Cyber News

"Risk-based approach" and "compliance-based approach": you've probably heard these terms before. They divide the cyber world.

GDPR, LPM, NIS... Companies today are subject to an increasing number of regulatory and compliance frameworks. While these rules are essential to ensuring a high level of security within the organization, they can sometimes hinder the smooth running of operations.

In 2024, the European Union undertook to regulate the use of artificial intelligence through the AI Act. This pioneering initiative aims to establish a legal framework for the general use of AI.

The law firm Fidal, founded in 1922 (no less!), has specialized in cyber issues for several years. When we met with them, we wanted to know how business law experts approach cybersecurity and its challenges, particularly in terms of regulatory compliance. Gaël Leroux and Cyril Chauvin answer our questions.

Everyone (or almost everyone) is familiar with the NIST Cybersecurity Framework (NIST-CSF). Developed by the National Institute of Standards and Technology—a U.S. agency within the Department of Commerce—this framework offers a structured and comprehensive approach to help organizations identify, assess, and manage cyber risks. It is specifically designed to strengthen the security of critical infrastructure, but its application extends to all sectors, regardless of the size of the organization or its field of activity. Let's take a closer look.

The CNIL (Commission Nationale de l’Informatique et des Libertés) is a 100% independent French administrative authority. It was created in 1978 to protect personal data and individual freedoms—nothing less.

The CNIL quickly became a key player in the French digital landscape, positioning itself as the number one authority on privacy and personal data regulation in France.

Overview of the CNIL, its history, its missions, and its impact.

The NIS 2 (Network and Information Security 2) directive has been the talk of the town since its publication in the EU Official Journal on December 27, 2022. And with good reason: it represents a major milestone in the evolution of European cybersecurity regulations, replacing its 2016 predecessor, NIS.

Want to better understand the ins and outs of NIS 2? You've come to the right place!

The Payment Card Industry Data Security Standard (also known as PCI-DSS for short) is a set of security standards designed to ensure that all companies accepting, processing, storing, or transmitting credit card information maintain a secure environment.

In today's cyber landscape, it is no longer enough to simply implement protection solutions. Compliance with standards and regulations has quickly become an essential factor in ensuring information security—and therefore user confidence.

Among these standards is SOC 2 (Service Organization Control 2). Less well known in France than in the US, it is nevertheless an essential reference framework for companies, including those in France. Let's take a closer look.

The NIS 2 Directive is currently the star of cyber discussions... but are you familiar with its predecessor? Because if there is a NIS 2, it means there was a NIS to begin with... And understanding the new directive requires a good understanding of the old one. Here is an overview of NIS, its objectives, and its requirements.

In the cyber world, everyone (or almost everyone) has heard of the HDS standard, or Health Data Hosting. And with good reason: this French standard (and its corresponding certification) is a must for companies that process and host health data. Here's an overview.

The General Security Reference Framework (RGS) is a set of rules, standards, and best practices developed by the French government in February 2010. Its goal? To guarantee the security of information systems used by public administrations, as well as by digital service providers working with them. The aim is to ensure data protection, confidentiality, integrity, availability, and authenticity—the ultimate goal being to strengthen user confidence in electronic exchanges with public services. Let's take a closer look.