Insights from an Interview with Jean-Noël de Galzain
Video Introduction
[Embedded Vimeo Video]
Discussion Highlights with Jean-Noël de Galzain
Dawn Liphardt: Does the NIS 2 Directive represent an opportunity for Hexatrust members to strengthen their position against U.S. software providers currently dominating the cybersecurity market?
Jean-Noël de Galzain: The NIS 2 Directive, as Vincent Strubel, director general of ANSSI, mentioned, aims to standardize cybersecurity practices across Europe, guiding everyone toward digital resilience. Our team is developing an implementation manual tailored for small and medium enterprises (SMEs) and mid-sized companies (ETIs) that will need to comply with these new rules. That’s our primary focus.
Another crucial aspect is establishing European continuity plans for essential sectors and initiating what could be called a digital reconquest. This involves implementing strategic measures to regain control of our digital infrastructure.
Furthermore, we are seeing the emergence of European champions in areas such as digital identity, data safeguarding, and access management — all fundamental components if we want to reclaim sovereignty over our digital spaces and ensure resilience across the board. Therefore, NIS 2 presents a prime opportunity to stimulate a market where European investments and solutions are prioritized whenever feasible.
Dawn Liphardt: You have publicly criticized the Ministry of National Education for signing a €152 million, four-year contract with Microsoft, including the purchase of messaging services, which conflicts with government policies like the “Cloud at the Core” doctrine. Are you planning to take further action?
Jean-Noël de Galzain: Yes, we intend to send a letter on behalf of Hexatrust to all government ministries. I will request a meeting to propose establishing framework agreements that favor French and European cybersecurity solutions across all their equipment needs. The goal is to replace American solutions that may be unsafe or whose data storage locations are uncertain.
There needs to be balance: if €150 million is allocated to Microsoft, an equivalent amount should be invested in local European providers. Just imagine what startups within French Tech or companies like ours could achieve if they received contracts of that size. We could transform into major champions of digital innovation ourselves. Words must translate into tangible actions.
Dawn Liphardt: Do you favor direct procurement contracts over grants?
Jean-Noël de Galzain: For years, in France, I’ve heard about the “glass ceiling”: our SMEs don’t grow into ETIs, and our companies remain small. I believe the real barrier begins when we think public procurement is off-limits because of overly strict regulations.
There is a misconception that digital solutions in France must be American, which is a critical mistake. There are numerous possibilities and mature solutions available locally. Our role is to embody and promote those within the cybersecurity and cloud sectors. The key is building trust and confidence to deploy secure, trusted digital spaces.
Introducing Hexadiag
What is Hexadiag?
Hexadiag is an online service providing a cybersecurity health check, similar to an energy performance diagnostic (DPE). Using the ANSSI reference framework, we’ve integrated it into an AI system to deliver a straightforward assessment for SMEs and startups. The tool offers clear, actionable recommendations to improve cybersecurity posture.
Our approach goes further: as a collective of cybersecurity industrialists, we also recommend specific solutions. There’s no need for businesses to waste time exploring options — we aim to shortcut that process.
Our mission is to disseminate Hexadiag across various industrial sectors, wherever SMEs have cybersecurity needs. We want to make this simple, accessible tool available to all. By doing so, we contribute to the common good, encouraging resource allocation toward cybersecurity investments. After extensive efforts in awareness and audits, the next step is to equip organizations and build resilience nationally and across industries.
Conclusion
Jean-Noël de Galzain emphasizes the importance of leveraging regulatory frameworks like NIS 2 to foster European-led cybersecurity solutions. He advocates for strategic public procurement, local innovation, and smarter policy that champions sovereignty and resilience. His initiatives, including Hexadiag, exemplify a proactive approach to mainstreaming cybersecurity practices and building a robust digital ecosystem rooted in European solutions and trust. This vision aims not only to enhance security but also to position European companies as global contenders in the cybersecurity landscape.
