Transposition of NIS2: National Assembly committee completes review
![Image [WHITE PAPER] Mastering our digital dependencies](https://incyber.org//wp-content/uploads/2026/05/incyber-eu26-cesin-2026-885x690.jpg)
The special committee of the National Assembly tasked with examining the draft law “on the resilience of critical infrastructure and the strengthening of cybersecurity” concluded its work on September 11, 2025. Meeting under the chairmanship of Philippe Latombe (MoDem), deputies adopted 245 amendments over three days. The “Resilience” bill is intended to transpose into French law the European directives REC, DORA and, above all, NIS2.
This directive is a revision of the original NIS, which set a baseline level of cybersecurity protection for the most sensitive organizations within EU member states. NIS2 expands the scope of regulated entities: in France, it applies to around 15,000 organizations, classified as either “important” or “essential,” across 18 sectors.
Several amendments modified the law’s scope: software publishers were added, while metropolitan authorities were reintegrated into the category of essential entities. Conversely, the committee excluded activities related to nuclear security in order to preserve national sovereignty, while maintaining “an equivalent level of security.”
In addition, fines for non-compliance were reduced for organizations classified as “important.” Parliament is expected to begin debating the bill in mid-October 2025.