#2010-112Decree No. 2010-112 Establishing Rules for Electronic Exchanges Between Users and Administrative Authorities
AI-generated summary for informational purposes only. Not legal advice. See the original source for the authoritative text.
This decree sets security standards for information systems used by administrative authorities in France to ensure the security, confidentiality, and integrity of electronic exchanges. It requires these systems to adhere to a general security framework, mandating risk assessments and setting security goals for information protection. Agencies must use qualified security products and trusted services to meet these standards.
AI-generated summary. May contain errors. Refer to official sources for legal decisions.
Key Changes
- Establishment of a general security framework for information systems used by administrative authorities.
- Requirement for risk assessments and security objectives for information protection.
- Mandatory use of qualified security products and trusted services.
Obligations
What this law requires
Administrative authorities must identify all risks affecting the security of their information systems and the information they process, taking into account the conditions of system use.
Administrative authorities must establish security objectives regarding system availability and integrity, information confidentiality and integrity, and user identification, proportionate to identified risks.
Administrative authorities must regularly re-examine the security of their systems and information in response to evolving risks.
Administrative authorities must use only qualified security products and trusted service providers, or alternatively, products/providers for which they have verified compliance with the General Security Framework.
Administrative authorities must formally attest to users that their information systems are protected in accordance with established security objectives. For teleservices, this attestation must be made accessible to users.