France tightens crypto standards: ANSSI certification will require quantum resistance from 2027
The French National Agency for the Security of Information Systems (ANSSI) has announced a radical change in its cybersecurity product certification policy. Starting in 2025, the agency will cease issuing certificates for solutions that use classical cryptographic algorithms not protected against quantum attacks. This statement was made by the head of the ANSSI cabinet, Samih Souissi, at the specialized France Quantum conference.
The new standard will affect all products intended for use in French government agencies and critical infrastructure facilities. These segments require mandatory ANSSI certification. According to Souissi, by 2030, French companies will be required to purchase exclusively quantum-resistant solutions. The transition to post-quantum cryptography is driven by the strategic threat known as "harvest now, decrypt later": attackers can already intercept and accumulate encrypted data today, waiting for the emergence of quantum computers capable of breaking current algorithms.
Why This Matters for the Crypto Industry
The ANSSI decision is not just a technical update but a signal for the entire blockchain and cryptocurrency ecosystem. Many decentralized protocols, including those supporting smart contracts and wallets, use elliptic curve cryptography (ECDSA, EdDSA). These algorithms are vulnerable to attacks using quantum computers, jeopardizing the security of assets and transactions. France, as one of the leaders in crypto-asset regulation (MiCA), is effectively setting standards for the entire European Union.
Projects that do not transition to post-quantum algorithms (e.g., based on lattices or hashes) risk losing access to the French market and government contracts. This is especially critical for DeFi protocols and infrastructure solutions aimed at institutional investors.
My expert analysis: The ANSSI decision is not panic but a pragmatic step in the face of the growing quantum threat. For the crypto industry, this means that the time for adaptation is limited. Projects that are already implementing post-quantum cryptography today (e.g., through hybrid schemes) will gain a competitive advantage. The rest will have to hastily modernize their protocols, which may cause temporary disruptions in network operations. The market must be prepared for a "quantum transition" within the next five years.