With only three magistrates handling cybercrime cases, France faces a real shortfall on the judicial front.
The CSNP (Higher Commission for Digital Affairs and Posts) had diagnosed this in the spring of 2021. It was part of a series of recommendations on digital security, set against the backdrop of the national cybersecurity strategy announced a few weeks earlier.
The CSNP noted that this strategy did not address the policing and judicial handling of cybercrime. It urged public authorities to study the creation of a national cyber prosecutor’s office and to adopt the same approach at the European level. Other recommendations included strengthening the cadre of cybercrime referents at each court of appeal and providing magistrates with specialized training.
The new national cybersecurity strategy, presented on January 29, 2026, does not go into that level of detail, but the state promises a “strengthened judicial response.” It also commits to better mobilizing other levers to “deter cyber assaults”: sanctions, offensive cyber capabilities, and intelligence-gathering capabilities.
Where We Now Talk About the Feminization of Digital
Another aspect not addressed in the previous strategy is the feminization of digital professions. From now on, we are promised a mentoring program specifically for girls, building on the lessons learned from existing initiatives. In addition, there is talk of integrating cybersecurity into youth civic engagement programs.
The issue of feminization appeared in the CSNP’s observations. The commission had notably urged public authorities to strengthen their support for the Femmes@Numérique foundation… then chaired by one of its members*.
Among its recommendations was also the acceleration of the Paris Call ambitions. Through it, France had, in 2018, launched a set of common principles and values for a cyberspace that is “free, safe and open.” The CSNP hoped that their operational translation would be advanced with the EU during France’s presidency in 2022.
The new national cybersecurity strategy (2026-2030) mentions the Paris Call. The state states its intent to continue fostering the community that emerged from it. And to support related international initiatives aimed at implementing the principles. In this context, France will maintain its involvement in the Pall Mall process, intended to counter the misuse of market-available cyber intrusion capabilities.
The Campus Cyber, Absent from the New Strategy
The 2021 strategy gave a prominent place to the Campus Cyber, then in the prefiguration phase. A €148 million envelope — half of which came from public funds — was to be devoted to it. The state also envisioned regional implementations of this “totem-like” hub, aligned with the deployment of territorial CSIRTs.
No reference to the Campus Cyber in the new strategy, even though many issues that its actions were meant to cover are mentioned.
Conversely, organizations not named in the old strategy are this time named. Among them, InterCERT, for strengthening the sharing of technical threat information between state services and private actors. There are also entities that did not yet exist, such as INESIA and 17Cyber. The former is to support AI risk and opportunity research initiatives. The latter will be integrated into a “national portal for everyday cybersecurity.”
Cyber Criteria in State Aid Mechanisms
For the general public, we are told about a “cybersecurity filter … designed to prevent access to malicious websites.” And a “national brand for digital risk prevention” will run awareness campaigns modeled on road-safety campaigns.
For companies, the roadmap includes a trust label intended to highlight security efforts. The state also plans to integrate cybersecurity criteria into its aid schemes, “in line with France 2030.”
Regarding providers of cybersecurity products and services, France asserts its willingness to seek synergies between civilian and military domains. Among other ambitions are support for the security evaluation sector and the control of critical technologies in the field of cryptography. Support for the implementation of the CRA (Cyber Resilience Act) is another objective. This will involve strengthening the national policy for coordinated vulnerability management. And backing research into the security of open-source products.
* Christine Hennion, MP for Hauts-de-Seine during Emmanuel Macron’s first term. Today a municipal councillor in Courbevoie.
