On March 27, the French government enacted Decree 2015 351 (source document in French), which provides additional details relating to the cybersecurity framework applicable to essential operators. Forthcoming ministerial orders will establish the criteria enabling the essential operators to identify information systems subject to the cybersecurity framework, rules relating to information security, and the incident reporting procedures.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.