France’s cybersecurity agency ANSSI says it will tighten enforcement on quantum-resistant cryptography, ending certifications for security products that do not use quantum-safe—also known as post-quantum—encryption. The decision, announced by ANSSI’s chief of staff Samih Souissi at the France Quantum 2026 Summit, is scheduled to take effect in 2027, with a broader push for businesses to rely on quantum-safe products by 2030.
ANSSI certification is widely treated as a gateway for adoption across French government agencies and operators of critical infrastructure. As a result, the move is expected to raise pressure on vendors to demonstrate post-quantum cryptography capability well ahead of the deadline, or risk losing access to public-sector demand.
Key takeaways
- ANSSI will stop certifying security products that do not include quantum-resistant encryption, starting with changes communicated for 2027.
- Souissi said businesses should prioritize quantum-safe products by 2030, aligning procurement expectations across France’s public and critical sectors.
- The French timeline mirrors the U.S. National Security Agency’s CNSA 2.0 plan, which also centers on a 2027 transition point.
- For crypto networks and infrastructure providers, the emphasis on post-quantum readiness echoes a broader industry shift toward upgrading signature and key-management schemes.
ANSSI moves from guidance to enforceable deadline
At the France Quantum 2026 Summit, Souissi said ANSSI would halt certifications for products lacking quantum-resistant encryption in 2027. He also advised businesses to buy only quantum-safe products by 2030, framing quantum readiness not just as an engineering challenge but as a governance and planning problem.
According to Reuters, Souissi described the change as an effort spanning “governance, industrial planning, regulation, and sovereignty.” This signals that the agency views procurement standards as a strategic tool: vendors can’t treat post-quantum migration as optional or purely voluntary once certification becomes tied to government acceptance and deployment timelines.
Marin Ivezic, founder of consulting firm Applied Quantum, said the agency had been signaling the direction for years, but that what changed was the public commitment tied to a major conference—Reuters reported that the guidance became a clear pledge once Souissi stated it openly in front of the French quantum ecosystem.
Why the 2027 and 2030 milestones matter for vendors
ANSSI certification matters because it functions as a prerequisite for security product use across French public institutions and critical infrastructure operators. In practice, that means vendors seeking government contracts may have to prove post-quantum cryptography capabilities by 2027, or else face exclusion from the certification pipeline.
The tighter certification regime also forces earlier investment decisions for manufacturers, integrators, and enterprise buyers who rely on certified tools. Even where deployments can be phased, the certification change creates a concrete “planning horizon” for product roadmaps: companies generally need time to implement, test, and validate cryptographic changes—especially when certification requirements are strict.
Ivezic’s characterization of the convergence is notable: he said that two major cryptographic certification authorities serving large defense and government technology markets have aligned on making post-quantum cryptography a pass-fail requirement using the same year.
France aligns with the U.S. NSA’s CNSA 2.0 plan
France’s 2027 cutoff comes as another prominent government push toward post-quantum security is already underway in the United States. The NSA’s CNSA 2.0 framework requires national security systems to support approved quantum-resistant algorithms by Jan. 1, 2027. Under CNSA 2.0, noncompliant systems are expected to be phased out by the end of 2030, and by the end of 2031, all national security systems must be using CNSA 2.0 algorithms.
Reuters reported the parallel between the two policies, and Ivezic linked the significance of the overlap to the strength of the message to the global supply chain: when both sides of a major buyer ecosystem move on the same date, vendors have to treat migration as a necessity rather than a speculative future upgrade.
For readers tracking quantum risk, the takeaway is that “when” is becoming standardized across high-security institutions. That doesn’t remove technical uncertainty—post-quantum ecosystems still involve algorithm selection, performance tradeoffs, and migration engineering—but it does reduce ambiguity around procurement windows.
Quantum readiness remains a live issue for crypto
Concerns about quantum threats aren’t limited to government security products. The cryptocurrency industry has been grappling with the implications of quantum computing for cryptographic assumptions used across blockchain systems.
In May, data analytics platform Glassnode estimated that nearly 10% of Bitcoin’s total supply—about 1.92 million BTC—could be considered “structurally unsafe” in the event of a quantum computing breakthrough, referencing scenarios where quantum capabilities could undermine certain cryptographic protections. Earlier coverage from Cointelegraph noted that the possibility of quantum computers becoming operational before 2030 has been discussed in academic research, keeping timelines in the public conversation even as engineering realities remain uncertain.
Separately, Coinbase has argued that proof-of-stake networks may face heightened risk because of the signature schemes used to secure block production. In April, Coinbase warned that blockchains including Ethereum and Solana could be more exposed than systems with different cryptographic structures tied to consensus and validation.
At the same time, Coinbase acknowledged that multiple networks have begun hardening their systems against quantum threats. It described Algorand as having a “staged roadmap toward full quantum readiness” and said it is among the early networks to deploy cryptography designed to resist quantum attacks. Coinbase also said Aptos was “well-positioned for the transition to post-quantum secure transactions.”
Cointelegraph previously reported that Solana and Ethereum have also outlined roadmaps for quantum mitigation, including upgrading signatures to quantum-resistant alternatives. While these efforts vary in maturity, they reflect a broad recognition: the cryptographic mechanisms that secure transactions and validator behavior must be resilient to future computational advances.
The ANSSI announcement effectively raises the urgency for the broader security ecosystem, including companies that provide cryptographic tooling used in exchanges, custodianship, and infrastructure. Even if blockchain networks control their own protocol upgrades, the surrounding software stack and security products increasingly face “certification-style” expectations rooted in post-quantum readiness.
What to watch next is whether more jurisdictions adopt certification requirements similar to ANSSI’s—and how quickly major crypto infrastructure providers accelerate post-quantum migrations in response to government procurement deadlines. The technical work remains complex, but the policy momentum suggests quantum-safe cryptography will move from planning to enforcement sooner than many organizations previously assumed.
https://www.cryptobreaking.com/france-to-require-quantum-resistant/?utm_source=blogger%20&utm_medium=social_auto&utm_campaign=France%20to%20require%20quantum-resistant%20encryption%20for%20certified%20products%20
Comments
Post a Comment