unsolicited, urgent emails or those featuring unusual bank accounts should raise immediate concern.
4. How can an effective internal validation process for intellectual property payments be organized ?
All payments should be validated by the legal function or the person responsible for the portfolio, based on official portals or pre-verified banking references. No payment should be made solely on the basis of an unsolicited or purportedly urgent email.
5. Should an attempted fraud be reported even if no payment has been made ?
Yes. Reporting helps fuel investigations, warn other users, and strengthen the effectiveness of collective anti-fraud mechanisms.

This publication is intended to provide general guidance and to highlight certain issues. It is not intended to apply to specific circumstances or to constitute legal advice.

Introduction

Artificial intelligence (AI) is rapidly spreading within companies. Task automation, decision-support tools, content generation and the optimisation of internal processes are becoming increasingly common, often driven by employees themselves in a context where AI tools are widely accessible.

This rapid adoption may create the illusion of freedom of use. In reality, the use of AI in the workplace is subject to a dense and now clearly structured legal framework, resulting from the combined application of labour law, the General Data Protection Regulation (GDPR), collective bargaining agreements (CBAs) and, more recently, the European regulation on artificial intelligence (the AI Act).

AI is therefore neither a neutral tool nor a purely technical instrument. It cannot be freely used in the workplace whenever it affects work organisation, employees’ rights or the processing of data.

The general legal framework governing the use of AI in companies: a multi-level approach

The use of AI in the workplace is governed by an intricate set of national and European rules, which fully apply whenever an algorithmic tool influences work organisation, decision-making processes or the processing of personal data.

The AI Act: a new pillar, but not a standalone one

Regulation (EU) 2024/1689 on artificial intelligence (the AI Act), adopted in June 2024, is the first European legal framework specifically dedicated to AI. It introduces a risk-based approach to AI systems.

In particular, AI systems are classified as high-risk when they are used for:

• recruitment and candidate selection,
• employee evaluation or scoring,
• performance management,
• monitoring or control of professional behaviour.

The Regulation already imposes, for certain provisions, key obligations on employers, including:

• the prohibition of certain AI practices considered incompatible with fundamental rights;
• the obligation to ensure appropriate training for persons using AI systems in a professional context.

However, practical experience shows that the AI Act cannot be considered in isolation. It forms part of a pre-existing legal framework that continues to produce its full effects.

The GDPR: the central legal foundation of AI in the workplace

In almost all cases, AI used in companies involves the processing of personal data. The GDPR therefore constitutes the unavoidable legal entry point.

As a general rule, the employer remains the data controller, even where the AI tool is provided by a third-party service provider. In this capacity, the employer must in particular:

• define a specific, explicit and legitimate purpose;
• identify a valid legal basis;
• comply with the principles of data minimisation, proportionality and security;
• provide clear and transparent information to employees.

The French Data Protection Authority (CNIL) regularly recalls that algorithmic systems cannot escape the fundamental requirements for the protection of individuals’ rights.

The GDPR also strictly regulates decisions based solely on automated processing that produce legal or similarly significant effects. In practice, human intervention remains mandatory, particularly in recruitment, evaluation or disciplinary processes.

Labour law and collective bargaining agreements: a decisive social framework

Beyond European regulations, labour law and collective bargaining agreements (CBAs) play a central role in governing the use of AI in companies.

From a legal perspective, AI is treated as a new workplace technology. As such, its introduction triggers, in many sectors, specific obligations to inform and consult employee representative bodies.

Collective bargaining agreements frequently regulate:

• the introduction of new technologies affecting work organisation or working conditions;
• employee monitoring, surveillance or evaluation systems;
• measures likely to have an impact on employment, skills or management methods.

As a result, an AI project may comply with the GDPR and the AI Act while still being legally weakened if it fails to comply with applicable collective bargaining obligations. This level of regulation remains too often underestimated by companies.

What obligations do employers face when using AI in the workplace?

Employers may use AI to organise work, improve performance or secure internal processes, provided that they respect a fundamental principle: decision-making responsibility remains human.

AI may assist, inform or automate certain tasks, but it can never replace the employer’s responsibility, whether towards employees or supervisory authorities.

The growing use of generative AI tools also raises a specific risk: the unintentional disclosure of personal or confidential data through prompts. Such data may be processed outside the European Union or reused for model training purposes.

Employers must therefore:

• strictly regulate authorised uses;
• train employees on legal and compliance risks;
• select service providers offering strong guarantees in terms of confidentiality and security.

AI deployer or AI provider: a particularly fragile legal boundary

One of the key structural contributions of the AI Act lies in the distinction between AI deployers and AI providers.

At first glance, the distinction appears straightforward:

• the provider designs or places an AI system on the market;
• the deployer uses that system in the course of its professional activity.

In practice, the AI Act adopts a functional approach. An employer may be classified as a provider when it goes beyond a passive use of the tool, in particular when it:

• trains or retrains a model using its own internal data;
• modifies operating parameters;
• integrates the AI system into an internal decision-making process;
• combines several tools to create a proprietary algorithmic solution.

These situations are common in HR, compliance or performance-management projects and result in enhanced obligations in terms of governance, documentation and risk management.

What measures should companies take to properly govern the use of AI?

To secure the use of AI in the workplace, companies must implement clear legal and organisational governance, including in particular:

• an internal AI use policy or charter;
• precise rules governing data and prompt management;
• training programmes addressing legal and compliance risks;
• robust contractual oversight of AI service providers.

Such an approach significantly reduces litigation risks, strengthens regulatory compliance and fosters trust with employees.

Conclusion

Artificial intelligence is a powerful tool, but it cannot be used freely or without control in the workplace. Its use directly engages the employer’s liability and requires legal mastery that is as rigorous as technical expertise.

A clear strategy, combined with appropriate internal rules, is essential to reconcile innovation, performance and legal certainty. Governing AI in the workplace requires a comprehensive approach, integrating the GDPR, labour law, collective bargaining agreements, intellectual property law and the European regulation on artificial intelligence.

Dreyfus & Associés works in partnership with a global network of lawyers specialised in Intellectual Property.
Nathalie Dreyfus with the support of the entire Dreyfus firm team

FAQ

1. Is the employer responsible for decisions made by an AI system?
Yes. The employer remains fully responsible for decisions taken within the company, even where such decisions are assisted or prepared by an AI system. AI may serve as a decision-support tool, but it can never replace human responsibility, in particular in matters relating to recruitment, employee evaluation or disciplinary measures.

2. Does the AI Act replace the GDPR and labour law?
No. The AI Act does not replace either the GDPR or labour law. It supplements an existing legal framework. A single AI tool may be subject simultaneously to the AI Act, the GDPR, labour law rules and collective bargaining agreements, which requires a combined reading and a comprehensive compliance approach.

3. Can an employee refuse to use an AI tool imposed by the employer?
In principle, employees are required to comply with the employer’s instructions issued under its managerial authority. However, a refusal may be legitimate if the AI tool has not been properly disclosed to employees, if it infringes their fundamental rights, or if it has not been subject to the mandatory consultation of employee representatives. A lack of training or use contrary to data protection rules may also undermine the legitimacy of the tool.

4. What happens if an employee uses an unauthorised AI tool in the course of their work?
The use of an unauthorised AI tool may constitute a breach of professional obligations, particularly with regard to confidentiality and data security. However, any disciplinary measure requires that the applicable rules have been clearly defined, communicated to employees and remain proportionate. In the absence of an internal policy or AI charter, the employer’s disciplinary leeway is reduced.

5. Can an employee claim intellectual property rights over content generated with the assistance of AI?
Yes, but only in very limited circumstances. An employee may claim intellectual property rights over AI-assisted content only where their human contribution is creative, decisive and identifiable. In the absence of a personal intellectual contribution (creative choices, structuring, or substantial modification of the content), the output generated by AI is not protected by copyright. Furthermore, where the content is created in the course of the employee’s duties, the exploitation rights generally belong to the employer or are contractually governed.

This publication is intended to provide general guidance to the public and to highlight certain issues. It is not intended to apply to specific situations nor to constitute legal advice.

Introduction

This issue is central for companies facing alleged infringements of their trademarks, patents, designs and models, or copyrights. In a context of intensified competition and rapid circulation of information, the temptation to act quickly, sometimes too quickly, is strong. Recent case law, however, firmly reiterates that the enforcement of intellectual property rights is subject to strict limits, particularly when exercised outside judicial proceedings and when it involves third parties.

Enforcing intellectual property rights without a court decision: an accepted but regulated principle

Extrajudicial action as a legitimate tool for rights protection

French law does not systematically require a prior court decision to enforce intellectual property rights.
In practice, numerous mechanisms allow for a swift response to an alleged infringement, including the sending of a cease-and-desist letter, notice-and-takedown requests addressed to online platforms, removal procedures involving technical intermediaries, or customs actions.

These measures pursue a clear economic objective: to promptly bring an allegedly unlawful practice to an end, limit damage to the value of the right, and preserve the right holder’s competitive position.

Freedom of action subject to loyalty and caution

This freedom, however, is neither absolute nor discretionary.

Case law requires that any extrajudicial action be based on a solid factual foundation, conducted with restraint, and comply with the principle of fair dealing in commercial relations. Failing this, the enforcement of rights may amount to a civil fault engaging the author’s liability.

Legal limits to the extrajudicial enforcement of intellectual property rights

The principle: prohibition of discrediting a competitor

On the basis of Article 1240 of the French Civil Code, disparagement is established whenever a company disseminates information to third parties that is likely to discredit a competitor’s products, services, or activities.

Case law is consistent: the tone used or the absence of malicious intent is irrelevant where the information disseminated has not been judicially established.

The boundary between legitimate information and abusive action

Directly informing the alleged infringer of the existence of prior rights and requesting the cessation of the disputed acts is generally accepted.

By contrast, alerting third parties—such as distributors, customers, or commercial partners—to an alleged infringement places the action in a zone of significant legal risk.

Allegations of infringement and abusive actions: key lessons from recent case law

Clear confirmation by the Court of Cassation

In a decision dated October 15, 2025 (No. 24-11.150), the Court of Cassation firmly reiterated that notifying third parties of an alleged infringement, in the absence of a court decision, constitutes an act of disparagement.

In this case, a company holding copyright in wooden wind chimes had been authorised to carry out a copyright seizure (“saisie-contrefaçon”) against a competing company and its subcontractor. Following this seizure, it sent cease-and-desist letters to several distributors of the targeted competitors, requesting that they cease marketing the allegedly infringing products.

The competing companies, considering that they had been unfairly implicated while no infringement had yet been legally established, brought an action for disparagement against the copyright holder.

At first instance, the lower courts considered that the wording of the letters sent to the resellers was measured and did not, as such, constitute disparagement. However, the Court of Cassation overturned the appellate decision, holding that “in the absence of a court decision recognising the existence of copyright infringement, the mere fact of informing third parties of a possible infringement of such rights constitutes disparagement of the products alleged to be infringing.”

Principles derived from case law

The Court thus reaffirmed three key principles governing any extrajudicial intellectual property enforcement strategy:

• The defence of rights does not justify everything: invoking an intellectual property right does not confer any entitlement to publicly disseminate unproven accusations.
• Pre-litigation communications must remain targeted: they must be strictly limited to the person suspected of infringement and must not extend to economic third parties.
• Good faith is irrelevant: even if measured, cautious and devoid of animosity, the dissemination of an unadjudicated allegation of infringement constitutes a civil fault.

Best practices for protecting rights without incurring liability

Structuring a legally secure extrajudicial action

An effective strategy is based on a graduated sequence of actions that complies with judicial requirements:

• Objectively assess the risk: evaluate the strength of the asserted rights and the reality of the alleged infringement.
• Limit exchanges to the alleged infringer: any cease-and-desist letter must be addressed exclusively to the presumed author of the acts.
• Adopt factual and proportionate wording: avoid definitive characterisations of “infringement” until recognised by a court.
• Preserve evidence: bailiff reports, seizures, and technical or comparative analyses should precede any communication.

When turning to the courts becomes essential

Where the economic risk is high or the infringement spreads through a distribution network, promptly seising a court often becomes the only secure course of action.

A judicial decision offers a dual benefit: it legitimises subsequent communications and protects the right holder against any allegation of disparagement.

Conclusion

Can intellectual property rights be enforced without a court decision? Yes, but only subject to strict limits. Case law reiterates that the defence of rights cannot justify communications liable to harm a competitor’s reputation in the absence of prior judicial recognition.

In this context, a controlled, legally framed and proportionate strategy remains essential. Anticipation and support from specialists help secure rights enforcement while preserving fair competition.

Dreyfus & Associés assists its clients in managing complex intellectual property cases, offering personalized advice and comprehensive operational support for the complete protection of intellectual property.

Dreyfus & Associés works in partnership with a global network of attorneys specializing in Intellectual Property.

Nathalie Dreyfus with the support of the entire Dreyfus team

FAQ

1. Is legal risk limited to litigation exposure?
No. It also includes reputational, commercial and sometimes structural risks for the company.

2. Is extrajudicial action always less risky than court proceedings?
No. If poorly handled, it may expose its author to civil liability that can be more costly than initially contemplated litigation.

3. Does good faith protect against an action for disparagement?
No. Case law considers good faith to be irrelevant.

4. Is a seizure for infringement sufficient to communicate with third parties?
No. It is an evidentiary tool, not a judicial recognition of infringement.

5. Can freedom of expression be relied upon?
It is limited by the principles of loyalty and protection against disparagement.

This publication is intended for general public guidance and to highlight issues. It is not intended to apply to specific circumstances or to constitute legal advice.

On November 4, 2025, the case Getty Images (US) Inc. v. Stability AI Limited gave rise to a highly anticipated decision of the High Court of Justice in London, stating that the use of trademarks in the context of artificial intelligence is not, in itself, unlawful. This judgment is of considerable importance for defining the scope of liability in the field of generative AI and intellectual property law.

Introduction

On November 4, 2025, the High Court of Justice in London delivered a long-awaited decision in Getty Images (US) Inc. v. Stability AI Limited, providing key clarifications on the interaction between generative artificial intelligence and intellectual property rights.

In particular, the Court held that the use of trademarks in the context of AI is not unlawful per se, while emphasizing that specific infringements may nevertheless be established in concrete circumstances. This ruling constitutes a significant reference point in defining the liability of generative AI stakeholders.

Background and facts of the case

Getty Images, a leading provider of licensed images, brought legal proceedings against Stability AI, alleging that the latter had used its images to “train” its generative AI system, Stable Diffusion, a deep learning model capable of generating images from textual descriptions.

Getty Images claimed that Stability AI had used, without authorization, images from its databases to train its model and had generated synthetic images reproducing its “Getty Images” or “iStock” watermarks.

These allegations were based on three main legal grounds:

• infringement of copyright and database rights;
• infringement of the “Getty” and “iStock” trademarks, on the basis that certain generated images appeared to reproduce or evoke watermarks associated with those marks;
• acts of passing off, namely the misleading appropriation of Getty Images’ commercial reputation.

Arguments raised by the parties

Getty Images argued that Stability AI had reproduced copyright-protected works without authorization. In its view, the training process should be regarded both as an indirect reproduction of those works and as an unlawful extraction from its databases.

From a trademark law perspective, Getty Images primarily alleged infringement of its trademarks, asserting that the reproduction of its distinctive signs in AI-generated images constituted unauthorized use, likely to give rise to unfair competition, in particular by creating confusion in the public’s mind as to the existence of a license or a partnership.

Stability AI,  contended under copyright law that the Stable Diffusion model neither stores nor reproduces source images, but relies on statistical learning that cannot be equated with copying protected works. It further argued that the training operations had been carried out outside the United Kingdom, thereby excluding the application of UK copyright law.

Stability AI also denied any liability, asserting that any potential infringement resulted from prompts provided by end users rather than from its own conduct.

The Court’s legal analysis

An approach based on the reality of the infringement

The Court recalled that trademark law does not sanction abstract risks, but rather actual and perceptible uses. Accordingly, the analysis focused on the images generated and disseminated, rather than on the technical training process alone.

Some images had been generated from content identifiable as originating from Getty Images, while others stemmed from broader and non-identifiable datasets. This distinction played a decisive role in the Court’s assessment.

Rejection of the copyright counterfeiting claims

With regard to copyright, the Court carried out a precise legal characterization of the disputed subject matter. It clearly distinguished between:

• the model training process, which falls within the scope of statistical learning; and
• the reproduction of protected works, which alone is capable of constituting infringement.

The Court found that Stable Diffusion does not store or contain source images in a recognizable form. The model could therefore not be treated as a medium incorporating copies of protected works within the meaning of the Copyright, Designs and Patents Act 1988.

This conclusion was reinforced by a strict territorial analysis: as the training had been carried out outside the United Kingdom, UK copyright law was in any event inapplicable.

The Court thus drew a clear line between algorithmic learning and legally relevant reproduction, rejecting any principle-based liability of the AI provider on this ground.

Recognition of a limited trademark counterfeiting

For trademark matters, the Court adopted a more nuanced approach. It acknowledged the existence of counterfeiting, but characterized its scope as “extremely limited”.

The trademarks at issue were found to be identical or quasi-identical, and the services concerned fell within the same economic field as those covered by Getty Images’ registrations.

The judge specified that the lack of extensive evidence of actual confusion was not decisive, insofar as the likelihood of confusion could be inferred from the overall context.

Use of trademarks at the stage of generated content: consumer perception

It is at the stage of content generation and dissemination that legal risk crystallizes. The Court therefore examined the perception of the average consumer, a central concept in trademark law.

In the Getty case, several user profiles were considered:

• members of the general public using cloud-based services;
• developer users;
• users of downloadable models.

The Court held that a significant number of these users could believe that a partnership or license existed, a factor which weighed heavily in the recognition of trademark infringement.

Conclusion

The Getty Images v. Stability AI decision confirms that the use of trademarks in the AI creation process is not unlawful by nature, but may constitute an infringement of intellectual property rights where the traditional conditions of infringement are met and concretely demonstrated.

It represents an important milestone for both rights holders and AI developers, by clarifying the analytical criteria and evidentiary requirements applicable, while rejecting any blanket condemnation of generative AI.

In a context of rapidly expanding AI uses, specialized legal expertise remains essential to secure projects and anticipate litigation risks.

Dreyfus & Associés assists its clients in anticipating and managing these emerging risks related to generative AI, integrating trademark law, data protection and emerging technologies.

Dreyfus & Associés  is in partnership with a global network of intellectual property law specialists.

Nathalie Dreyfus, with the support of the entire Dreyfus firm team

FAQ

1. Can an AI system infringe a trademark without intent?
Yes. Intent is not a necessary condition in trademark law where there is use in the course of trade.

2. Is the appearance of a trademark in an AI-generated output always unlawful?
No, but it becomes problematic in cases of likelihood of confusion, damage to reputation, or parasitism.

3. Are AI developers responsible for generated images?
Case law trends towards increased accountability where outputs are commercially exploited.

4. How can trademark use by AI systems be monitored?
Through a combination of technological monitoring, legal analysis, and audits of generative platforms.

5. Can the removal of a trademark from AI outputs be requested?
Yes, through appropriate amicable or judicial proceedings, depending on the context and jurisdiction.

This publication is intended to provide general guidance and to highlight certain issues. It is not intended to address specific situations nor to constitute legal advice.

Introduction

Understanding DNS abuse has become a strategic priority for companies operating online, well beyond the technical community. The Domain Name System (DNS) underpins global digital commerce, trademark visibility, and trust. Yet, it is also one of the most exploited layers of the Internet infrastructure, routinely leveraged for phishing, malware distribution, botnet coordination, and large-scale fraud.

Over the past two years, and particularly since April 2024, the regulatory and contractual landscape governing DNS abuse has undergone a structural transformation. Through reinforced contractual obligations imposed by ICANN, enhanced compliance oversight, and the launch of new policy initiatives within the GNSO, DNS abuse mitigation has shifted from best-effort cooperation to binding, enforceable responsibility.

What is DNS abuse under ICANN rules?

At the highest level, DNS abuse refers to a limited and deliberately narrow category of online harms that rely on the DNS itself to function. This scope is essential: ICANN does not regulate online content, but rather the technical coordination of the DNS.

A precise and enforceable definition

For contractual and compliance purposes, DNS abuse exists when a domain name is used to enable or materially support:

• Malware, meaning malicious software designed to compromise systems or data
• Botnets, consisting of remotely controlled networks of infected devices
• Phishing, involving deception to obtain credentials or sensitive information
• Pharming, redirecting users to fraudulent destinations through DNS manipulation
• Spam, but only when it serves as a delivery mechanism for one of the above threats

This definition draws a strict line between DNS-level abuse and content-based illegality (such as trademark infringement), which falls outside ICANN’s mandate.

DNS abuse beyond technical enforcement

Historically, DNS abuse mitigation relied heavily on voluntary cooperation and informal best practices. That model has proven insufficient against industrialized cybercrime, where abusive domains are registered in volume, activated within minutes, and rotated rapidly.

From a legal and business perspective, DNS abuse now represents:

• A direct risk to trademark integrity and consumer trust
• A source of contractual exposure for registrars and registries
• A compliance risk with measurable enforcement consequences
• A governance issue, requiring documented decision-making and accountability

In practice, DNS abuse has become a cross-disciplinary risk, sitting at the intersection of cybersecurity, contract law, regulatory compliance, and digital governance.

How did the 2024 contractual amendments change registrar and registry obligations?

ICANN’s contractual amendments, effective 5 April 2024, mark a clear shift in DNS abuse mitigation. What had long been framed as cooperative best practice is now established as a binding contractual obligation, subject to compliance review and enforcement.

Registrars: clearer duties and an obligation to act

Under the revised Registrar Accreditation Agreement, registrars must maintain accessible abuse reporting mechanisms and ensure that reports are effectively processed. Beyond accessibility, the core change lies in the explicit duty to act when presented with actionable evidence of DNS abuse involving a domain name they sponsor.

This standard does not require absolute certainty. It requires a reasonable assessment based on available information. Once met, registrars must take timely and appropriate measures to disrupt the abuse.

Registries: complementary responsibilities at the TLD level

Registry operators are subject to parallel obligations under the Base gTLD Registry Agreement. They must publish abuse contact points and, upon receiving actionable evidence of DNS abuse, either escalate the matter to the sponsoring registrar or take direct mitigation measures where appropriate.

How is DNS abuse enforced today?

Since April 2024, enforcement activity has intensified significantly. ICANN relies on:

• Third-party complaints, filed by rights holders, security researchers, or affected users
• Proactive audits and monitoring, initiated internally
• Public compliance reporting, increasing transparency and reputational pressure

Failure to comply can lead to formal breach notices and escalating contractual consequences.

Strategic implications for professional stakeholders

For legal advisers, compliance officers, and technical teams, several priorities emerge.

• Structured governance and audit-ready procedure: clear internal procedures for intake, assessment, escalation, and response are now essential. Documentation is no longer optional.
• Operational capability and staff readiness: teams handling abuse reports must understand both technical indicators of DNS abuse and the contractual standards governing mitigation.
• Proportionality and exposure to legal liability: over-reaction can be as damaging as inaction. Unjustified suspensions may expose operators to contractual disputes or liability toward registrants.
• Integrated cross-functional coordination: effective DNS abuse mitigation increasingly depends on coordination between legal, technical and compliance teams.

Conclusion

DNS abuse remains one of the most persistent threats to Internet stability and user trust. Through its 2024 contractual amendments and strengthened compliance framework, ICANN has fundamentally reshaped the expectations placed on registrars and registry operators.

For professional stakeholders, DNS abuse mitigation is now a legal and contractual obligation with tangible enforcement consequences. Mastery of this framework is essential to managing risk, ensuring compliance, and protecting digital assets in an increasingly hostile online environment.

Dreyfus & Associés assists its clients in managing complex intellectual property cases, offering personalized advice and comprehensive operational support for the complete protection of intellectual property.

Dreyfus & Associés works in partnership with a global network of attorneys specializing in Intellectual Property.

Nathalie Dreyfus with the support of the entire Dreyfus team

Q&A

What is the difference between DNS abuse and online content infringement?

DNS abuse concerns technical misuse of the DNS itself, whereas content infringement relates to what is published on a website and falls outside ICANN’s mandate.

Is spam always considered DNS abuse?

No. Spam qualifies only when it is used to deliver malware, phishing, or similar DNS-enabled threats.

Are registrars required to suspend domains automatically?

No. They must take proportionate and appropriate measures, which may vary depending on context.

Can registry operators act directly against abusive domains?

Yes, where appropriate, or they may escalate the matter to the sponsoring registrar.

Does DNS abuse mitigation create legal risk for registrars?

Yes. Both failure to act and disproportionate action can carry contractual and legal consequences.

This publication is intended for general public guidance and to highlight issues. It is not intended to apply to specific circumstances or to constitute legal advice.

Introduction

The sharp increase in demand for out-of-court dispute resolution services in the field of domain names constitutes one of the most significant indicators of recent developments in digital law. According to official data published by WIPO, more than 6,200 UDRP complaints were filed in 2025, representing the highest volume ever recorded, and a slight increase compared to 2024 (6,168 cases).

This growth is not a short-term or cyclical phenomenon. It reflects a structural transformation in the way intellectual property disputes are resolved, driven directly by the digitalization of intangible assets.

An analysis of the 2025 statistics provides key legal, economic, and strategic insights for businesses, particularly regarding the now central role of WIPO procedures in the protection of intangible assets.

Statistical analysis of domain name disputes

UDRP: a new all-time record

In 2025, more than 6,200 UDRP complaints were filed, a level never reached since the creation of the UDRP mechanism.

These figures confirm a continued intensification of cybersquatting, phishing, and identity theft practices, involving domain names that imitate well-known trademarks or distinctive corporate signs. Such practices are frequently accompanied by:

• deceptive websites,
• mail server (MX) configurations,
• targeted fraud campaigns aimed at employees, partners, or customers.

At the same time, these infringements have become increasingly professionalized, involving mass registrations, multiple extensions, and fraudulent uses combining websites and email services.

An industrialized form of litigation

Cumulative data show that WIPO has now administered more than 80,000 domain name disputes since the inception of its dispute resolution mechanisms.

From a statistical perspective, this critical mass produces two major effects:

• a highly structured and predictable case-law,
• a growing deterrent effect on the most visible fraudulent operators.

Geographical distribution and sectors of activity

Complaints originate from rights holders established in numerous countries, with a strong concentration of filings from the United States, France, and the United Kingdom.

The disputes span a wide range of economic sectors, including retail and distribution, digital technologies, healthcare, finance, and consumer goods.

WIPO mechanisms: scope and operational effectiveness

UDRP and related procedures: an international standard

The procedures administered by WIPO, foremost among them the UDRP, make it possible to obtain the transfer or cancellation of a domain name when three cumulative conditions are met:

• identity or confusing similarity with a prior right,
• absence of rights or legitimate interests on the part of the respondent,
• registration and use in bad faith.

A pragmatic and predictable procedural framework

The average duration of a procedure remains limited, generally a matter of weeks, with reasoned decisions that are widely published, thereby contributing to legal certainty and jurisprudential consistency.

Strategic impacts for companies and legal departments

Integrating WIPO procedures into a global protection strategy

The statistics invite companies to rethink their internal organization, including:

• anticipation of infringements,
• structured international monitoring,
• the ability to initiate WIPO proceedings rapidly.

A complementary lever to judicial litigation

Recourse to WIPO does not systematically replace court actions, but rather forms part of a complementary approach.

It allows companies to reserve judicial proceedings for matters with high strategic value, while effectively addressing large-scale or repetitive infringements. In practice, WIPO procedures often make it possible to:

• Act quickly,
• Reduce costs,
• Secure digital assets upstream of more complex litigation.

Conclusion

WIPO’s record 2025 statistics reflect a clear reality: out-of-court resolution of intellectual property disputes has become a central pillar of digital law.

For businesses, these mechanisms now constitute an essential strategic tool, provided they are integrated into a comprehensive and forward-looking approach to the protection of intangible assets.

Dreyfus & Associés assists its clients in managing complex intellectual property cases, offering personalized advice and comprehensive operational support for the complete protection of intellectual property.

Dreyfus & Associés works in partnership with a global network of attorneys specializing in Intellectual Property.

Nathalie Dreyfus with the support of the entire Dreyfus team

FAQ

1. How can a WIPO procedure be prepared effectively?
By gathering solid technical evidence, conducting a precise legal analysis, and clearly demonstrating bad faith.

2. Are WIPO decisions binding?
They are enforceable at the registrar level, subject to the absence of judicial proceedings initiated within the prescribed deadlines.

3. Are WIPO procedures truly effective?
The growing volume of cases and their recurrence demonstrate an effectiveness recognized by companies of all sizes.

4. Does a WIPO procedure prevent subsequent judicial action?
No. It does not preclude complementary actions before the competent courts.

5. Why is there such a sharp increase in WIPO procedures?
The statistics reflect the multiplication of digital infringements and the search for rapid, international, and specialized solutions.

6. Will domain name disputes continue to increase?
Current statistical trends indicate a likely continuation of growth, driven by fraudulent practices and the expansion of domain name extensions.

This publication is intended to provide general guidance to the public and to highlight certain issues. It is not intended to apply to specific circumstances or to constitute legal advice.

Introduction

In the contemporary sports economy, performance alone is no longer enough to create sustainable value. Media visibility, presence on social networks, the ability to unite a community and attract business partners are now essential levers. In this context, the possession of trademarks by athletes is an essential legal and strategic tool. It allows to transform a notoriety, by nature volatile, into a structured intangible asset, secure and exploitable, in the service of a long-term patrimonial and entrepreneurial strategy.

The trademark, a key asset for athletes

The trademark confers on its owner an exclusive right of use over a distinctive sign for specific goods and services. For an athlete, this right presents a major interest: it allows to legally appropriate its commercial value, regardless of its sporty performances.

In a highly competitive and globalized environment, the trademark plays a structuring role. It provides a clear legal framework, enforceable against third parties, and facilitates the defense actions against unauthorized uses such as counterfeiting or parasitism. In the absence of a deposit, an athlete exposes himself to significant risks, particularly in systems based on the principle of “first to file”, where third parties can legally appropriate a name, a pseudonym or a sign that has become famous. This is notably the case of Neymar, whose name was registered as a trademark by a third party (TEU, 14 May 2019; T 795/17). The athlete had the possibility to contest the validity of the trademark, subject to the assessment of the INPI or the judges, in particular by invoking the bad faith of the registrant who exploits the name of a third party for his personal benefit. On the other hand, this means having to initiate trademark cancellation proceedings, which in turn has a financial and temporal cost.

The variety of signs eligible for trademark protection

Contrary to a generally accepted idea, the trademark of an athlete is not limited to their patronymic name. Depending on the case, can be protected:

• The civil noun, when it has distinctive character;
• A sports pseudonym or nickname recognized by the public;
• A logo or stylized signature;
• A slogan, motto or phrase associated with the athlete;

The deposit must however be carefully prepared. Not all signs are automatically protectable, and a prior legal analysis is essential to assess the distinctiveness, the possible presence of earlier trademarks and consistency with the commercial objectives of the athlete.

The trademark as a monetization and negotiation lever

The holding of trademarks considerably strengthens the position of the athlete in his contractual relations. In sponsorship, equipment or partnership agreements, the question of ownership of the used signs is central. An athlete who masters its trademarks retains increased bargaining power and avoids permanent transfers or excessive dependencies towards economic partners.

Trademarks are also the foundation of diversified monetisation strategies. They allow for the development of licensing, merchandising, co-branding, or even the creation of product and service ranges. In a structured framework, the trademark becomes an asset that generates recurring revenues, regardless of the duration of the sports career.

In terms of heritage, trademarks can be valued, brought to a company, licensed or transmitted. They are thus fully integrated into a logic of management and optimization of intangible assets.

Trademarks, image and legal risk management

Athletes are among the prime targets of Internet rights violations: counterfeits, fake products, fraudulent accounts on social networks, misleading sites or parasitic uses. In this context, the trademark is a particularly effective protection tool.

It allows to act quickly with platforms, registrars, hosts or customs authorities, often without having to demonstrate a complex fault. It also provides a sound legal basis to combat reputational damage and risks of confusion in the public mind.

Moreover, the trademark facilitates articulation with other rights, such as image rights or copyright. It provides additional legal certainty, particularly in a digital environment where the boundaries between business operations and personal communication are increasingly blurred.

Anticipate the post-career thanks to trademarks

The sports career is, in essence, limited in time. Injuries, performance drop or personal choices can end it abruptly. The trademark, on the other hand, is long-term, offering stable valuation support, likely to fit into a long-term heritage logic. It allows the athlete to perpetuate their notoriety beyond the competition.

Many reconversion projects today rely on pre-existing trademarks: academies, consulting activities, media, product lines, foundations or philanthropic commitments. By anticipating these developments, the trademark strategy becomes a tool for securing the professional and financial future of the athlete.
It also participates in the construction of a heritage, by permanently associating a name or a sign with values, an expertise or a specific universe.

Conclusion

The opportunity to own trademarks for athletes relies on a proactive and structured approach to intellectual property. By transforming sports awareness into a legal asset, the trademark becomes a real tool for economic and strategic management. Experience shows that athletes who have anticipated these challenges have a real freedom of action, much greater than those who would have neglected them.
Dreyfus & Associates assists its clients in managing complex intellectual property cases, offering personalized advice and comprehensive operational support for the complete protection of intellectual property.

Dreyfus & Associates is partnered with a global network of intellectual property law firms.

Nathalie Dreyfus with the help of the entire team at Dreyfus & Associates

Q&A

1.Can a trademark be filed personally or must it be through a company?
Both options are possible. The deposit can be made on a personal basis, which may offer more flexibility in operation, or through a company, which may have tax or patrimonial advantages. The choice depends on the overall strategy for managing the athlete’s rights.

2.Do trademarks protect against fake accounts on social networks?
Yes, they are an effective legal basis for requesting the removal of fraudulent accounts.

3.When should an athlete consider a branding strategy?
Ideally as soon as possible, before any significant media exposure or signing of commercial contracts.

4.What happens if a third party files a trademark with the name of an athlete?
If a third party files a trademark with the name of an athlete without his consent, the latter may initiate opposition or cancellation proceedings, especially if the trademark was filed in bad faith or if it creates confusion in the mind of the public. It is also possible to request the cancellation of the trademark if the filing infringes the image rights of the athlete.

5.Can an athlete file a trademark in several countries?
Yes, an athlete can register their trademark in several countries depending on their commercial ambitions. He can choose to file his trademark at the national level or use systems like the Madrid system (WIPO) for a simplified international registration, covering several countries in a single application

6.How can an athlete use their trademark to enter sectors other than sports?
An athlete can use their trademark to diversify into sectors such as fashion, wellness products, technologies, or media. By using his name or image, he can create partnerships with trademarks in these sectors, relying on his reputation and network to expand his activities beyond the sports field.

The purpose of this publication is to provide general guidance to the public and to highlight certain issues. It is not intended to apply to particular situations or to constitute legal advice