Measuring the digital maturity of a French company in 2024 means observing a contrasting landscape. The France Num barometer, which surveyed over 10,000 micro and small to medium-sized enterprises (SMEs) this year, shows renewed confidence among leaders in digital technology after a phase of doubt in 2023. Behind this resurgence, the disparities between sectors, company sizes, and levels of regulatory compliance outline the real stakes of digital transformation for businesses.
Digital Maturity of French Micro and Small to Medium-Sized Enterprises: What the 2024 Barometer Reveals
The 2024 France Num barometer, led by the General Directorate for Enterprises (DGE), surveyed 10,125 companies, including 6,425 micro and small to medium-sized enterprises. This panel covers all sectors of activity and all regions, making it the broadest snapshot available on the subject.
See also : Influential Women in the World of British Comedy
| Indicator | 2023 Trend | 2024 Trend |
|---|---|---|
| Leaders’ confidence in digital technology | Declining, expressed doubts | Renewed confidence |
| Cybersecurity | Growing concern | Constant concern, reinforced by NIS2 |
| AI and environment | Rarely mentioned | Identified as new issues |
| Expected support | Strong demand | Increased demand, structured offer by France Num |
This table highlights a point that competing analyses overlook: cybersecurity is not an emerging issue for micro and small to medium-sized enterprises; it is an established concern that is changing in nature with the implementation of new European regulations.
The data collected on liaisonsnumeriques.fr confirms this trend, particularly regarding the growing need to structure digital exchanges between contractors and small businesses.
Related reading : Kamaz: the rise of the Russian giant in trucks and off-road vehicles
NIS2 Directive and DORA Regulation: The Regulatory Framework Redefining Digital Transformation
The European NIS2 directive, whose gradual implementation begins in 2024, significantly expands the scope of companies subject to formal cybersecurity requirements. Entire sectors of B2B that were exempt from NIS1 (manufacturing, food, waste management) must now establish a formal cybersecurity governance: risk management, continuity plans, incident notification.
For an industrial SME that outsourced its IT security to a local provider without a precise contractual framework, the change is tangible. NIS2 requires documentation, testing, and proof.
DORA and the IT Subcontracting Chain
The DORA regulation (Digital Operational Resilience Act), published in the EU Official Journal on December 27, 2022, with primary application in 2025, targets the financial sector. Its impact goes beyond this scope: critical digital service providers (cloud, SaaS) are directly regulated. Any company providing digital services to a bank or insurer must review its contracts, resilience commitments, and audit procedures.
In contrast, micro and small enterprises that do not operate within these value chains are not directly affected by DORA. The gap in constraints between an SME supplier in the financial sector and a craft micro-enterprise illustrates the real fragmentation of the regulatory landscape.
Data Compliance and Generative AI: The CNIL as Arbiter
Digital transformation projects increasingly incorporate generative artificial intelligence. The 2024 France Num barometer identifies AI as a new issue for micro and small to medium-sized enterprises. The CNIL, for its part, has intensified its controls on the use of generative AI and the reuse of personal data in these projects (recommendations 2023-2024).
The issue is not limited to classic GDPR. The strengthened guidelines on cookies and the processing of training data for AI models create a specific compliance challenge. A company deploying a chatbot powered by customer data must verify the legal basis for processing, the purpose, and the rights to object, under penalty of sanctions.
Three Concrete Points of Vigilance for Data and AI Projects
- Ensure that the data used to train or feed a generative AI tool has been collected with a valid legal basis under GDPR, including for secondary uses not initially intended
- Document the processing chain of personal data in any project involving a SaaS or cloud provider, anticipating NIS2 requirements on incident notification
- Integrate an opposition and data deletion mechanism from the design phase, as the CNIL has been actively monitoring these provisions since 2023
Generative AI in Business: Widespread Adoption but Limited Deployment
Several international studies from 2023-2024 converge on one finding: the adoption of generative AI is progressing rapidly but remains at the pilot stage in the majority of organizations. Companies are testing, experimenting, and launching proofs of concept. Large-scale deployments remain rare.
For French micro and small to medium-sized enterprises, the gap is even more pronounced. The 2024 France Num barometer ranks AI among the “new issues,” meaning it is not yet a daily tool for most of the surveyed structures. In contrast, large groups have already integrated AI assistants into their customer support, writing, or data analysis processes.
This gap raises an access question: the generative AI solutions accessible to small structures (cost, integration complexity, internal skills) are not the same as those deployed by mid-sized or large companies. The risk is a digital divide between company sizes, already visible in other technological areas like cloud or process automation.
Environment and Responsible Digital: An Issue Still Under-Quantified
The 2024 barometer mentions the environment as a new issue alongside AI. The wording remains vague, reflecting the state of the subject in micro and small to medium-sized enterprises: awareness exists, but indicators are lacking.
Measuring the carbon footprint of a digital infrastructure (servers, cloud storage, data transfers) requires tools and methodologies that most small businesses do not possess. The obligations for non-financial reporting, which are gradually tightening for mid-sized companies, could accelerate this structuring in the coming years.
The most concrete issue remains the choice of cloud and SaaS providers based on their environmental policies, a criterion that is beginning to appear in public and private tenders but is not yet systematic.
The most striking data from the 2024 barometer remains the volume of the sample: over 10,000 companies surveyed. This statistical base allows for moving beyond intuition. It shows that the digital transition of French companies is not played out on a single front, but on three simultaneously: regulatory compliance (NIS2, DORA, GDPR), AI integration, and measuring environmental impact. Structures that progress on all three fronts at the same time remain in the minority.