Like the Nutri-Score, a law adopted by the National Assembly offers a simple information system, a “Cyber-Score”, to assess at a glance the security of the digital platforms you use. .
Videoconferencing, collaborative tools, messaging… their uses have exploded with the adopted by the National Assembly on November 26, 2021 and which could enter into force on 1is October 2023. Based on the Nutri-Score model for food products, the “Cyber-Score” would make it possible to understand the notion of risk using a clear scale that can be understood by ordinary mortals. If the idea on paper seems attractive to inform Internet users of the potential risks incurred when consulting a site, several questions remain unanswered, however, pending the final adoption of the law.from . Do you know if all these sites and tools are perfectly secure? It’s the whole idea of
Who will be affected by this measure?
The concept of cyber-rating is not new. Many specialized agencies exist to allow a digital player to know the level of security of his site. But this service is paying, and free to everyone to subscribe to it. The principle of the law would be to require the display of thisso that each user is aware of the risks incurred with a simple and colorful visual. The exact perimeter of the companies concerned is still under discussion, but the text speaks of ” online public communication service providers “, for example the videoconferencing or , with a “threshold of use”, therefore with a certain of attendance. The idea is to encourage players to adopt better practices.
Who will be responsible for certification?
For the moment nothing fixed. Two visions confront each other: should the audit be carried out by an independent authority such as (Anssi) or based on a self-assessment of companies, simpler to implement provided that a control in the aftermath be undertaken? The fine in the event of a breach of this obligation is however already set at 375,000 euros for a legal person, 75,000 euros for a person .
On what criteria will the scale be based?
All the criteria will be specified by a subsequent decree with notice of (CNIL). One thing is certain, one of the key points will concern and the location of their storage, even if the GDPR already obliges players in the digital world to a certain on the collection of this data and its use. A concern remains, however: will this scale not ultimately encourage cyber-hackers to target companies with a low rating?