Threat IntelligenceJune 23, 2026

France Just Set a Hard Deadline for Quantum-Safe Security: Here's What It Means Before 2027

ANSSI will stop certifying security products without quantum-resistant encryption starting 2027. Learn what France's hard deadline means for your enterprise and how to prepare now.

TC

Team Conux

Conux Editorial

France Just Set a Hard Deadline for Quantum-Safe Security: Here's What It Means Before 2027

In a boardroom in Paris this month, a government official said something most enterprise leaders haven't heard from a regulator yet: a specific year by which "we'll get to it eventually" stops being an option. At the France Quantum conference, ANSSI, France's national cybersecurity agency, announced that starting in 2027, it will no longer certify security products that lack quantum-resistant encryption. By 2030, ANSSI says businesses should be buying quantum-safe products exclusively.

This is not a white paper or a five-year vision statement. It is a certification gate tied to a calendar, and it places France among the most aggressive governments in the world on quantum-resistant encryption. For any CTO or CISO whose organization sells into, partners with, or operates alongside French government and critical infrastructure, the clock just moved from abstract to enforceable.

Key Takeaways

ANSSI's certification cutoff is 2027, not a recommendation, a requirement. Security products seeking ANSSI certification after that date must incorporate quantum-safe cryptography, and ANSSI's Chief of Staff Samih Souissi says enterprises should be buying quantum-resistant products exclusively by 2030.
The "harvest now, decrypt later" threat is the stated reason. Adversaries are intercepting and storing encrypted data today, betting they can decrypt it once quantum computers mature, the same logic driving urgency across the industry.
Widely deployed standards like ECDSA are flagged as early casualties. Experts at the conference warned that some of today's most common cryptographic algorithms could be among the first broken by future quantum attacks.
The market is already pricing this in. Capgemini's chief innovation officer told Reuters that institutional demand for quantum-safe solutions is "becoming big" and "going to be very substantial."
This sits inside a 3-billion-euro national strategy. France's quantum investment is explicitly framed around sovereignty and industrial competitiveness, not just cybersecurity hygiene.

Why a Certification Deadline Changes the Conversation

Most quantum-readiness guidance to date has been advisory. NIST publishes standards, consultancies publish roadmaps, vendors publish whitepapers. ANSSI's announcement is different in kind: it is a procurement gate. Any security product that cannot demonstrate quantum-resistant encryption will simply fail to clear certification for deployment in French government agencies and critical infrastructure after 2027.

Souissi was explicit about why this is bigger than a technical checkbox: "It's not only a technical issue. It's a matter of governance, industrial planning, regulation, and sovereignty." That framing matters. It tells vendors and enterprises that this is being treated the way export controls or data-residency law is treated, as a condition of doing business, not a best practice.

The same dynamic enterprises are watching with AI procurement, where vendors increasingly need to prove their AI systems run on auditable, compliant infrastructure, is now appearing in cryptography. The systems your organization already trusts to move money, store patient records, and run AI workloads are built on encryption that this French policy explicitly says won't pass inspection in eighteen months.

"Harvest Now, Decrypt Later" Is the Reason for the Rush

The cryptographically relevant quantum computer that breaks RSA or ECC at scale does not exist yet. ANSSI's urgency comes from a different threat model entirely: harvest now, decrypt later (HNDL). Adversaries, particularly well-resourced nation-states, are capturing and archiving encrypted traffic today, on the bet that a future quantum computer will make it readable.

"It's not only a technical issue. It's a matter of governance, industrial planning, regulation, and sovereignty." - Samih Souissi, ANSSI Chief of Staff

This reframes when the exposure actually occurs. The breach isn't a future event waiting to happen. For any data with a long confidentiality life, the exposure window opened the moment it was transmitted under a cryptographic standard quantum computing will eventually defeat. Conference participants singled out ECDSA, one of the most widely deployed signature algorithms today, as a likely early casualty, which means the question for most enterprises isn't whether their current stack is exposed, it's how much of it.

The Standards Exist. The Coordination Problem Doesn't Go Away.

NIST finalized its first post-quantum cryptography standards in August 2024: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) for digital signatures, and SLH-DSA (FIPS 205) for stateless signatures. These aren't drafts. They're the algorithms ANSSI and every other serious regulator now expect enterprises to migrate toward.

But having the algorithms is not the same as having a migration. France's 2027 certification cutoff sits alongside the U.S. CNSA 2.0 mandate (also January 2027 for national-security-connected systems) and the UK NCSC's 2035 full-migration target, a global convergence of deadlines that all assume the same uncomfortable arithmetic: a full cryptographic overhaul typically takes a large enterprise five to ten years. Measured against a 2027 certification gate, the planning has to start in this budget cycle, not a future one.

This is also where most organizations stumble, treating quantum-safe migration as a one-time algorithm swap rather than building crypto-agility: the ability to rotate cryptographic algorithms across every connected system as standards evolve, without re-engineering infrastructure each time a regulator updates the rulebook. A point fix that hard-codes today's ANSSI-approved algorithm into hundreds of systems has just built its next compliance crisis.

The Market Is Already Repricing Around This

Pascal Brier, Capgemini's chief innovation officer, told Reuters that interest from banks and public-sector institutions evaluating their quantum exposure is accelerating: "That market is becoming big. It's going to be very substantial." That's not a vendor talking up a product category. It's a signal that procurement and risk teams across regulated industries are already asking the questions ANSSI's policy assumes they should be asking.

This lands inside France's broader quantum strategy: a national investment plan valued at roughly 3 billion euros (about $3.5 billion USD), positioned explicitly as a competitive response to quantum investment from China, the United States, and other nations. Quantum-safe certification isn't a side effect of that strategy. It's one of its enforcement mechanisms.

What This Means If You Sell Into or Operate Alongside French Infrastructure

Treat 2027 as a hard certification gate, not a planning horizon. If ANSSI certification matters to your go-to-market in France, your product needs demonstrable quantum-resistant encryption well before the deadline. Certification review takes time.
Inventory the algorithms flagged as exposed first. ECDSA and similarly structured signature schemes were explicitly called out. Know where they sit in your stack before a regulator or customer asks.
Build for algorithm swapping, not a single migration. Standards will keep evolving after 2027; an architecture that lets you rotate algorithms centrally avoids repeating this exercise every time a regulator updates requirements.
Expect this to spread beyond France. CNSA 2.0, NCSC guidance, and now ANSSI certification all point the same direction. Quantum-safe readiness is converging into a baseline requirement across Western regulators, not a France-specific compliance quirk.

Conclusion: The Deadline Is the Signal

What makes ANSSI's announcement different from the usual stream of quantum-readiness warnings is specificity: a named year, a named certification consequence, and a named official stating plainly that this is now a matter of sovereignty, not just security hygiene. The algorithms enterprises need already exist. NIST finalized them in 2024. What France has now done is remove the ambiguity about when "later" runs out.

Organizations that start building crypto-agile, quantum-resistant infrastructure now will meet a 2027 certification gate as a formality. Organizations that wait will be racing a regulator's clock with an architecture that wasn't designed to move that fast.

Source: Reuters, as reported at the France Quantum conference, June 2026, comments from ANSSI Chief of Staff Samih Souissi and Capgemini Chief Innovation Officer Pascal Brier. Original reporting: Matt Swayne, "France Says It Will Won't Certify Security Products That Aren't Quantum-Resistent Starting in 2027", The Quantum Insider, June 18, 2026.

Frequently asked questions

Starting in 2027, ANSSI will not certify security products unless they incorporate quantum-resistant encryption. ANSSI's Chief of Staff has said businesses should be purchasing only quantum-resistant products by 2030. Certification is required for deployment in French government and critical-infrastructure environments, so this functions as a phased mandate for vendors in that market.

Because of "harvest now, decrypt later." Adversaries are already capturing and storing encrypted data today, expecting to decrypt it once quantum computers mature. Any data that must stay confidential for years is exposed under today's cryptography, regardless of when a quantum computer capable of breaking it actually arrives.

Experts at the France Quantum conference flagged ECDSA, a widely used digital signature algorithm, as among the standards most likely to be vulnerable early to quantum attacks. RSA and other elliptic-curve and Diffie-Hellman-based systems face the same long-term exposure.

No. France's 2027 ANSSI certification cutoff lands alongside the U.S. CNSA 2.0 mandate (also effective January 2027 for national-security systems) and the UK NCSC's 2035 full-migration target. Regulators across major Western economies are converging on overlapping quantum-safe deadlines, and global vendors will need to meet the strictest of them to operate across markets.

Start by identifying where exposed algorithms like ECDSA and RSA sit in systems with long-lived sensitive data, then build toward crypto-agility, the ability to swap cryptographic algorithms across your infrastructure centrally as standards evolve, rather than a one-time fix tied to today's requirements.

The CONUX Briefing

Get the next briefing in your inbox.

Monthly deep dives on quantum resilience, AI control planes, and the infrastructure protecting tomorrow's critical systems. No noise.

Unsubscribe anytime · No spam

Continue reading

All articles

Threat Intelligence

June 9, 2026

Post-Quantum Cryptography: What It Means When the Board Finally Asks

Post-quantum cryptography in plain language for leaders: what it is, why the clock started when NIST finalized standards in 2024, and the question your board will ask next.

TC

Team Conux

Read