Skip to content
ZxR Cyber Sentinel 4.1 is available — Discover our AI models
🇫🇷 France

Cyber compliance in France

Everything about cybersecurity obligations applicable in France. Mandatory frameworks, recommended standards, competent authorities, and penalties.

Legal obligations

Mandatory frameworks

Compliance frameworks mandated by regulation in France.

Mandatory46 articles

NIS2

EU / ANSSI

EU directive on network and information systems security, transposed into French law. Extended obligations for essential and important entities.

View details
Mandatory64 articles

DORA

EU / ACPR

Digital Operational Resilience Act. Mandatory digital resilience for the European financial sector, applicable in France.

View details
Mandatory20 règles

LPM

ANSSI

Military Programming Law. Security obligations for Operators of Vital Importance (OIV).

Mandatory99 articles

RGPD / GDPR

EU / CNIL

General Data Protection Regulation. Individual rights and data controller obligations.

Mandatory14 règles

RGS

ANSSI

General Security Framework. Mandatory for French administrations and digital public services.

Recommended standards

Recommended standards

The most relevant international standards for the France market.

Recommended93 controles

ISO 27001:2022

ISO/IEC

Information security management system. The reference certification in France, prerequisite for many public tenders.

View details
Recommended5 criteres

SOC 2 Type II

AICPA

Trust Services Criteria. Essential for French SaaS vendors serving Anglo-Saxon clients.

View details
Useful frameworks

Methodological frameworks

Complementary frameworks to structure your security approach.

Framework5 ateliers

EBIOS RM

ANSSI

ANSSI risk analysis methodology. The reference method in France for risk assessments.

Framework6 fonctions

NIST CSF 2.0

NIST

American cybersecurity framework. Complementary with European frameworks for international groups.

Framework18 controles

CIS Controls v8

CIS

Prioritized critical security controls. Good operational complement to the NIS2 approach.

Local specifics

France regulatory context

Competent authority

ANSSI (National Agency for Information Systems Security) for cybersecurity. CNIL (National Commission on Informatics and Liberty) for personal data.

Penalties

NIS2: up to 10M EUR or 2% of global turnover. GDPR: up to 20M EUR or 4% of global turnover. LPM: administrative and criminal sanctions.

NIS2 transposition

France has transposed the NIS2 directive into national law. ANSSI oversees implémentation and can conduct audits of essential and important entities.

ANSSI qualification

ANSSI issues security visas (qualification and certification) for products and trust service providers.

EU Pack

Zaxyr offers a pre-configured pack covering all applicable obligations in France. Automatic cross-mapping between frameworks.

Ready to secure your compliance in France?

AI gap analysis, automatic cross-mapping, continuous monitoring. Request a personalized demo.