France Mandates Quantum-Resistant Encryption for Government and Critical Infrastructure
France's national cybersecurity agency, ANSSI, will cease certifying non-quantum-safe encryption products starting in 2027, pushing a nationwide transition to quantum-resistant cryptography.

France is taking a decisive step towards securing its digital infrastructure against the future threat of quantum computing. The country's cybersecurity agency, ANSSI, announced that it will stop certifying security products that do not incorporate quantum-resistant encryption, effective from 2027. This policy shift is poised to accelerate the adoption of post-quantum cryptography across government bodies and critical infrastructure operators.
Samih Souissi, ANSSI's chief of staff, revealed the agency's timeline at the France Quantum conference. The certification freeze for non-quantum-safe products will begin in 2027. Furthermore, ANSSI expects businesses to exclusively procure quantum-safe products by 2030. As ANSSI approval is a prerequisite for the deployment of security products within French government agencies and essential services, this policy effectively mandates a phase-out of older, vulnerable encryption standards.
The move underscores a growing global concern about the potential for future quantum computers to break current encryption algorithms, which underpin much of modern digital security. While the timeline for cryptographically relevant quantum computers remains uncertain, proactive measures are being taken by nations and organizations to mitigate the risk of a 'harvest now, decrypt later' attack, where encrypted data is stolen today and decrypted once powerful quantum computers become available.
This French initiative aligns with broader international efforts to standardize and deploy post-quantum cryptography. Organizations like the U.S. National Institute of Standards and Technology (NIST) have been leading efforts to select and standardize quantum-resistant algorithms. France's policy adds a regulatory imperative, ensuring that its most sensitive sectors are prepared for the quantum transition.
The implications for vendors and businesses are significant. Companies supplying security products to the French government or critical infrastructure will need to ensure their offerings meet the new quantum-resistance requirements by 2027. This necessitates investment in research, development, and integration of new cryptographic primitives into existing and future products.
For government agencies and critical infrastructure operators, the transition will involve a complex migration process. This includes inventorying existing systems, assessing their cryptographic dependencies, and planning for the phased replacement or upgrade of hardware and software. The deadline of 2030 for exclusive procurement of quantum-safe products provides a clear target for these modernization efforts.
While the focus is currently on government and critical infrastructure, the broader expectation for businesses to adopt quantum-safe products by 2030 suggests a potential ripple effect across the entire French economy. This proactive stance by ANSSI positions France as a leader in preparing for the post-quantum era, aiming to safeguard its digital sovereignty and the integrity of its sensitive data against future cryptographic threats.