Loi Informatique et Libertés (Act No. 78-17, as amended) + CNIL · vAct No. 78-17 (as amended)
Loi Informatique et Libertés (Act No. 78-17, as amended) + CNIL
Loi Informatique et Libertés (Act No. 78-17, as amended) + CNIL — 100% covered.
4 requirements · 4 enforced · 0 designed · 0 advisory · 0 deferred.
Source: Loi Informatique et Libertés (Act No. 78-17, as amended) + CNIL. National statute implementing/supplementing Regulation (EU) 2016/679 (GDPR) in France. Substantive obligations resolve to the deep GDPR per-article registry (internal) reused via the framework__jurisdiction edge; this registry maps only the France-specific national deltas.
By category
| Category | Reqs | Enforced | Designed | Advisory | Deferred | Coverage |
|---|---|---|---|---|---|---|
| GDPR transposition (national basis) | 1 | 1 | 0 | 0 | 0 | 100% |
| Supervisory authority + accountability | 1 | 1 | 0 | 0 | 0 | 100% |
| Breach notification (national channel) | 1 | 1 | 0 | 0 | 0 | 100% |
| Health-data hosting (national delta) | 1 | 1 | 0 | 0 | 0 | 100% |
Every requirement → the KYE™ artefact that enforces it
| ID | Title | Status | KYE™ enforcement |
|---|---|---|---|
fr-lil.gdpr-transposition |
Loi Informatique et Libertés (Act No. 78-17, as amended) + CNIL transposes / supplements the GDPR (Reg. (EU) 2016/679) into France national law — the substantive data-protection obligations resolve to the GDPR per-article bijection | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.decision_map.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/21-DELEGATED-AUDITABILITY.md |
fr-lil.supervisory-authority |
Cooperation with the national supervisory authority (the CNIL) — records of processing and the demonstrable-accountability account an AI agent's data processing must produce on request | enforced | audit_events: kye.evidence.pack.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/21-DELEGATED-AUDITABILITY.md, constitution/31-DATA-GOVERNANCE-PACK.md |
fr-lil.breach-notification |
Personal-data breach notification to the CNIL (and affected individuals) within the GDPR Art. 33/34 window, on the national reporting channel | enforced | audit_events: kye.signal.incident.opened.v1, kye.compliance.attestation.v1engines: internal, internalconstitution_refs: constitution/13-RESILIENCE-LOOP.md |
fr-lil.health-data-hds |
Health-data hosting must use an HDS-certified (Hébergeur de Données de Santé) host; CNIL reference methodologies (MR) govern health-research processing | enforced | audit_events: kye.purpose.admissibility.v1, kye.evidence.tool_call.v1engines: internal, internalconstitution_refs: constitution/12-PURPOSE-PERMISSION.md, constitution/30-AUDIT-WORM-RETENTION.md |