From October 2023, the websites generating the most traffic in France may be required to display a score linked to their level of security. In the event of a breach, the offenders would be sanctioned with a fine.
Friday, November 26, 2021, the National Assembly adopted a bill creating a cybersecurity certification for digital platforms intended for the general public. Like the Nutri-Score labeling system for food products, some websites will have to display an official “cyberscore”, ie a note indicating the level of security of the data they host.
An amendment referring to a decree to set the scope of the platforms concerned was adopted. According to this amendment, about a hundred sites, which belong to the “platforms as well as the most important companies”, should be concerned. Once passed by the Senate, where the centrist Union group originally proposed the text last year, the “cyberscore” could come into effect on October 1, 2023.
The issue of data localization
The same amendment also extends the scope of the platforms concerned to the most used videoconferencing and messaging services, such as Messenger, Zoom and WhatsApp. This perimeter must also be defined by decree. Finally, mention is made of the location of the hosted data, a major point in the security diagnosis of these sites, which the government was opposed to. The fact that the data is hosted on the territory “does not protect” and can lead to a feeling of “false security”said Cédric O, Secretary of State for Digital Transition and Electronic Communications.
Another amendment imposes on the platforms concerned a “cyberscore” certification by the National Agency for the Security of Information Systems (Anssi) or authorized companies, and no longer a simple self-declaration.
In the event of a breach, offenders could be punished with a fine of €75,000 for a natural person and €375,000 for a legal person.