France introduces strict requirements for post-quantum cryptography: ANSSI certification from 2027
France is taking a decisive step into the era of post-quantum security. The National Agency for the Security of Information Systems (ANSSI) has officially announced that starting in 2027, it will cease certifying cybersecurity products that do not use encryption resistant to quantum attacks. This statement was made at the France Quantum conference by the head of the agency's cabinet, Samih Souissi.
The decision has far-reaching consequences. ANSSI certification is a mandatory requirement for implementing any solutions in French government bodies and critical infrastructure facilities. Thus, within three years, all suppliers wishing to work with the French public sector must fully transition to quantum-resistant algorithms.
The "Harvest Now, Decrypt Later" Threat
The key motive for this step is the risk known as "harvest now, decrypt later." Attackers can already intercept and accumulate encrypted data today, counting on the emergence of sufficiently powerful quantum computers in the future. Once such machines become a reality, the entire accumulated array of encrypted information will be at risk of instant decryption.
Souissi also emphasized that by 2030, French companies must purchase exclusively quantum-resistant products. This means the transition period for businesses will last until the end of the decade, but for the public sector, the requirements will come into force much earlier.
Expert Analysis
This is one of the most specific and stringent regulatory requirements in the field of post-quantum cryptography to date. France is effectively setting the standard for all of Europe, and other countries are likely to follow this example. For the crypto industry and blockchain projects, this is a signal: the time for adaptation is rapidly shrinking. If you are building solutions with a long-term perspective, implementing quantum-resistant algorithms should become a priority now, not in five years.