Read Every Page. Flag Every Risk.
Security Tenders in France.

The State of Security Procurement in France

Updated 15 May 2026

## Extracting the CNAPS and CCAG-FCS Compliance Matrix from UGAP Security RFPs When targeting a €4.2M physical security contract published on the BOAMP, manual extraction of mandatory certifications often misses critical sub-clauses buried in the appendices. Lucius AI utilizes a Gemini-extracted compliance matrix to parse the Règlement de la Consultation (RC) and isolate specific Conseil National des Activités Privées de Sécurité (CNAPS) licensing requirements for every proposed security agent. For a recent Ministère de l'Intérieur tender requiring 24/7 armed guarding with Category D weapons, the engine mapped 47 distinct compliance criteria directly to the Cahier des Clauses Techniques Particulières (CCTP). By processing the raw PDF through the Files API caching system, the platform instantly aligns the buyer's demands with the strict Loi Sécurité Globale mandates regarding agent training hours. Tender writers drafting responses for UGAP framework agreements can then assign these extracted Cahier des Clauses Administratives Générales applicables aux marchés de Fournitures Courantes et de Services (CCAG-FCS) obligations to specific subject matter experts within their organization. Furthermore, if the Avis d'Appel Public à la Concurrence (AAPC) specifies APSAD R81 certification for intrusion detection systems, the matrix automatically flags this prerequisite for the technical volume, ensuring no mandatory qualification is overlooked before the drafting phase commences.

## Detecting Penalty Clauses and Indemnity Asymmetry under the Code de la commande publique Navigating the Code de la commande publique requires strict scrutiny of the Cahier des Clauses Administratives Particulières (CCAP) for hidden financial liabilities that could erode contract profitability. Lucius AI deploys targeted risk flag detection to identify indemnity asymmetry and disproportionate pénalités de retard within complex French public security contracts governed by the Direction des Affaires Juridiques (DAJ). During a €1.8M municipal CCTV deployment for the Ville de Lyon, the system highlighted a buried clause imposing a €5,000 daily fine for network downtime exceeding 15 minutes. The engine cross-references these punitive terms against Article L. 2112-2 of the Code de la commande publique to ensure the buyer's demands remain legally enforceable and proportionate to the contract value. Using the Gemini-extracted compliance matrix, the platform isolates liability caps that deviate from the standard CCAG-TIC (Techniques de l'Information et de la Communication) framework typically used for video surveillance networks. Tender writers can then draft precise clarification questions for the Direction des Achats de l'État (DAE) before the mandatory Q&A deadline expires on the 14th of November, effectively mitigating commercial risk before committing to the Acte d'Engagement.

## Deep Think Contradiction Audits Across DUME and Annexes de Sécurité Complex security tenders frequently contain conflicting instructions between the Document Unique de Marché Européen (DUME) and the localized Plan d'Assurance Sécurité (PAS) provided by the buyer. Lucius AI executes a Deep Think contradiction audit across the full procurement pack to reconcile these discrepancies before the drafting phase begins. In a recent €6.5M access control upgrade for the SNCF Réseau, the Règlement de la Consultation mandated a maximum 10-page limit for the technical methodology, while the CCTP Annex 4 demanded a 15-page detailed risk assessment covering biometric data storage. The Deep Think contradiction audit immediately surfaced this clash, allowing the bidder to formally request an amendment via the Plateforme des Achats de l'État (PLACE). The engine also verifies that the pricing schedule in the Bordereau des Prix Unitaires (BPU) matches the exact hardware quantities listed in the Détail Quantitatif Estimatif (DQE) for card readers and turnstiles. By caching the entire dossier via the Files API, the system ensures that any updates or errata published by the Direction Générale de l'Armement (DGA) instantly trigger a new cross-document audit to maintain absolute bid consistency.

## Generating Technical Responses Grounded in Past SecNumCloud and ANSSI-Certified Bids Drafting the Mémoire Technique for cybersecurity and physical security convergence requires precise alignment with Agence Nationale de la Sécurité des Systèmes d'Information (ANSSI) guidelines. Lucius AI drives draft generation grounded in the bidder's past won responses by utilizing File Search citations across the corporate bid library to map historical data to the Cahier des Clauses Techniques Particulières (CCTP). When responding to a €3.2M Ministère des Armées tender requiring SecNumCloud-qualified hosting for drone surveillance footage, the platform retrieves exact architectural diagrams from a previously successful 2023 Gendarmerie Nationale submission. The File Search citations explicitly link the newly generated prose to the company's established Référentiel Général de Sécurité (RGS) compliance narratives, proving historical competence. This ensures that the proposed Plan de Continuité d'Activité (PCA) perfectly mirrors the operational protocols previously validated by the Haut Fonctionnaire de Défense et de Sécurité (HFDS). Tender writers receive a fully cited draft that integrates the specific Loi de Programmation Militaire (LPM) requirements without hallucinating unverified technical capabilities, ensuring the final narrative meets the rigorous evaluation criteria set by the French defense sector.

## Validating Submission Readiness for the PLACE plateforme des achats The final hurdle in French public procurement involves a rigorous submission readiness check against the buyer's stated rules on the PLACE plateforme des achats. Lucius AI scans the finalized Acte d'Engagement (ATTRI1) to confirm that the authorized signatory matches the Kbis extract registered with the Tribunal de Commerce within the last three months. For a €900,000 perimeter intrusion detection contract with the Aéroports de Paris (ADP), the system verified that all PDF files were digitally signed using an eIDAS-compliant certificate, as mandated by the consultation rules. The submission readiness check also ensures that the Déclaration du candidat (DC1 and DC2 forms) contain the exact SIRET numbers mandated by the Direction de l'Immobilier de l'État (DIE) for joint ventures. By cross-referencing the final upload package against the BOAMP publication notice, the engine guarantees that no mandatory annexes, such as the Attestation de vigilance URSSAF or the Certificat de régularité fiscale, are omitted. This exhaustive validation process prevents administrative rejection by the Commission d'Appel d'Offres (CAO) during the initial envelope opening phase, securing the bidder's place in the technical evaluation.

Bidders into France security contracts compete under BOAMP, PLACE and the French Code de la commande publique. Sector-specific compliance bars include SIA licensing, BS 7858 vetting, Approved Contractor Scheme (ACS) and PSI Act compliance — Lucius AI maps each one to your response with a page-cited audit trail, so legal review reads as fast as engineering review.