Last night, the special committee of the National Assembly unanimously adopted the “Resilience” Bill (PJL), which transposes into French law three major European directives: NIS 2, a directive accompanying DORA (digital operational resilience in the financial sector), and CER (resilience of critical entities).
The chairman of the committee, Philippe Latombe, had an amendment adopted that broadened Article 16 bis. This provision prohibits not only the classic “backdoors” but also any “process” enabling unauthorized access to protected data.
Does this spell the end of the so-called “ghost” technique, once defended by the former Minister of the Interior in the “narcotraffic” bill?
Here is the adopted text: “Providers of encryption services, including qualified trust service providers, may not be required to integrate technical devices designed to deliberately weaken the security of information systems and electronic communications, such as master decryption keys or any other mechanism allowing unauthorized access to protected data.”
Next step: the inclusion of the bill on the agenda of the National Assembly for a public session vote.
However, the text joins a pile of bills awaiting consideration: the Dadue bill on AI and data, the JO 2030 bill on algorithmic video surveillance, the budgetary texts that will monopolize the autumn, not to mention the suspension of parliamentary work from March 2 to 22, 2026, for the municipal elections… Parliamentary time slots will therefore be scarce. In the meantime, and to start or continue your compliance efforts, you can always consult our NIS 2 FAQ.