Chargement...
Chargement...
The NIS2 directive, transposed in France in January 2026, imposes strict requirements on essential and important entities: MFA, network segmentation, logging, 24h incident notification, supply chain oversight.
NIS2 (Network and Information Security Directive 2), adopted by the EU in December 2022, significantly strengthens and expands the first NIS directive (2016). French transposition took effect in January 2026, with ANSSI's ReCyF framework published in March 2026.
Its scope extends to many new sectors. Concerned organizations must implement a cybersecurity risk management framework, formalize ICT governance, and ensure full incident traceability.
Documented risk management, board accountability, MFA across all admin access, identity management.
Strict network segmentation (VLAN, VRF, micro-segmentation), inter-zone flow control via NGFW, 802.1X NAC.
Early warning within 24h for critical incidents. Full report within 72h. Centralized SIEM logs with 3-year minimum retention.
IT supplier risk assessment, critical vendor audits, security contract clauses, third-party access control.
Annual pentests, red team exercises, continuity testing, immutable backup, validated disaster recovery plan.
Quarterly phishing awareness, IT team best-practice training, threat intelligence sharing.
Month 1-3
Asset mapping, critical TPPs identification, governance framework, responsibility assignments.
Month 4-6
MFA rollout, reinforced network segmentation, perimeter and internal NGFW deployment, 802.1X NAC.
Month 7-9
Centralized SIEM, firewall/switch/VPN log integration, anomaly detection (NDR), SOC training.
Month 10-12
Pentests, red team exercises, resilience testing, validated continuity plan, immutable backup, complete documentation.
Fortinet FortiGate, Palo Alto PA-Series, Cisco Firepower — L7 application inspection, IPS, SIEM logs.
View catalogCisco Catalyst 9300, Aruba CX 6300, Juniper EX4400 — AES-256 hop-by-hop L2 encryption.
View catalogCisco ISE, FortiNAC, Aruba ClearPass — port-based authentication, profiling, dynamic segmentation.
View catalogEssential entities (energy, transport, health, banking, water, digital infrastructure) and important entities (postal, waste, chemical manufacturing, food, ICT suppliers) with >50 employees or >€10M revenue. Applicable since the French transposition in January 2026.
MFA across all admin access, network segmentation and zoning, 24h incident notification, regular testing (pentests, red team), backup and disaster recovery plan, continuous cybersec training, centralized logging (SIEM/SOC).
Up to €10M or 2% of global revenue for essential entities. Up to €7M or 1.4% of revenue for important ones. Personal liability of executives applies.
Art. 21 mandates IT supply chain risk assessment: critical vendor identification, cybersec audit of providers, third-party access control, security contract clauses.
OPTINOC supplies compliant networking equipment (NGFW with logs, MACsec switches, 802.1X NAC) and refers to our certified integrator partners for audit and compliance delivery.
Our team supports you on sizing your NIS2-compliant network infrastructure: firewall, MACsec switch, NAC, SIEM logs.
Request a tailored quote