The latest edition of the Documation Forum took place on March 19 and 20, 2025. This trade show for information management and document and business processes is the leading annual event that allows professionals to better understand the new technological challenges and regulatory developments in document management activities.
Alongside Eric Le Ven of Archimag, Nosing Doeuk of mc2i, Pierre Fuzeau of Groupe Serda Archimag, and Amélie Saïdi of Majorel France, Pierre-Xavier Chomiac of Sas spoke on the topic of corporate cybersecurity and related compliance obligations.
During this plenary session, the mastery of regulatory environments during document processing workflows in customer relationship management activities was discussed.
Find all our publications related to corporate cybersecurity
Cybersecurity, GDPR & compliance useful for businesses
The second plenary session of the day, held on March 19th and entitled “Mastering Regulatory Complexity and Transforming Constraints into Competitive Advantages,” focused on all regulations and compliance requirements applicable to companies regarding data and cybersecurity.
Its objective was to explore the opportunities for transformation and competitiveness associated with these diverse compliance requirements. Indeed, the regulatory constraints on information management and document flow activities can represent an opportunity, provided that:
- Systematically adopts best practices in data security and protection.
- Understands and masters complex regulatory environments.
Digital law & hierarchy of standards
LCompanies can no longer ignore their compliance obligations, even though their origin and implementation conditions may vary:
- European laws and directives establishing a broad framework of principles to be transposed and applied;
- Regulations imposing direct obligations on states;
- More precise and practical private standards and frameworks facilitating compliance, although their application is not legally binding.
It is clear that some requirements overlap, and sometimes even contradict each other, creating redundancy that complicates the adoption of best practices.
Digital companies and standards
Cybersecurity is a major challenge for French organizations today, which are faced with a veritable regulatory maze. The list of standards applicable to digital activities is indeed staggering:
The Corporate Sustainability Reporting Directive (CSRD), mandatory from 2024 for large listed companies and certain SMEs, requires detailed reporting of environmental, social, and governance (ESG) impacts.
The Omnibus Directive, harmonizing consumer rights in the EU, imposes strict transparency rules in e-commerce, under penalty of heavy sanctions.
The General Data Protection Regulation (GDPR) ensures the protection of personal data within the European Union.
Electronic invoicing will be mandatory for all businesses in France from 2026 for business-to-business transactions.
NIS2 (Network and Information Systems Security Directive) requires critical infrastructure operators to strengthen their cybersecurity.
The Digital Markets Act (DMA) regulates large digital platforms (“gatekeepers”) and imposes restrictions on anti-competitive practices.
The Digital Services Act (DSA) regulates online content and imposes increased obligations on platforms to limit misinformation and illegal content.
The AI Act is part of the European regulations governing the use of artificial intelligence systems, with specific obligations depending on the risk level of AI applications.
The Data Act regulates access to and sharing of industrial data between businesses, individuals, and public institutions.
The Cyber Resilience Act sets out enhanced security requirements for digital products.
The Data Governance Act is a European regulation that promotes a framework for the ethical and secure management of shared data, particularly in the public sector.
eIDAS v2 introduces a European digital wallet to facilitate electronic identification and authentication in EU Member States.
MiCA (Markets in Crypto-Assets) establishes the European framework for regulating cryptocurrencies, introducing obligations for platforms, token issuers, and service providers.
The Digital Footprint Regulation requires companies to measure and reduce their environmental impact related to the use of digital technologies.
The Digital Due Diligence Directive proposes obligations for companies to identify and mitigate human rights and environmental risks in their digital activities.
Compliance with standards: a competitive advantage
However, standardization is a strategic asset: it facilitates access to certain markets and strengthens a company’s credibility. Adopting a standard can be seen as a long-term investment, a guarantee of quality and security for customers and partners.
Compliance also varies across cultures: in France, the approach is often perceived as restrictive, while other countries integrate it more naturally into their business strategy.
Understanding these differences and adapting one’s approach is essential for any organization wishing to operate in an international environment.
Faced with this evolving environment, constant regulatory monitoring and rapid adaptation are the keys to effective cybersecurity that meets current requirements.
Compliance with laws and risk of penalties
Compliance is not just a matter of obligation, but also of risk management. Anticipating legal changes, understanding the implications of new regulations, and limiting professional liability are all reasons to call upon experts.
Controls and sanctions are a reality, as evidenced by the recent CNIL sanction against Orange.
Why do such loopholes still exist? Because achieving compliance is a balancing act between cost, benefits, and risks. Companies juggle sometimes inconsistent obligations and control mechanisms that could be improved. Some may even try to circumvent requirements deemed absurd for the company’s development.
In this context, support from a lawyer or a specialized firm is crucial. Compliance is not just a matter of obligation, but also of risk management. Anticipating legal changes, understanding the implications of new regulations, and limiting professional liability are all reasons to call upon legal and technical experts.
