France crosses the quantum Rubicon: abandoning post-quantum certification will be fatal for cybersecurity products
The French National Agency for the Security of Information Systems (ANSSI) has announced a radical change in the rules for certifying cybersecurity products. Starting in 2027, the agency will stop issuing certificates for solutions that are not equipped with encryption resistant to quantum attacks. This announcement was made at the France Quantum conference in a speech by the head of the ANSSI cabinet, Samih Souissi.
ANSSI certification is not just a formality. It is a mandatory condition for the use of solutions in French government agencies and critical infrastructure facilities. Souissi emphasized that by 2030, companies will be required to purchase exclusively quantum-resistant products. According to him, the transition is driven by the threat of "harvest now, decrypt later": attackers can already intercept and accumulate encrypted data today in order to decrypt its contents in the future, once sufficiently powerful quantum computers become available.
This decision is not just a technical innovation, but a strategic signal for the entire market. We see how France, following the recommendations of NIST and European trends, is laying the foundation for "quantum security." From an analyst's perspective, this means that any developer targeting the European market must already integrate post-quantum algorithms into their products. Ignoring this requirement will lead to a complete loss of access to government procurement and critical infrastructure by the end of the decade. The market is facing a wave of reworking existing solutions, and those who start preparing today will gain a tremendous competitive advantage.