Directive NIS2 

Wimi, a strategic partner

for NIS2 compliance

In a context of high and increasingly sophisticated cyber threat, the European directive NIS2 establishes a robust security framework imposing cybersecurity obligations on operators of essential services (OES) and Operators of Vital Importance (OIV) as well as digital service providers (DSPs). Through transposition into national law, all target organizations will need to begin compliance starting from October 17, 2024.

Which organizations are affected by NIS2?

icones reglementation - Wimi


et FSN (160K+)

icones penalites - Wimi

€10M – Financial Penalty


for non-compliance

icones secteur - Wimi

15 Sectors Affected

By choosing Wimi as your integrated collaborative suite, you directly benefit from the best security practices recommended in NIS2, via ANSSI’s SecNumCloud qualification, and you have a proven suite ensuring you a level of cutting-edge technical and legal protection for your data.

wimi separator secured - Wimi

NIS 2 imposes obligations and compliance on 4 major themes:

wimi circle cadenas - Wimi

Risk Management

Improved Incident Management and Supply Chain Security, Computer Network Security, Access Controls, and Encryption.
wimi circle shield - Wimi

Corporate Responsibility

Direct Responsibility of Senior Management in Sensitive Organizations for Training, Supervision, and Approval of Cybersecurity Measures Taken. Possible Sanctions for Violations.

wimi circle people - Wimi

Incident Reporting

Essential Entities (OES) and Important Entities (OIV) must ensure the existence of a security incident reporting process, with an obligation to notify within 24 hours.

wimi circle identity - Wimi


A Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are required to address a potential cyber crisis by detailing the procedures and new systems that take over in the event of an incident.

Summary Table: How does a “SecNumCloud” qualified publisher protect your activities from the cyber risks addressed by NIS 2?

Some actors take advantage of market ignorance to “ride the wave” of SecNumCloud. To be NIS2 compliant, be careful not to choose an unqualified publisher! Here are the respective security perimeters of a SecNumCloud qualified actor, an unqualified actor who only has SecNumCloud hosting, and a CSPN software.

Thèmes d’exigences SecNumCloud Editeurs SecNumCloud
Ex. Wimi (en cours)
Editeurs non qualifiés
+ Hébergement SecNumCloud
Logiciels CSPN
lié à la sécurité du code
Organisation de la sécurité
  • RSSI, Politique de sécurité
  • Gestion des risques
  • Processus, documentation, mises à jour
  • Gestions des actifs, …
wimi icon blue check - Wimi
Sécurité des ressources humaines
  • Contrats, vérification
  • Chartes
  • Contrôle d’accès
  • Gestion des identités …
wimi icon blue check - Wimi
Les engagements sur la sécurité
  • Plan d’Assurance Sécurité
  • Audit
  • Informations
  • PCA / PRA, …
wimi icon blue check - Wimi
Les processus sécurité de l’éditeur de logiciel
  • Accès aux environnements de production
  • Sauvegardes, restauration
  • Détection automatique d’anomalies d’usage
  • Gestion des incidents de sécurité, …
wimi icon blue check - Wimi
Sécurité du logiciel (code)
  • Cryptologie
  • Tests d’intrusion réguliers
  • Fonctionnalités de sécurité (e. mot de passe fort, MFA,…)
  • Formation continue des développeurs, …
wimi icon blue check - Wimi wimi icon blue check - Wimi
Sécurité de l’hébergement (Serveurs)
  • Sécurité physique et environnementale
  • Centralisation des logs machines
  • Cloisonnement des données client
  • Analyse et corrélation des évènements, …
wimi icon blue check - Wimi wimi icon blue check - Wimi
illustrationnis - Wimi

Wimi is a key sovereign and secure partner and a key partner for NIS2 compliance

Wimi is an independent 100% French company, founded in Paris in 2010. The hosting of our SaaS solution is carried out on our own infrastructure physically located in metropolitan France. We guarantee to our clients that none of their data will be accessible, transferred, or processed outside the European Union, and that the best practices included in the SecNumCloud (ANSSI) are adhered to.
wimi separator secured - Wimi

Wimi aims to become the first collaborative suite labeled Cloud de Confiance

The priority of the Government’s Cloud policy is to offer the highest level of protection for the data of public and private organizations. We have shared this vision at Wimi for more than 10 years. The Cloud de Confiance label provides a double level of security (technical and legal) and allows French organizations to benefit from the most secure Cloud solutions on the market.

Questions/Answers about NIS2 and its link with SecNumCloud qualified solutions

Why did the EU propose a new directive on cybersecurity?

The NIS Directive, the EU's first cybersecurity law, aimed to enhance the resilience of networks and information systems against cyber risks. However, the COVID-19 crisis, the war in Ukraine, and the increasing use of digital services have expanded the threat, necessitating new solutions. The Commission identified gaps in the NIS Directive, including insufficient cyber resilience and inadequate common response to new risks.

On what elements of the original NIS Directive is the NIS2 directive based?

NIS2 builds on three main pillars of NIS1: the NIS1 strategy on network and information system security, the need for Member States to adopt a national cybersecurity strategy, and the requirement for a national competent authority in cybersecurity. NIS2 also continues the NIS1 framework by establishing the NIS Cooperation Group and the CSIRT network to support strategic cooperation and information exchange among Member States.

What are the key elements of the NIS2 directive?

NIS2 aims to provide a higher common level of cybersecurity in the EU by extending cybersecurity rules to new digitized and interconnected sectors, eliminating the distinction between essential service operators and digital service providers, and harmonizing sanction regimes.

How will the new NIS2 rules be supervised and enforced?

The supervision and enforcement of NIS2 rely on competent authorities, which will have a coherent framework for supervision and enforcement activities. Measures include regular and targeted audits, on-site and remote checks, information requests, and access to documents or evidence. NIS2 also establishes a consistent sanction framework across the Union.

What are the sanctions for non-compliance with NIS2?

Sanctions for non-compliance with NIS2 may include fines of up to €10 million or 2% of global annual turnover for essential entities, and up to €7 million or 1.4% for significant entities. Competent authorities must consider the specific details of each case when exercising enforcement powers, including the nature and severity of the violation and the incurred damages or losses.

What is SecNumCloud?

SecNumCloud is a qualification from ANSSI (National Cybersecurity Agency of France) that attests to the compliance of a cloud service (IaaS, PaaS, or SaaS) with the highest security requirements in France. This means that Wimi, as a publisher (SaaS qualification) and through its comprehensive and integrated collaborative suite, provides you with a secure, reliable, and resilient collaborative working environment, protecting your data and your customers' data against cyberattacks and extraterritorial laws (e.g., US Cloud Act).

Who is ANSSI?

The National Cybersecurity Agency of France (ANSSI) is a French public agency under the Prime Minister's authority, dealing with national defense and security issues in the field of cybersecurity. It could be compared to a form of "CISO of the French State," being the most qualified authority in protecting information systems and preserving digital sovereignty in France.

How does Wimi, certified SecNumCloud by ANSSI, meet the requirements of NIS 2?

Wimi, as a SecNumCloud qualified service, meets the highest security standards defined by the National Cybersecurity Agency of France (ANSSI). This qualification ensures that Wimi provides a level of security and data protection compliant with NIS 2 strict requirements, particularly in terms of risk management, critical infrastructure protection, and cybersecurity incident reporting.

How does Wimi ensure data protection in accordance with NIS 2?

Wimi implements a comprehensive security policy, including data encryption in transit and at rest, role-based access management, and continuous system monitoring to quickly detect and respond to potential threats. Additionally, Wimi is committed to following security incident reporting procedures in accordance with NIS 2 directives, ensuring maximum transparency and responsiveness in the event of an incident.

What are the benefits of choosing a SecNumCloud 3.2 certified collaborative suite like Wimi to comply with NIS 2?

Opting for Wimi qualified SecNumCloud 3.2 offers several advantages, including assurance that the service meets the highest security standards of the art state, better management of cybersecurity risks, and compliance with European and French regulations regarding information system security. This also reassures your clients and partners about the protection of data hosted on your suite and your projects.

How do I open a Wimi account?

It's very simple, visit this page, then follow the steps to create your Wimi account. You will be prompted to choose a Wimi account name, e.g.,, and then you can start exploring the platform. A member of our team will guide you during your 14-day trial period.

Can I request a demonstration?

Absolutely! Simply visit this page and fill out the form. One of our sales representatives will get back to you shortly to arrange a demonstration session of the sovereign and secure collaborative suite Wimi with one of our Customer Success team members, focusing specifically on security features and SecNumCloud qualification.