OpenLobby.EU
Explore

Alliance pour la Confiance Numérique

ACN

L’ACN travaille à l’identification des besoins, des marchés, de la nécessité de développer la recherche et la technologie, et à la consolidation d’un écosystème industriel en France permettant d’apporter les réponses technologiques, normatives et industrielles, en pérennisant : La sécurité : donner à l’Etat les moyens de remplir sa mission régalienne ; La souveraineté : préserver le patrimoine scientifique et culturel et les capacités de la France à être autonome ; La compétitivité : préserver la compétitivité de l’industrie française, en valorisant les pépites technologiques, en soutenant les PME qui les développent, soutenant les entreprises à l’export ; L’influence : définir et promouvoir une politique française au niveau européen.

Lobbying Activity

Response to Amendment to the Regulation (EU) No 1025/2012 European standardisation

7 Apr 2022

The Alliance pour la Confiance Numérique (ACN - Alliance for Digital Trust) represents, in France, organisations (world leaders, SMEs and mid-sized enterprises) in the digital trust sector, particularly those specialized in cybersecurity, digital identity, and trusted artificial intelligence. We very much welcome EC proposal to amend regulation 1025/2012 in order to restrict decision making process for (1) handling of standardization request and (2) preparation of Harmonized standard to EU National Standardization Bodies (NSBs) only. This proposal emphasizes the principle of national delegation and recognises the importance of a European vision of sovereignty applied to standardization and taking into account both on market needs and the inclusion of all stakeholders. For ACN, the added value of European standards in critical areas such as cybersecurity, data protection or product certification is a clear competitive advantage. This proposal does not hamper involvement of non EU private companies in European standardization work [...] The scope of application of this proposal should be broadened [...] Reshuffle the process of preparation of European Standards (EN) at within ESOs (CEN/CENELEC/ETSI) [...] See the complete ACN's contribution in attachment.
Read full response

Response to European Digital Identity (EUid)

2 Sept 2020

Alliance pour la Confiance Numérique (ACN - Alliance for Digital Trust) represents organizations (world leaders, SMEs and mid-sized enterprises) operating in France in the digital and electronic trust sector, and especially in the digital identity area. ACN recognizes the great achievements of the eIDAS regulation but agrees with the fact that the potential of electronic identification and authentification remains underexploited. The eIDAS regulation provides a solid framework from which it is now important to build real interoperability, which is necessary for the development of the digital single market. ACN is therefore very much in favor of revising this text, which should: - Leverage the achievements of the eIDAS regulation, in order for both private and public sectors to effectively benefit from it. The legal identities should become the root of trust of any digital identity issued within Europe. - Enable better interoperability between the different identification schemes from Member States. - Promote the development of an ecosystem of European companies in this field. - Take into account the imperatives of security, personal data protection, protection of civil liberties, as well as European strategic autonomy. - Integrate the European legislative edifice of the Digital Single Market, in particular by relying on the European Cybersecurity Act and the GDPR. Therefore, ACN supports option 1 presented in the impact assessment. Suggestions for improvements to this regulation are proposed below. Nevertheless option 1 could be usefully enhanced by some provisions exposed in option 2. We believe that an effective implementation by the private sector will create adequate level of use for positive experience by European citizens and consumers. It would help structure adequate risk and policy management, and address legal liability regime and compliance. The extension of the scope of the regulation to private actors shall also put in place legal incentives encouraging private sector to issue and effectively use digital identity compliant with the eIDAS framework. However, full attention should be paid to preserve European digital sovereignty and avoid significant risks on the security of data, particularly with regard to their potential unsolicited use, but also in terms of dependence on major digital platforms. In that respect, storage and processing of personal data related to digital identity shall only be allowed on European soil and with a strict respect of the GDPR provisions. Concerning option 3, we believe that a successful implementation based on option 1 enhanced by some elements of option 2 will fulfill the expected goal, without introducing a new European digital identity scheme, the articulation of which with all existing initiatives being, in principle, complex. This would lead to render the whole framework unreadable for users, and would therefore slow down the development and use of the multiple existing electronic identity schemes.
Read full response

Response to Review of ENISA Regulation and laying down a EU ICT security certification and labelling

1 Dec 2017

ACN wholly agree with the European Commission's objectives to harmonise legislation governing cybersecurity mechanisms in Europe, in particular with regard to certification. This is especially timely as the increased digitisation of all economic activity and sectors creates a major strategic need for cybersecurity. It is ACN belief that the response to such a challenge must be a coordinated effort at the European level with the aim of attaining the highest level of security possible in order to counter cyberthreats across all sectors. At the same time, this response must be adapted to security needs and the uses concerned, which will require the definition of multilevel cybersecurity certification criteria that will ensure optimum protection, according to the field concerned, taking into account the economic climate of the sector and allocating reasonable costs and time frames for certification. In particularly sensitive fields – such as those pertaining to national sovereignty or security – it is essential to preserve a system of certification that would allow guaranteeing a maximum level of protection such as the level achieved from the application of the Common Criteria. Furthermore, products, services and solutions subject to this highest level of certification must undergo tests conducted by experts, the only means of guaranteeing an actual and optimal level of protection. In other less critical fields, cybersecurity requirements may be less stringent, in particular with the purpose of improving responsiveness and controlling the inherent costs and time involved in any certification process. ACN believe that the EC's proposal of a regulation will lead to undeniable progress, especially with the introduction of the principle of a single certification valid throughout all the Member States of the European Union. ACN welcome the idea of reinforcing the ENISA's and EC's role as guardians of European schemes that would allow the creation of a single cybersecurity market. The statutory definition of a National Certification Supervision Authority for all member states and their coordination are also a major step forward in view of harmonising the cybersecurity tools available to each State. Nonetheless, certain points in this proposal require the special attention of businesses in the sector of digital trust that wish, in particular, to: 1) Sustain the major strategic achievements arising from the mutual recognition of the certificate of high levels of security issued by the ANSSI and its European counterparts (SOGIS MRA) under the new model. - Replicate the contents and principles of the SOG-IS–MRA annexed to the regulation to transform it into the baseline certification scheme without prejudice to the development of other certification schemes with lower requirements adapted to the needs of less strategic fields. 2) Capitalise on national authorities to guarantee greater homogeneity. - Subject the initiation and formal validation of new certification schemes to formal validation by national security entities (via the European Cybersecurity Certification group) for highest levels of security (currently corresponding to levels higher than EAL4+) before ENISA's finalisation of schemes and the publication of certificates of implementation. - Set up a trialogue between the EC, the ENISA and the European Cybersecurity Certification group, allowing the possibility of reaching a compromise in the creation of schemes. - Establish a peer review system between national certification supervisory authorities, which should be reviewed by their peers before being able to accredit laboratories in such manner as to guarantee the perfect homogeneity of security levels. 3) Reinforce the level of dialogue between the representatives of digital trust companies and ENISA. - Subject stakeholders that are company representatives to accreditation by each national authority or by the EU Cybersecurity certification Group.
Read full response