Changeflow GovPing Data Privacy & Cybersecurity State Digital Security Roadmap 2026-2027 Published
Priority review Notice Added Final

State Digital Security Roadmap 2026-2027 Published

Favicon for www.ssi.gouv.fr France ANSSI
Published
Detected
Email

Summary

ANSSI has published the State Digital Security Roadmap for 2026-2027, setting priority digital security efforts for French ministries. The roadmap was made public in the context of heightened cyber threats and 2025 data incidents affecting ministry systems. It aligns with EU NIS 2 Directive (2022/2555) compliance and begins preparation for post-quantum cryptography transition with implementation targets toward 2030. Monthly operational monitoring will be conducted by the Interministerial Committee for Digital Security Monitoring (CINUS).

Why this matters

French ministries and their supervised entities should inventory their current cryptographic assets in 2026-2027 against the roadmap's post-quantum transition benchmarks, with a 2030 implementation target. Entities that experienced 2025 data incidents should specifically assess remediation against the roadmap's priority areas — the decision to publish this roadmap signals increased external accountability expectations beyond prior internal-only cycles.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by ANSSI on cyber.gouv.fr . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors France ANSSI for new data privacy & cybersecurity regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 4 changes logged to date.

View original document View source feed page

What changed

ANSSI published the State Digital Security Roadmap 2026-2027, a new annual planning document establishing priority digital security efforts for French ministries. The roadmap addresses persistent vulnerabilities exposed by 2025 data incidents across ministry information systems. It specifically aligns with EU NIS 2 Directive (2022/2555) compliance requirements and launches initial phases of post-quantum cryptography preparation with an inventory phase in 2026-2027 ahead of 2030 implementation targets.

French government agencies and ministries should note the roadmap's public status — a departure from prior internal-only approaches — signalling heightened transparency expectations. Entities under ministry tutelage that experienced 2025 security incidents should review alignment with the roadmap's priority areas. The monthly CINUS monitoring structure creates a regular reporting cadence for which ministries must prepare, and the post-quantum cryptography timeline provides a concrete 2030 benchmark for cryptographic transition planning.

Archived snapshot

Apr 21, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Publication de la feuille de route des efforts prioritaires en matière de sécurité numérique de l’Etat 2026-2027

Publié le jeudi 9 avril 2026

Les feuilles de route de la sécurité numérique de l’État, établies annuellement, fixent les efforts prioritaires que doivent fournir les ministères en matière de sécurité numérique.

Dans un contexte de menace élevée et d’une situation géopolitique dégradée, décision a été prise de rendre publique la feuille de route 2026-2027 pour en renforcer sa portée.

Les multiples incidents et fuites de données qui ont affecté en 2025 les systèmes d’information des ministères et des établissements dont ils ont la tutelle rappellent la persistance de fragilités dans ces infrastructures. La feuille de route 2026-2027 vise ainsi à y répondre.

Elle s’inscrit également dans la perspective de la mise en conformité des administrations de l’État à la directive de l’Union européenne 2022/2555, dite « directive NIS 2 ».

Enfin, elle prépare ces administrations à la transition vers la cryptographie post-quantique avec des premières étapes d’inventaire en 2026 et 2027 et des objectifs de mise en œuvre à horizon 2030.

Le suivi opérationnel de la mise en œuvre de la feuille de route 2026-2027 sera assuré chaque mois en Comité interministériel de suivi de la sécurité numérique (CINUS), qui réunit les chaînes de sécurité des systèmes d’information des ministères sous l’égide de l’ANSSI.

Consulter la feuille de route 2026-2027 Partager cette page

Related changes

Favicon for www.ssi.gouv.fr ANSSI Calls for Comments on Security Supervision Reference Architectures
Priority review Apr 21, 2026 France ANSSI Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Microsoft .NET Vulnerability Enables Privilege Escalation (CVE-2026-40372)
Priority review Apr 22, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Alert: Targeting of Instant Messaging Accounts Campaign
Priority review Apr 23, 2026 France CERT-FR Alerts Data Privacy & Cybersecurity

Get daily alerts for France ANSSI

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.ssi.gouv.fr
France ANSSI ssi.gouv.fr/en/actualites
Data Privacy & Cybersecurity

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from ANSSI.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
ANSSI
Published
April 9th, 2026
Instrument
Notice
Branch
Executive
Source language
fr
Legal weight
Non-binding
Stage
Final
Change scope
Substantive

Who this affects

Applies to
Government agencies
Industry sector
9211 Government & Public Administration
Activity scope
Government IT security Cryptographic transition Incident response
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Data Privacy

Browse Categories

Agriculture & Food Safety 79 AI Regulation 3 Banking & Finance 486 Consumer Protection 120 Courts & Legal 449 Data Privacy & Cybersecurity 137 Defense & National Security 53 Education 64 Energy 113 Environment 169 Gaming 2 Government & Legislation 471 Healthcare 15 Healthcare & Life Sciences 422 Immigration 11 Insurance 90 Labor & Employment 185 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 85 Securities & Markets 177 Tax 106 Telecom & Technology 49 Trade & Sanctions 157 Transportation 112

Get alerts for this source

We'll email you when France ANSSI publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!