#What has France decided about quantum security?
France has established a clear stance on quantum security. The national cybersecurity agency, ANSSI, announced that by 2027, it will cease to certify any security products that do not integrate quantum-resistant encryption. This measure aims to protect sensitive data from future quantum computing threats.
#What did ANSSI announce at the France Quantum conference?
During the France Quantum conference on June 16, ANSSI's chief of staff outlined a clear timeline for transitioning to quantum-safe products. Starting in 2027, certifications will no longer be granted to products that lack quantum-safe technology, with a complete switch to these new encryption standards expected by 2030. This policy focuses primarily on conventional cryptographic algorithms such as RSA and ECC, which form the backbone of many digital security frameworks, including government systems, banking, and blockchain.
#Is there a history behind this decision?
This announcement did not come unexpectedly. ANSSI had previously published a position paper on post-quantum cryptography transitions in 2022. Additionally, a follow-up study released in March 2025 indicated that a significant number of organizations, 38 to be precise, had no plans to transition to quantum-safe alternatives.
#Why is the quantum threat significant?
Adversaries are already utilizing a "harvest now, decrypt later" tactic. They are collecting encrypted data now with the intention to decrypt it once quantum technology advances. By enacting this policy, France aims to preempt the potential data breaches that could occur once quantum computing capabilities progress.
#What does this mean for cryptographic standards?
The National Institute of Standards and Technology (NIST) in the United States released its first post-quantum cryptography standards in 2024, introducing algorithms such as ML-KEM and ML-DSA designed to withstand both classical and quantum cyber attacks. France's decision aligns with this international push for standardization while also mandating compliance for certified products.
#Should crypto investors be concerned?
While ANSSI's announcement does not directly mention digital assets or cryptocurrencies, it has significant implications for these sectors. Cryptocurrencies like Bitcoin and Ethereum utilize elliptic curve cryptography (ECC), which are the same algorithms France is moving away from for government certifications. The risk associated with "harvest-now, decrypt-later" strategies extends to blockchain technology, where exposed public keys could be compromised in the future.
#What should security vendors do?
France's 2027 deadline creates urgency for security vendors to adopt what is known as "crypto-agility." This refers to the ability to switch cryptographic algorithms without overhauling existing systems. The 2030 deadline for a full transition allows for a four-year adaptation period, which sounds adequate but can be challenging given the time required for protocol updates in decentralized environments.