[et_pb_section fb_built= »1″ _builder_version= »4.22.2″ _module_preset= »default » global_colors_info= »{} »][et_pb_row column_structure= »1_2,1_2″ _builder_version= »4.22.2″ _module_preset= »default » custom_margin= »|auto||3px|| » custom_padding= »0px|||0px|| » global_colors_info= »{} »][et_pb_column type= »1_2″ _builder_version= »4.22.2″ _module_preset= »default » global_colors_info= »{} »][et_pb_text _builder_version= »4.22.2″ _module_preset= »default » custom_margin= »2px||||| » global_colors_info= »{} »]

Introduction of the Cyberscore system

As we live in an increasingly digital world, the security of our personal data remains a major concern. Who hasn't heard of a cyberattack in recent years? It is in this context that France has decided to take action with the introduction of the Cyber-Score Law. Let's explore this new initiative together.

[/et_pb_text][/et_pb_column][et_pb_column type="1_2" _builder_version="4.22.2" _module_preset="default" global_colors_info="{}"][et_pb_image src="https://www.intrinsec.com/wp-content/uploads/2023/11/cyberscore1.jpg" alt="cyberscore" title_text="cyberscore" _builder_version="4.22.2" _module_preset="default" custom_margin="|-160px||||" custom_padding="|||229px||" global_colors_info="{}"][/et_pb_image][/et_pb_column][/et_pb_row][et_pb_row _builder_version="4.22.2" _module_preset="default" custom_margin="|-162px||1px||" custom_padding="|13px||||" global_colors_info="{}"][et_pb_column type="4_4" _builder_version="4.22.2" _module_preset="default" global_colors_info="{}"][et_pb_text _builder_version="4.22.2" _module_preset="default" custom_padding="|0px||0px||" global_colors_info="{}"]

Cyber-score Law: A legislative response to a major challenge

The Senate report of February 16, 2022, brought to light by Senator Anne-Catherine Loisier, revealed a surprising fact: despite a significant increase in cyberattacks, many companies do not seem to be adapting their strategies accordingly. Such a finding is alarming in the digital age.

To counter this phenomenon, France introduced Law No. 2022-309 of March 3, 2022. Its mission? To require digital platforms to inform the public about the level of security of their data. This is a significant step forward, especially since this law goes beyond the well-known GDPR in terms of transparency.

Who is affected and how?

The scope of this law is broad. It mainly concerns digital platforms, messaging services and video conferencing software that exceed 25 million unique visitors per month from French territory in 2024.

The core of this regulation rests on a cybersecurity audit, conducted by a PASSI-qualified provider accredited by the French National Cybersecurity Agency (ANSSI). This audit will focus not only on data location, but also on criteria such as organization, data protection, and secure development.

The goal: A clear indicator for consumers

Imagine for a moment having the power to know at a glance how robust a website's security is, much like the Nutri-Score for food products. That's the goal of the CyberScore, which will be prominently displayed on platforms. This way, every user can make informed choices about protecting their data.

What if we don't comply?

The law is clear on this point. Any failure to display the cyber score can result in significant financial penalties. But beyond the financial aspect, a company's reputation could be severely damaged.

This is the logic of "name and shame," which is also found in the 2024 Military Programming Law (LPM 2024) for software publishers who fail to patch their vulnerabilities. The expression "name and shame" is Anglo-Saxon and can be translated into French as "nommer et déshonorer" or "dénoncer publique." It aims to publicly identify and denounce individuals, companies, or organizations for behavior deemed reprehensible, inappropriate, or contrary to certain norms or values.

What is the timeframe?

According to the law, the cyber score is normally mandatory since 1^er As of October 2023, the implementing decree has not yet been published, making its application problematic.

However, a draft decree has been circulated, and it gives a glimpse of the outlines of the requirements.

How to prepare for it?

The themes that will be addressed by the requirements of the new system are:

• Information Systems Security Organization and Governance
• Interconnection and sharing of data with third parties, including outside the EU
• Documentary, inventory, cartography
• Outsourcing and subcontracting
• Mastering internet exposure
• Incident handling
• Cybersecurity awareness
• Security in development

The topics covered are vast, and the preparatory work is significant.

That's why we recommend doing an assessment of its level of compliance regarding the draft decree, preparations are underway now to ensure its compliance.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version= »4.22.2″ _module_preset= »default » custom_margin= »|auto||0px|| » global_colors_info= »{} »][et_pb_column type= »4_4″ _builder_version= »4.22.2″ _module_preset= »default » global_colors_info= »{} »][et_pb_text _builder_version= »4.22.2″ _module_preset= »default » global_colors_info= »{} »]

I would like Cyberscore support

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row _builder_version= »4.22.2″ _module_preset= »default » custom_margin= »|auto||1px|| » global_colors_info= »{} »][et_pb_column type= »4_4″ _builder_version= »4.22.2″ _module_preset= »default » global_colors_info= »{} »][wpforms_selector form_id= »221279″ _builder_version= »4.22.2″ _module_preset= »default » min_height= »973.3px » custom_padding= »0px||||| » global_colors_info= »{} »][/wpforms_selector][/et_pb_column][/et_pb_row][/et_pb_section]