Network security - the NIS directive was transposed in French law

Network security - the NIS directive was transposed in French law

The directive concerning measures for a high common level of security of network and information systems across the Union ("NIS Directive") was transposed in French law on 26 February 2018. (1)

The new law provides additional obligations regarding digital security. (2)
 
Two new types of companies are identified

   - Operators of essential services  (OES) (which are globally equivalent to the French definition of operators of vital importance (opérateurs d’importance vitale - OIV). These include companies operating in essential areas such as: energy, transportation, banking, financial markets infrastructures, health, production and distribution of potable water and the providers of digital infrastructures, and

   - Digital services providers (DSPs) which include companies providing cloud computing services, market places, search engines services, etc.
 
These companies will have to implement the cybersecurity measures set up by the National Agency for Information Systems Security (Agence nationale de la sécurité des systèmes d’information - ANSSI). They will have to notify the ANSSI in case of security incidents which may have a significant impact on the continuity of the services provided. 
 
Any failure to secure the networks, to declare a security incident or in case of blocking a control procedure, will be subject to fines between €75,000  and €125,000 for the OES, the amount of the fine depending on the type of violation, and fines between €50,000 and €100,000 for DSPs.
 
A decree specifying the list of OES and FSEs operating in the French territory should be published before 9 November 2018.

                                                                      * * * * * * * * * * *

(1) Directive (EU) 2016/1148 of the Europen Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union ("NIS Directive") 

(2) Law #2018-133 of 26 February 2018 including several provisions adapting French law to European Union law in the area of security (Loi n°2018-133 du 26 février 2018 portant diverses dispositions d'adaptation au droit de l'Union européenne dans le domaine de la sécurité)


Bénédicte DELEPORTE
Avocat
Deleporte Wentz Avocat

Mars 2018


Go back to News and Publications

Mots clés :

advertising (1) adwords (3) ai (24) anssi (2) arcep (3) arcom (13) artificial intelligence (10) audiovisual (1) blockchain (6) children (3) cjeu (2) cloud computing (3) cnil (16) commerce (4) communication (8) compliance (29) confidentiality (1) consumers (1) contract (5) cookies (6) copyright (5) cross-border data transfers (4) cybercrime (2) cybersquatting (3) data privacy (14) data privacy framework (2) database (1) domain names (2) dpf (2) drones (1) dsa (6) e-commerce (13) employee (3) encryption (1) eu (15) europe (14) france (12) gdpr (27) general data protection regulation (8) indexing (2) information technology (6) intellectual property (7) internet (32) ip (4) liability (5) métavers (3) networks (1) nft (4) privacy (10) privacy shield (2) regulation (3) robotics (7) rpa (6) safe harbor (2) search engines (4) security (3) singapore (4) social media (6) software (5) trademark (2) uas (1) unmanned aircraft (1) us (3) video game (3)