NIS2 · Paris

NIS2 Compliance in Paris

Paris is the Eurozone's second-largest financial centre, home to five of the world's 30 globally systemically important banks (G-SIBs): BNP Paribas, Crédit Agricole, Société Générale, Groupe BPCE, and Crédit Mutuel. La Défense — Europe's largest purpose-built business district — houses the headquarters of most major French financial institutions. Euronext Paris is the continent's largest stock exchange by market capitalisation. As France's primary financial supervisory hub, Paris institutions face dual oversight from ACPR (Autorité de contrôle prudentiel et de résolution) and AMF (Autorité des marchés financiers), on top of ECB supervision for the largest groups.

Context

Why NIS2 matters in Paris

The NIS2 Directive (EU 2022/2555) is the EU's updated cybersecurity legislation covering essential and important entities across 18 sectors. With penalties up to €10M or 2% of global turnover for essential entities, and personal liability for management bodies, NIS2 represents a significant escalation in EU cybersecurity enforcement. Germany's national transposition (NIS2UmsuCG) adds sector-specific requirements.

With five G-SIBs headquartered in Paris and directly supervised by the ECB, the stakes of DORA non-compliance are enormous — fines from ACPR can reach 10% of annual turnover. BNP Paribas, processing billions of transactions daily across 65 countries, must demonstrate ICT resilience under DORA Art. 6-16. Société Générale's high-profile IT incidents (including the 2008 Kerviel affair) underscore how critical robust ICT governance is. France's AMF has been one of the most active securities regulators in Europe; combined with ACPR's banking supervision, Paris-based institutions operate under some of the strictest oversight in the EU. The Paris FinTech Forum draws 3,000+ attendees annually, reflecting a thriving ecosystem where compliance automation is rapidly becoming a competitive requirement.

Notable financial institutions in Paris

Terms

Related Compliance Terms