The parliamentary session promises to be turbulent for the “Resilience” bill, which is set to transpose into French law the NIS 2 and REC directives, as well as the directive of December 14, 2022 accompanying the DORA regulation. Despite political uncertainty (it is promised that the special committee will meet even if the government falls), the calendar is being maintained: examination of the text begins this Tuesday, September 9, and will run until the 11th.
However, the transposition of NIS 2 does not arrive alone; it comes accompanied by a debate that goes far beyond it: should encrypted messaging services be weakened in order to create a reserved access for the authorities?
It all began in February 2025, during debate on the bill against drug trafficking. The Senate then adopted an amendment requiring encrypted applications (Signal, WhatsApp, etc.) to provide a reserved access for intelligence services. Strongly supported by Interior Minister Bruno Retailleau, the measure sparked fierce opposition in the digital ecosystem and among many MPs. The National Assembly ultimately struck it down.
A dramatic twist followed a few weeks later: on March 12, during examination of the “Resilience” bill in the Senate — which is meant, among other things, to transpose NIS 2 — an amendment was adopted. This one explicitly prohibits any weakening of encryption by banning “backdoors.” In other words, no authority could compel a provider to deliberately compromise the protection of its services.
The turnaround is striking: a month after demanding backdoors, the Senate now presents itself as a defender of encryption, seeking to enshrine its protection in Article 16 bis of the bill transposing NIS 2. On the eve of discussions in the special committee (September 9–11), this Article 16 bis is emerging as the main point of contention. The government has stated its opposition to keeping it. But will the National Assembly follow the Senate by writing into law an explicit ban on backdoors?
At its core, this is an old debate that resurfaces regularly: is there truly a way to grant exceptional access to secure messaging services for law enforcement without creating vulnerabilities for all users?
Experts heard in July by the National Assembly — including representatives from French messenger Olvid and Mozilla — reiterated that no technical solution allows for creating access reserved for authorities without introducing a flaw that others could exploit. The ANSSI has likewise consistently opposed any generalized weakening of cryptographic safeguards.
This technical consensus in favor of strong encryption carries weight, and likely explains why a significant portion of MPs, across party lines, now oppose any legal provision that would weaken communication security tools.
Let’s recall the essentials: the “Resilience” bill is the vehicle for transposing major cybersecurity frameworks. If lawmakers must arbitrate, resilience only makes sense when backed by strong encryption. The hearings made it clear: whether it be the “ghost protocol” or any form of backdoor, the result is the same — weakening security for all.
In other words, robust cybersecurity necessarily requires strong encryption, without leaving a decryption key under the doormat.