Published Friday, July 10, 2026 at 01:22 PM PT

<strong>FRANCE MANDATES POST-QUANTUM ENCRYPTION FOR CERTIFIED SECURITY PRODUCTS BY 2027</strong>

BLUF: France’s cybersecurity agency ANSSI will cease certifying security products lacking quantum-resistant encryption starting 2027, forcing government bodies and critical infrastructure operators to migrate legacy systems. Organizations relying on French certifications must begin post-quantum crypto assessments immediately.


DETAILS

  • ANSSI announced the certification halt at the France Quantum conference; implementation begins 2027
  • Policy targets government bodies and critical operators as primary enforcement mechanism
  • Quantum-resistant encryption standards exist (NIST finalized post-quantum algorithms in 2022); transition is technically feasible but operationally complex
  • Timeline provides ~2.5 years for compliance; businesses should begin migration planning now per ANSSI guidance
  • This represents the first major government agency to enforce post-quantum cryptography via certification requirements

IMPACT

  • Direct: French government agencies, critical infrastructure operators, and vendors seeking French certification must redesign or replace cryptographic systems
  • Secondary: Organizations with cross-border operations or EU contracts may face cascading pressure as other European nations potentially adopt similar policies
  • Scope: Primarily affects France and EU-adjacent entities; global impact depends on whether other nations follow ANSSI’s lead
  • Uncertainty: Full scope of “security products” requiring compliance not yet detailed; implementation mechanisms and enforcement procedures remain unclear

RECOMMENDED ACTIONS

  • Immediate (next 30 days): Inventory cryptographic systems and identify post-quantum dependencies
  • Near-term (Q1 2025): Evaluate NIST-approved post-quantum algorithms (ML-KEM, ML-DSA, SLH-DSA) for your environment
  • Planning (2025-2026): Develop migration roadmap; prioritize systems with longest deployment lifecycles
  • Monitor: Track ANSSI guidance updates and potential EU-wide harmonization efforts

SOURCES

  • Schneier on Security (primary reporting)
  • ANSSI official announcement, France Quantum conference
  • NIST Post-Quantum Cryptography Project (algorithm reference)