Cybersecurity—France—Q&A guide

The following Information Law practice note provides comprehensive and up to date legal information covering:

  • Cybersecurity—France—Q&A guide
  • 1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?
  • 2. Which sectors of the economy are most affected by cybersecurity laws and regulations in your jurisdiction?
  • 3. Has your jurisdiction adopted any international standards related to cybersecurity?
  • 4. What are the obligations of responsible personnel and directors to keep informed about the adequacy of the organisation’s protection of networks and data, and how may they be held responsible for inadequate cybersecurity?
  • 5. How does your jurisdiction define cybersecurity and cybercrime?
  • 6. What are the minimum protective measures that organisations must implement to protect data and information technology systems from cyberthreats?
  • 7. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to intellectual property?
  • 8. Does your jurisdiction have any laws or regulations that specifically address cyberthreats to critical infrastructure or specific sectors?
  • 9. Does your jurisdiction have any cybersecurity laws or regulations that specifically restrict sharing of cyberthreat information?
  • More...

Cybersecurity—France—Q&A guide

This Practice Note contains a jurisdiction-specific Q&A guide to cybersecurity in France published as part of the Lexology Getting the Deal Through series by Law Business Research (published: December 2019).

Authors: ADSTO—Claire Bernier; Fabrice Aza; Damien Altersitz

1. Summarise the main statutes and regulations that promote cybersecurity. Does your jurisdiction have dedicated cybersecurity laws?

Article L111-1 of the Code of Homeland Security provides that the state shall maintain security, which extends to cyberspace. It is in this regard that France has enacted not one specific law but several acts and regulations promoting cybersecurity. They are as follows.

  1. The Military Programming Act No. 2013-1168 of 18 December 2013 for 2014 to 2019. Pursuant to this act, the state has a duty and responsibility to take appropriate measures to protect essential sectors that are deemed ‘of utmost importance for State survival’, such as banks, hospitals and nuclear power plants. A whole chapter is dedicated to cyber defence in the new Military Programming Act for 2019 to 2024, not yet into force (it is currently being drafted in Parliament).

  2. Decrees Nos. 2015-350 and 2015-351 of 27 March 2015, which enact the Military Programming Act of 2013. These decrees state that essential sectors that are deemed ‘of utmost importance for state survival’ are bound to:

    1. adopt detection tools in their networks and information technology (IT) infrastructures so as to prevent

Popular documents