France introduces strict standard: from 2027, only post-quantum cryptography
The French National Cybersecurity Agency (ANSSI) has announced a radical tightening of cybersecurity requirements. Starting in 2027, the agency will cease certifying any products not equipped with encryption resistant to quantum attacks. This statement was made at the France Quantum conference by Samih Souissi, head of the ANSSI office.
Why this is a critical shift
ANSSI certification is not a formality. Without it, no solution can be approved for use in French government agencies or critical infrastructure facilities. Souissi emphasized that by 2030, companies will be required to purchase only quantum-resistant products. This is not a recommendation but a mandatory standard for the entire national security ecosystem.
The "harvest now, decrypt later" threat
The transition to post-quantum cryptography is driven not by hypothetical fears but by real attacker tactics. Today, adversaries can intercept and accumulate encrypted data to instantly decrypt it in the future when sufficiently powerful quantum computers emerge. This is no longer theory—it is an operational strategy for cybercriminals and state-sponsored hackers.
My expert assessment: ANSSI's decision sets a new standard for all of Europe. If France—one of the EU's key players—introduces such requirements, other countries will follow within 1–2 years. For the crypto industry, this means that developers of blockchain solutions, wallets, and DeFi platforms must immediately integrate post-quantum algorithms, or risk losing access to the continent's largest institutional market.