France is one of the few EU countries that specifically regulates the provision of encryption technologies by requiring, in certain conditions, that prior to importing, exporting and/or supplying encryption devices or services companies file a declaration or request an authorization from the National Information Systems Security Agency (Agence Nationale de Sécurité des Systèmes d’Information – ANSSI).
In the context of a program to modernize cybersecurity regulations, the French prime minister has issued a new decree that merges the encryption declaration and authorization forms into a unified Declaration and Authorization Request for Operations Relating to Means of Encryption.
The new, unified form contains several changes, in particular for companies that are required to make a declaration. In particular, the new form requires information that was not previously required for a declaration. For example, the datethatthe encryption technology “is placed on the market” must now be provided. Additional technical information (specifically regarding encryption algorithms) is henceforth also required for a declaration.