Skip to content
Home / Authority / Regulator

CNIL

Commission Nationale de l’Informatique et des Libertés

The CNIL (Commission Nationale de l’Informatique et des Libertés) is France’s independent data protection authority, playing a central role in the country’s cybersecurity landscape. It enforces the General Data Protection Regulation (GDPR), which imposes specific cybersecurity obligations on organizations, and has investigatory and enforcement powers to ensure compliance with data protection and security standards. The CNIL publishes cybersecurity guides, advises organizations on best practices, and anticipates risks linked to digital innovation, including artificial intelligence and new technologies. Its activities include providing guidance on secure data processing, conducting investigations, issuing sanctions for breaches, and fostering a culture of privacy by design, all to protect citizens’ personal data in an increasingly digital society.