A three-college governance structure: a user college comprising CESIN, CIGREF, and GITSIS; an industrial college including ACN and Hexatrust; and a state college represented by ANSSI, the DGA, and the DGE. Since its inception, France Cybersecurity has maintained this governance framework.
The label, born under the French Industrial Renewal program, has kept the same objective: to promote the French offer of cybersecurity products and services for export.
The first laureates were announced in January 2015, at FIC. There were 18 winners for 25 labelled solutions. Atos appeared on the list for its Hoox smartphone and its TrustWay Proteccio HSM. Thales also featured for its Teopad (mobile device management), ELIPS (network diode), and MISTRAL (encryption). Orange Cyberdefense was recognized for its consulting services.
Arkoon and Netasq, then both subsidiaries of Airbus Defence and Space, were also laureates. They merged a year later to form Stormshield.
Ercom, distinguished for its Cyrptosmart solution, would join Thales in 2019. Amossys, labelled for its audit and consulting services, would be acquired by the Almond group in 2023. DenyAll would become Rohde & Schwarz Cybersecurity in 2018, then UBIKA in 2022.
Une garantie d’origine contrôlée plus qu’un visa de sécurité
ANSSI, the DGA and the DGE each have a representative on the state college of France Cybersecurity. The same arrangement applies to the CESIN, the CIGREF and the GITSIS on the user college. In the industrial college, ACN and Hexatrust each hold two seats.
This structure defines how the criteria for award evolve, to be considered by a commission composed of two representatives from each college. Deliberations rely notably on the report of a ‘third-party assessor’, as well as on ‘existing certifications’ and ‘user feedback’. The label thus does not equate to a security visa.
Beyond any category-specific requirements for products or services, there are four major criteria:
- Products and services provided and/or delivered by a French company
- Products designed and developed in France
- Services provided from France and hosted in France where applicable
- Products and services marketed and with identifiable customers
The information to provide in the application dossier reflects this. Suppliers, publishers and service providers are for example invited to list their main shareholders and their stakes, their handling of client and employee data, as well as the contracts’ governing law.
Similarly, for products, the main location of R&D, production and support is requested. For managed services, the storage location as well as the management, build and operations teams. For consulting, the main center of expertise, the available resources, the mission teams and knowledge management.
6cure, Cyberwatch, Olfeo et Pradeo, « vétérans » du label France Cybersecurity
The label is valid for one year. The fee to obtain it is €2,500 excluding VAT (€1,250 for SMEs). And €1,500 for renewal if it is still valid (€750 for SMEs). The official recognition of the laureates traditionally takes place at the INCYBER Forum (formerly FIC).
For the ‘class of 2026’, applications had to be submitted by October 30, 2025 (or December 1 for renewals). Including renewals, 85 companies hold the label, for 91 solutions. A stable volume for several years.
Among the January 2015 laureates, none remain. However, a handful of “old-timers” persist, such as Olfeo and Pradeo, first recognized in October 2015, at a time when France Cybersecurity was still issuing two labels per year. Other “veterans”: 6cure and Cyberwatch, winners in January and June 2016 respectively.
Oodrive, a laureate for several years, is not part of the “promo 2026.” It is among the suppliers that have regularly claimed the label in their press communications. As with, among others, Tixeo, Olfeo and Docaposte, all three well represented on the 2026 list. Docaposte appears on it as last year for its Cyber Pack; it had been a laureate in 2021 for another offering: Digital Identity.
Un pendant européen… en mode autodéclaratif
At the helm of France Cybersecurity, the ACN (Alliance for Digital Confidence, a professional organization founded in 2013) awards another label: Cybersecurity Made in Europe. It is in charge of this as a founding member of the ESCO (European Cyber Security Organisation).
Unlike France Cybersecurity, the approach is largely self-declared. For a financial contribution*, the label can be obtained by meeting criteria on two axes. On the one hand, European origin (including, among other things, more than 50% of the capital under European control and at least 50% of the staff and R&D located on site). On the other hand, basic cybersecurity requirements: security by design, least privilege, strong authentication, supply-chain security, etc.
It is not about measuring the quality of products and services, unlike what France Cybersecurity guarantees, to some extent.
* Applications are evaluated year-round. Public price: €1,500 excluding VAT. The issuing associations are free to offer a member discount. The ACN has set it at €750 excluding VAT per year.
