Presented to the Senate on 15 October 2024, the Critical Infrastructure Resilience Bill, known as the Resilience Act, aims to strengthen the security of critical infrastructure in the face of growing threats. The bill is currently being examined by Parliament and should be adopted in April 2025.
The intensification of cyber attacks against critical infrastructures, the emergence of new hybrid threats and geopolitical tensions have made it necessary to adapt the European regulatory framework. This project to transpose several European directives is part of a wider European strategy to strengthen cyber security.
| THE GUIDELINES | CLARIFICATION |
|---|---|
| REC Directive | The BER Directive on the resilience of critical entities provides a framework for critical entities. These are designated by the Member States. The resilience bill incorporates these principles by establishing minimum standards for equipment used in critical infrastructures and imposing lifecycle monitoring of digital products deployed in these sensitive environments. |
| NIS 2 Directive | The Network and Information Security 2 Directive is the backbone of the project, considerably extending the scope of NIS 1. In France, this transposition increases the number of regulated entities to include medium-sized businesses in critical sectors. The text also strengthens incident notification requirements and compliance checks, and provides for a more dissuasive system of administrative penalties. |
| DORA technical guidelines | The DORA regulation focuses on the financial sector. It introduces specific obligations for digital service providers in the financial sector, including resilience testing and third-party risk management. |
The resilience bill transposes the European NIS 2, REC and DORA directives into French law, strengthening the protection of national critical infrastructures. Presented to the Senate in October 2024, this text responds to the 15% increase in cyber incidents observed in 2024. By broadening the scope of regulated entities and imposing strict technical standards, France is asserting its digital sovereignty while at the same time aligning itself with the European cybersecurity strategy.
In 2024, 3004 reports and 1361 incidents were brought to the attention of the ANSSI, an increase of 15% compared with 2023. Source : ANSSI
During the period of the 2024 Olympic Games, attempts at destabilisation, espionage and attacks for profit were observed.