The French National Security Agency for Information Systems (ANSSI) maintains its highest alert level due to the evolution of cyberthreats. In its latest report, “Panorama de la cybermenace 2025,” published on March 11, 2026, the agency explicitly warns that by 2030, France could face a sharp increase in hybrid attacks combining military, information, and cyber activities, leading to real, sometimes destructive, consequences for critical infrastructure.
The report places particular emphasis on a series of coordinated, destructive attacks on the Polish power grid in late 2025. These operations caused widespread power and heating outages for thousands of people and were described by the ANSSI as a “wake-up call.” This scenario is currently considered central to France’s preparedness: a combination of cyberattacks and other forms of pressure targeting the energy, telecommunications, water, and transport sectors.
ANSSI emphasizes the urgent need to strengthen the resilience of operators of critical infrastructure (OIV) and entities covered by the NIS 2 directive: regular audits, crisis scenario exercises, strict segmentation of IT/OT networks, and enhanced continuity and recovery plans.
Starting in September 2026, the Cyber Resilience Act (CRA) will come into full force, requiring digital product manufacturers to promptly report actively exploited vulnerabilities and serious incidents to national CSIRTs (including CERT-FR).