NIR Insee

Detects NIR Insee patterns. This pattern is based on a Microsoft Purview built-in sensitive information type. Users already running Purview may prefer to enable the built-in SIT directly, or use this version as a starting point for customisation.

Type

regex

Engine

universal

Confidence

medium

Confidence justification

Medium confidence: pattern has structural constraints but corroborative keywords are recommended to reduce false positive rates. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Verified

Jurisdictions

eu, fr

Regulations

BDSG, CNIL / LIL, GDPR

Frameworks

ISO 27001, ISO 27701

Data categories

pii, government-id

Scope

narrow

Risk rating

9

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Compatible, Netskope: Unsupported

Pattern

\b[12]\d{2}(0[1-9]|1[0-2]|[2-4][0-9])\d{2}(?:\d{3}|2[AB])\d{3}\d{2}\b

Corroborative evidence keywords

identifier, number, ID, ID number, identification, ID card, license, permit, registration, certificate, field, column, row, entry, record, value, form, register, database, extract (+16 more)

Proximity: 300 characters

Should match

• 185057512345678 — Male born 1985 in department 75
• 293019912345612 — Female born 1993 in department 99
• 190017512345634 — Person born 1990 in department 75

Should not match

• 3850575123456 78 — Invalid gender digit (3 instead of 1 or 2)
• 1851375123456 78 — Invalid month (13)
• 185057512345 78 — Too few digits in commune/sequence section
• template example placeholder record identifier — Template/sample context should be excluded even when anchor words are present

Known false positives

• Common words and phrases related to nir insee appearing in policy documents, training materials, HR templates, or compliance guidelines without actual personal data. Mitigation: Require corroborative evidence keywords within the proximity window to confirm sensitive data context rather than general discussion.
• In multiple EU languages, similar terminology used in formal or administrative contexts (education, professional documentation) that does not constitute sensitive data collection. Mitigation: Layer with additional contextual signals such as structured identifiers, form fields, or database column headers to distinguish sensitive records from general references.

References

• France social security number (INSEE) entity definition - Microsoft Learn

Collections

• European National IDs
• GDPR Personal Data Kit