
ANSSI
France's national cybersecurity agency, issuing SecNumCloud and NIS2 compliance guidance for critical infrastructure.
Last refreshed: 17 May 2026 · Appears in 2 active topics
Will ANSSI's SecNumCloud standard become the EU's de facto sovereign-cloud benchmark or will Brussels create a competing one?
Timeline for ANSSI
France awards Health Data Hub to Scaleway
European Tech SovereigntyWhat is ANSSI and what does it do?
What did ANSSI and Germany's BSI agree on in March 2026?
How does ANSSI enforce cloud security rules for French government?
Background
The Agence nationale de la sécurité des systèmes d'information (ANSSI) is France's national authority for cyberdefence and network and information security, reporting to the Secretariat-General for National Defence and Security (SGDSN) and thereby to the Prime Minister. Its missions span threat monitoring and anticipation, Incident Response, securing state and critical-infrastructure information systems, and developing national cybersecurity culture. ANSSI's most commercially significant power is the issuance of the SecNumCloud certification, which became mandatory for sensitive French public-sector data hosting under the 2021 Cloud au Centre doctrine.
In March 2026, ANSSI released the Référentiel Cyber France (ReCyF), a working document listing recommended security measures aligned with NIS2 obligations, and co-signed a joint declaration with Germany's BSI establishing harmonised Franco-German cloud sovereignty criteria. The BSI declaration is the most significant European coordination move in ANSSI's recent history, positioning the SecNumCloud framework as a candidate template for EU-level cloud security standards. ANSSI also published joint guidance with BSI on cloud sovereignty in advance of the Health Data Hub contract award.
ANSSI operates in the European context through ENISA (the EU Agency for Cybersecurity) and the NIS Cooperation Group. With NIS2 applying across EU member states from October 2024, ANSSI's experience as an early-adopter national authority gives it outsized influence in shaping how NIS2 is implemented across European critical infrastructure sectors.