Certifications and compliance
Our guarantees,
your standards
With Tixeo, ensure regulatory compliance and safeguard your data.
Compliance comes at a price
For several years now, the European Union has been ramping up its regulations to strengthen cybersecurity. Organisations must rely on trusted and certified information and communication technologies.
For several years now, the European Union has been ramping up its regulations to strengthen cybersecurity. Organisations must rely on trusted and certified information and communication technologies.
Tixeo, CSPN-certified
The ANSSI (French Cybersecurity Agency) First Level Security Certification (CSPN) attests to the robustness of a product through compliance assessments and penetration testing.
Key evaluated security criteria:
 |
With Tixeo, every audio, video, screen-sharing or file transfer stream is locally encrypted within the application. The encryption keys themselves are transmitted via a secure HTTPS channel (TLS 1.2/1.3). This ensures that even the communication server only handles encrypted streams, preventing any form of interception. |
|
Passwords are immediately converted into unique digital hashes with added randomised salt before any transmission. Only the hashed version is stored and known to the server—never the original password. When local storage is necessary, it is encrypted. This means the server never has access to confidential user credentials. |
 |
With the highest level of security enabled by default, participants must authenticate using an email address and password to join a meeting. Only invited participants can access a Tixeo videoconference. |
 |
All audio, video and data streams pass through a single secure HTTPS channel between the application and Tixeo servers. This architecture removes the need to open additional ports on your network. Certificate pinning further ensures that communications remain secure even if a certificate authority is compromised. |
With Tixeo, every audio, video, screen-sharing or file transfer stream is locally encrypted within the application. The encryption keys themselves are transmitted via a secure HTTPS channel (TLS 1.2/1.3). This ensures that even the communication server only handles encrypted streams, preventing any form of interception.
Passwords are immediately converted into unique digital hashes with added randomised salt before any transmission. Only the hashed version is stored and known to the server—never the original password.
When local storage is necessary, it is encrypted. This means the server never has access to confidential user credentials.
With the highest level of security enabled by default, participants must authenticate using an email address and password to join a meeting. Only invited participants can access a Tixeo videoconference.
All audio, video and data streams pass through a single secure HTTPS channel between the application and Tixeo servers. This architecture removes the need to open additional ports on your network. Certificate pinning further ensures that communications remain secure even if a certificate authority is compromised.
Why is Tixeo’s certification strategy unique?
With three ANSSI security certifications since 2017, Tixeo is one of the few providers to have submitted so regularly to this rigorous audit process. This demonstrates a long-term commitment to cybersecurity excellence.
How to assess the credibility of the ANSSI CSPN certification?
The certifying country’s experience and its position as a cybersecurity power enhance a certification’s credibility.
In France, the CSPN certification focuses on technical product evaluation and was designed to facilitate the certification process for organisations. As of 2024, France leads the rankings of certifying countries with 62 certificates issued.
Additionally, the CSPN certification is recognised by the German Federal Office for Information Security (BSI) as equivalent to the BSZ (Accelerated Security Certification).
Why is Tixeo’s certification strategy unique?
With three ANSSI security certifications since 2017, Tixeo is one of the few providers to have submitted so regularly to this rigorous audit process. This demonstrates a long-term commitment to cybersecurity excellence.
How to assess the credibility of the ANSSI CSPN certification?
The certifying country’s experience and its position as a cybersecurity power enhance a certification’s credibility.
In France, the CSPN certification focuses on technical product evaluation and was designed to facilitate the certification process for organisations. As of 2024, France leads the rankings of certifying countries with 62 certificates issued.
Additionally, the CSPN certification is recognised by the German Federal Office for Information Security (BSI) as equivalent to the BSZ (Accelerated Security Certification).
Compliant with european regulations
Eliminate regulatory risks
trust Tixeo to ensure compliance with European standards.
GDPR Compliant
In the justice sector, courts rely on Tixeo’s certified videoconferencing to ensure the protection of companies’ and citizens’ personal data.
NIS 2 Ready
French and European industrial groups use Tixeo’s end-to-end encryption to guarantee maximum confidentiality in their communications.
Recommended for DORA
(Digital Operational Resilience Act)
Finance-sector companies depend on Tixeo’s secure platform to ensure business continuity in their exchanges.
Tixeo: data processor or controller?
As a French and European software provider, Tixeo complies with the GDPR and commits to strictly limiting the processing of personal data.
Depending on service usage, Tixeo acts either as:
- Data controller of personal data
- Data processor, on behalf of its cloud clients
Organisations deploying TixeoServer within their IT systems remain the data controllers for their users’ personal data.
Three key benefits of Tixeo for compliance
Certified Solution
Its CSPN-certified end-to-end encryption is built into the solution by default, safeguarding your most sensitive exchanges.
Multi-factor authentication (MFA) and SSO are also available by default for accessing meetings.
Data Security
Your data is protected: Tixeo minimises personal data processing.
Its Secure by Design and Privacy by Design approaches significantly reduce the risk of data breaches.
Hosting and Resilience
Developed by its R&D teams in France and hosted in Europe, Tixeo is an independent solution fully committed to cybersecurity and cyber-resilience for critical organisations.
Recognised labels and memberships
A key player in the French and European cyber ecosystem, Tixeo holds several cybersecurity labels:
European recognition
Cybersecurity Made in Europe (ECSO – European Cyber Security Organisation)
Guarantee of robustness
and trust
France Cybersecurity Label (Data security & encryption category – awarded by the Alliance for Digital Trust)
Experience in the defense sector
“Used by the French Armed Forces” label – granted by the Ministry of Armed Forces for the TixeoCare product
Tixeo is also a member of GICAT (the French Defence and Security Industries Association).
An independent French company, Tixeo has been developing proprietary secure videoconferencing technology for 20 years.
Its consistent achievement of certifications and labels makes it a trusted partner for critical sectors subject to cybersecurity regulations such as the NIS 2 directive.
Everything you need to know about data
compliance and confidentiality with Tixeo
Definitions and challenges
What is data processing compliance?
Data compliance means adhering to all relevant regulations and standards to protect personal data. The GDPR and French data protection laws define individuals’ rights (e.g. data portability), security measures, and controller obligations. Additional regulations such as the NIS 2 Directive and DORA at EU level further require organisations to secure their information systems.
What are the key challenges of GDPR?
The GDPR requires strict compliance from businesses to ensure data protection. Non-compliance can result in fines and liability. Some non-European videoconferencing platforms fail to meet GDPR requirements due to laxer data laws that put personal information at risk. This means personal data—whether of European or non-European users—may be accessible to third-party entities.
Tixeo is fully GDPR-compliant.
Security Measures and Compliance
How can data security be ensured?
By adopting appropriate security measures that limit unauthorised access. In a videoconferencing context, this includes secure access, strong authentication, GDPR audits, and strict organiser/guest role management to protect privacy and sensitive communications.
How should personal data be managed?
GDPR-compliant data management includes secure collection and storage, as well as ensuring confidentiality. It is essential to respect users' rights and safeguard sensitive information.
How to achieve compliance?
Compliance involves several steps: defining internal security policies, keeping a data processing register, staff training, conducting compliance audits, and appointing a Data Protection Officer (DPO).
Tixeo has worked with a DPO for several years to maintain the highest level of GDPR compliance.
Choosing GDPR-compliant ICT tools is essential for both corporate and user data protection.
Which standards and certifications apply to videoconferencing providers?
ISO 27001 outlines security best practices at both technical and organisational levels. Security certifications such as ANSSI’s CSPN assess the reliability of a product through rigorous testing based on updated frameworks.
Tixeo has held CSPN certification for 8 years.
Risks of non-compliance
What are the risks of non-compliance?
Regulatory breaches can lead to fines, data breaches, reputational harm, and increased exposure to cyberattacks.
Why is using a compliant videoconferencing solution essential today?
At European level, especially under NIS 2, both large organisations and SMEs across all sectors (transport, public services, drinking water, waste management...) must use secure solutions due to growing cyber threats.
It is essential to assess the confidentiality and cyber-resilience guarantees of videoconferencing platforms.
To comply with NIS 2 and DORA, a secure videoconferencing solution must offer both reliable technology and Secure by Design features. It must also prove capable of safeguarding data from interference and extraterritorial laws. Finally, to maximise cyber-resilience, organisations should be able to rely on offline-ready solutions.
Tixeo meets these criteria with its end-to-end encryption and on-premises deployment options.
Definitions and challenges
What is data processing compliance?
Data compliance means adhering to all relevant regulations and standards to protect personal data. The GDPR and French data protection laws define individuals’ rights (e.g. data portability), security measures, and controller obligations. Additional regulations such as the NIS 2 Directive and DORA at EU level further require organisations to secure their information systems.
What are the key challenges of GDPR?
The GDPR requires strict compliance from businesses to ensure data protection. Non-compliance can result in fines and liability. Some non-European videoconferencing platforms fail to meet GDPR requirements due to laxer data laws that put personal information at risk. This means personal data—whether of European or non-European users—may be accessible to third-party entities.
Tixeo is fully GDPR-compliant.
Security Measures and Compliance
How can data security be ensured?
By adopting appropriate security measures that limit unauthorised access. In a videoconferencing context, this includes secure access, strong authentication, GDPR audits, and strict organiser/guest role management to protect privacy and sensitive communications.
How should personal data be managed?
GDPR-compliant data management includes secure collection and storage, as well as ensuring confidentiality. It is essential to respect users' rights and safeguard sensitive information.
How to achieve compliance?
Compliance involves several steps: defining internal security policies, keeping a data processing register, staff training, conducting compliance audits, and appointing a Data Protection Officer (DPO).
Tixeo has worked with a DPO for several years to maintain the highest level of GDPR compliance.
Choosing GDPR-compliant ICT tools is essential for both corporate and user data protection.
Which standards and certifications apply to videoconferencing providers?
ISO 27001 outlines security best practices at both technical and organisational levels. Security certifications such as ANSSI’s CSPN assess the reliability of a product through rigorous testing based on updated frameworks.
Tixeo has held CSPN certification for 8 years.
Risks of non-compliance
Quels risques en cas de non-conformité ?
Le non-respect des réglementations entraîne de nombreux risques, tels que des amendes, des violations de données, une atteinte à la réputation et une exposition accrue aux cyberattaques. Une sanction peut être appliquée si la conformité des données n’est pas respectée.
Pourquoi utiliser une solution de visioconférence conforme est-il obligatoire aujourd'hui ?
À l'échelle européenne, avec la directive NIS 2 notamment, les grandes organisations comme les PME dans tous secteurs (transports, service public, eau potable, déchets…) doivent adopter des solutions sécurisées, pour pallier à une recrudescence des cybermenaces. Il est donc crucial d’étudier précisément les garanties de confidentialité des échanges et de cyber-résilience offertes par les solutions de visioconférence.
Pour être conforme à NIS 2 et DORA, la solution de visioconférence sécurisée doit présenter à la fois une technologie et des fonctionnalités de collaboration fiables, dont le développement répond au principe de Secure by Design. Mais elle devra également démontrer sa capacité à répondre aux besoins les plus stricts des organisations en matière d’intégration et de protection des données contre l’ingérence et les lois extraterritoriales. Enfin, pour maximiser leur cyber-résilience, les organisations devront pouvoir s'appuyer sur une solution de visioconférence off-line. Tixeo répond à ces critères de sécurité avec son chiffrement de bout en bout et son déploiement on-premise.