For companies, maintaining operations is not just about performance. It’s about survival. Reliable communications and digital continuity have become critical to keeping customers’ trust and protecting business value.
Beyond this, the European Union has also raised the bar. Through the new REC, NIS2 and DORA directives, it is strengthening collective digital security across the continent. In France alone, nearly 23,000 companies and 1,500 local authorities are now required to improve their cybersecurity and digital resilience. That means creating and maintaining tested continuity plans, managing ICT risks, and anticipating critical dependencies in supply chains and IT systems.
- REC : Resilience of Critical Entities directive
- NIS2 : Network and Information Security 2
- DORA : Digital Operational Resilience Act
- BIA : Business Impact Analysis
- BPC : Business Continuity Plan
- BCRP : Business Continuity and Recovery Plan
Business continuity and compliance now go hand in hand. Since October 2023, three major texts – REC, NIS2 and DORA – have reshaped how Europe approaches digital resilience. Their shared aim is to protect the vital systems that keep societies running, from energy and water to finance, transport and communications.
The French government is in the process of incorporating this framework into its own legal system through a draft law on the resilience of critical infrastructure and cybersecurity.
The REC directive strengthens the protection of essential infrastructure and extends it to new sectors such as heating networks, hydrogen and wastewater management. It complements the Cyber Resilience Act, which introduces stricter security requirements for digital products and software. Together, they form a framework for building physical and digital resilience across Europe, holding every actor accountable—from software developers to service providers.
The NIS2 directive raises cybersecurity standards. It requires stronger system administration, risk management and auditing, as well as faster incident reporting. The number of French organizations concerned has risen from 500 to more than 24,000, including both public and private entities.
System administration covers the day-to-day maintenance that keeps servers secure and running smoothly: installing security updates, managing user accounts, refreshing antivirus software and removing obsolete programs. These basic tasks are crucial to data protection and to meeting the new NIS2 requirements.
Finally, the DORA regulation focuses specifically on the financial sector, tightening the rules on ICT risk management and mandatory testing. Beyond the technical standards, these regulations place greater responsibility on executives. Business Impact Analysis (BIA) has become a key exercise for identifying how an interruption would affect critical operations and for defining recovery priorities.
BIAs feed directly into Business Continuity and Disaster Recovery Plans (BCDR) that are realistic, tested and built around known dependencies.
As Christian Sommade, Executive Director of the French High Committee for National Resilience, puts it: “Prevention alone is not enough. Preparation is essential.”
Building cyber-resilience requires collaboration at every level—through industrial partnerships, alliances and close work with our clients. Public-private cooperation is also key. The new regulations mark a step forward for Europe’s cybersecurity ecosystem, and we’re ready to support it
Business continuity is the ability to maintain or quickly restore essential functions when a major disruption occurs. Under the new European rules, having a plan on paper is no longer enough. Organizations must be able to prove that their systems are tested, compliant and ready to protect their value chain.
Investing in prevention pays off. The economic benefits cited by Christian Sommade are clear: the United Nations estimates that every euro spent on preparedness saves six to seven euros in response costs. The U.S. Chamber of Commerce goes further, suggesting a return of up to thirteen euros for every euro invested. What used to be seen as a cost is now a driver of efficiency and competitiveness.
Another essential element is critical communication. In a crisis, staying connected is what allows teams to coordinate and act fast. Resilience is not a fixed state; it is an ongoing process of anticipation and adaptation.
A major IT failure can have serious financial and human consequences. In healthcare, for example, losing patient data can be catastrophic.
This is also the key to ensuring the availability of the organization’s most important services, for customers to continue to access their accounts, internal teams to keep working as usual, and for the value chain to remain connected.
Continuity plans include detailed procedures to secure information and isolate backups or critical applications during an attack. These safeguards help prevent data leaks and reduce long-term damage.
In France, such plans are not yet mandatory for all sectors, though they are required in healthcare and strongly recommended by authorities like the CNIL or service-public.fr.
As crises become more frequent and regulations tighten, Orange Business has evolved from being a resilient operator to being an operator of resilience.
Patrick Guyonneau, Group Security Director at Orange, explains: “During the Paris 2024 Olympic and Paralympic Games, we reached a new stage. We moved from ensuring our own resilience to helping others build theirs".
Since zero risk does not exist, preparation is everything.
It combines consulting, technical solutions, and training. Proven tools keep critical communications running even in extreme situations, while awareness programs and simulation exercises help teams test and strengthen their response plans.
We design our infrastructure with multiple technologies and connection points, ensuring continuity even if one network fails. Satellite coverage provides an additional layer of resilience.
Geopolitical tensions, cyberattacks and natural disasters are forcing businesses to rethink their resilience. Our mission is twofold: to protect our global networks and to give clients reliable connectivity even in extreme situations. Our solutions are built to operate autonomously when traditional infrastructure fails. Resilient networks, diverse partnerships and ongoing innovation are what allow us to help clients face today’s major crises
At Orange, we believe continuity planning is not just about compliance. It’s about building confidence in an unpredictable world. By anticipating risks, testing plans regularly and preparing teams, organizations can respond faster and recover stronger.
Resilience is not about resisting change. It’s about adapting to it—and turning every challenge into progress. Orange is here to help businesses grow in an ever-changing world.
