Skip to main content
Defense TechGeopolitics & Defense

France Mandates Quantum-Safe Encryption by 2027

Formal conference setting with podium and abstract cryptography background.

"the agency would halt such certifications from 2027," Samih Souissi said, signalling a hard calendar for change.

ANSSI sets a clear timetable at France Quantum

France's cybersecurity agency ANSSI announced at the France Quantum conference that it will stop certifying security products that lack quantum-resistant encryption. Samih Souissi, ANSSI’s chief of staff, delivered the timetable: the agency will halt certifications of non‑quantum‑safe products from 2027, and it advised that businesses should be purchasing only quantum‑safe products by 2030.

Accelerating the country's transition to post‑quantum encryption

ANSSI framed the decision as an acceleration of France’s transition to post‑quantum encryption. By tying certification to quantum‑resistant cryptography, the agency has converted an advisory preference into a firm schedule: a certification cutoff in 2027 and a procurement expectation for 2030. Those two dates structure the agency’s public guidance as reported at the conference.

What this means for French government agencies and critical operators

ANSSI approval is required for use in French government agencies and critical infrastructure. That requirement makes the new policy a de facto phase‑out of older encryption for those users: once ANSSI stops certifying non‑quantum‑safe products in 2027, government bodies and critical operators will no longer be able to deploy uncertified, non‑quantum‑resistant products under the existing approval regime. The announcement therefore ties the certification timeline directly to operational procurement and deployment inside public agencies and critical systems.

What this means for businesses and vendors

ANSSI told attendees that businesses should be buying only quantum‑safe products by 2030. That single, date‑based instruction places a three‑year interval between the end of certification (2027) and the point at which commercial purchasing should be exclusively quantum‑safe (2030). For suppliers and vendors, that creates a clear market signal: products lacking quantum‑resistant encryption will lose ANSSI certification after 2027, and commercial buyers are expected to transition purchases by 2030.

Implications and next steps

By making quantum‑resistant encryption a certification requirement, ANSSI has moved from recommendation to a scheduled enforcement mechanism tied to formal approval. The announcement at France Quantum by Samih Souissi sets two concrete milestones—2027 for certification, 2030 for business procurement—that will govern how ANSSI approval is applied to government and critical infrastructure use. Those dates will be the immediate milestones to watch as organizations subject to ANSSI approval plan procurement and as vendors determine certification roadmaps.

Original story: https://www.schneier.com/blog/archives/2026/07/france-to-stop-certifying-non-quantum-safe-encryption.html