← All Countries

France

Regulatory reporting authorities for incident notification in France.

ANSSI

CSIRT — Cyber Incident Response

NIS2 Art. 23 requires essential and important entities to report significant cyber incidents to their national CSIRT.

Regulation: NIS2 Directive 2022/2555, Art. 23
Deadlines: 24h early warning, 72h notification, 1-month final report
Email: cert-fr@ssi.gouv.fr
Website: https://www.ssi.gouv.fr/
Reporting portal: https://www.ssi.gouv.fr/en/actualite/reporting-an-incident/ →

CNIL

Data Protection Authority

GDPR Art. 33 requires notification of personal data breaches to the supervisory authority within 72 hours. Art. 34 may require notification to affected data subjects.

Regulation: GDPR (Regulation 2016/679), Art. 33-34
Deadline: 72 hours after becoming aware of the breach
Email: notifications@cnil.fr
Website: https://www.cnil.fr/
Reporting portal: https://notifications.cnil.fr/notifications/index →

AMF / ACPR

Financial Supervisory Authority

DORA Art. 19 requires financial entities to report major ICT-related incidents to their competent financial authority.

Regulation: DORA (Regulation 2022/2554), Art. 17-19
Deadline: 4 business hours for major incidents
Email: amf@amf-france.org
Website: https://www.amf-france.org/

Track these deadlines automatically

SiteGuardian pre-fills your reporting contacts, tracks NIS2 and GDPR deadlines, and logs every notification step for audit evidence.

Start monitoring free →

France

ANSSI

CNIL

AMF / ACPR

Track these deadlines automatically

Are you sure?