What CISOs Demand From Presidential Candidates

It’s a type of voter that presidential candidates rarely court: CISOs.

The CESIN (Club of Information and Digital Security Experts), which brings together more than 1,300 of them (CISOs, Chief Information Security Officers, heads of cybersecurity), has nonetheless decided to address them directly through an “open letter” signed by its president Fabrice Bru.

Their message is more political than technical: digital sovereignty is no longer optional; it now conditions national security, economic competitiveness, and the very resilience of democracy.

A threat that has spilled over beyond the purely digital domain

On the front lines of cyberattacks, CISOs warn about a critical and well-documented situation.

Read also: Cyberattacks: French companies better armed but still under pressure

In hospitals, local authorities, businesses, and government agencies, attacks are multiplying and now disrupt daily life, the real economy, and the continuity of the state.

The CESIN highlights a risk that goes far beyond classic hacking. In the era of generative AI and deepfakes, a doctored video or a carefully orchestrated rumor can be enough to destabilize a public decision or undermine the integrity of an election.

The real danger, according to the organization, is not so much episodic fraud as the durable sowing of doubt and distrust in public debate.

The club of experts frames this diagnosis within a broader issue, already identified by the Draghi report on European competitiveness: Europe risks losing ground in the technologies that underpin its economy, a dependency that weakens both its competitiveness and its ability to act strategically.

Semiconductors, computing, cloud, AI, quantum, cybersecurity, satellite connectivity, digital identity, payment infrastructures and energy form, according to CESIN, an inseparable chain. Without sovereign semiconductors, there are no data centers or credible AI; without a mastered cloud, there is no continuity of service or durable data protection.

The club welcomes European initiatives already underway (Chips Act, EuroHPC, AI Factories, or CADA) while judging them too scattered and too slow in the face of Washington’s and Beijing’s massive industrial policies.

Five blunt questions for the candidates

Rather than yet another digital plan, CESIN demands concrete answers on five points.

Read also: CESIN Barometer: how is the perception of the cloud threat evolving?

A clear doctrine of sovereignty. The club asks candidates to decide: which uses can remain on the global market, which require European mastery, and which call for reinforced national or European autonomy; especially for the vital functions of the state, critical infrastructures, health, energy, and defense. It also calls for a requirement of open, interoperable, and reversible standards to avoid technological lock-ins.

Shift from a rule-based Europe to a capability-based Europe. For CESIN, European texts like NIS2, DORA, the Cyber Resilience Act, and the AI Act are necessary but not sufficient. Regulation alone does not build sovereignty. The club wants France to push for regulatory simplification without weakening the requirements, and to invest in engineering, European software, and research.

A genuine critical digital industrial policy. Sustainable mobilization of France 2030, Bpifrance, public procurement, support for European champions, and a clearly assumed strategic preference when vital interests are at stake; CESIN wants an industrial strategy that also tackles skills, training, and the attractiveness of cyber careers.

Transparent governance. The club argues that the multiplication of French actors (ANSSI, Campus Cyber, DIAN, DINUM, DITP) becomes a weakness without clear authority. It calls for the rank and ministerial title of the political head of “critical digital” to reflect real weight in interministerial, budgetary, and European decision-making. A topic it sees as too often treated as a mere protocol issue.

Prepare the country for digital and geopolitical shocks. The American Cloud Act, Sino-American tensions, fragility of supply chains… CESIN calls for mapping dependencies, testing the reversibility of systems, securing suppliers, and strengthening the resilience of SMEs, mid-sized companies, local authorities, and essential operators. For the organization, resilience does not mean rebooting after an attack but continuing to operate through the crisis.

“Cybersecurity is not a mere add-on to sovereignty”

The final message from CESIN is unequivocal: cybersecurity is not a mere side of sovereignty; it is one of its essential prerequisites.

Without an ambitious industrial policy, the club warns, there will be neither a credible European AI nor lasting technological mastery. Without effective protection of public services, democratic trust itself falters.

CESIN says it is ready to put the expertise of its members at the service of this ambition, provided that a political and industrial vision finally matches the stakes CISOs face on the ground.

Dawn Liphardt

Dawn Liphardt

I'm Dawn Liphardt, the founder and lead writer of this publication. With a background in philosophy and a deep interest in the social impact of technology, I started this platform to explore how innovation shapes — and sometimes disrupts — the world we live in. My work focuses on critical, human-centered storytelling at the frontier of artificial intelligence and emerging tech.