France's ANSSI to Stop Certifying Non-Quantum-Safe Encryption by 2027
France's cybersecurity agency has set a hard deadline to phase out certification for encryption products that can't resist quantum attacks — a policy with teeth because ANSSI approval is mandatory for government and critical-infrastructure use.
Key Takeaways
- ANSSI will stop certifying security products lacking quantum-resistant encryption starting in 2027.
- ANSSI certification is mandatory for use in French government agencies and critical infrastructure, so this is a de facto phase-out of classical-only cryptography in those sectors.
- ANSSI's chief of staff, Samih Souissi, said businesses more broadly should be buying only quantum-safe products by 2030.
- The move gives vendors and operators a concrete, dated migration target rather than a vague future warning.
At the France Quantum conference, ANSSI's chief of staff, Samih Souissi, said the agency would stop certifying security products that lack quantum-resistant encryption from 2027, and that businesses should be buying only quantum-safe products by 2030. That is a notable shift from the usual pattern of advisory guidance toward a dated, enforceable requirement.
The reason this matters beyond France is the mechanism, not the announcement itself. ANSSI certification (through schemes such as CSPN and Common Criteria evaluations it oversees) is required for products to be used inside French government agencies and by operators of critical infrastructure. Once ANSSI stops certifying non-quantum-safe products, those products become ineligible for that market segment by default — no separate ban is needed.
Why the timeline is aggressive but not surprising
Governments and standards bodies have been moving toward post-quantum cryptography (PQC) for several years, driven by "harvest now, decrypt later" concerns: adversaries capturing encrypted traffic today with the expectation that a future cryptographically relevant quantum computer will let them decrypt it. NIST finalized its first PQC standards in 2024, and national agencies across the US, UK, EU and elsewhere have published migration guidance and roadmaps since. ANSSI's move is one of the first to attach a hard certification cutoff rather than a target date for organizations to "aim for."
For vendors selling into the French public sector or to operators of importance (OIV/OSE-equivalent entities), a 2027 certification cutoff is a short runway. Cryptographic modules, TLS stacks, VPN appliances and hardware security modules typically take years to redesign, re-certify and deploy — meaning vendors that haven't already started hybrid classical/PQC implementations are already behind.
What this means for security teams
- Inventory your cryptography now. Most organizations don't have an accurate map of which systems use which algorithms, key sizes, and libraries — that map is the prerequisite for any PQC migration plan.
- Prioritize by data sensitivity and lifetime. Data that must stay confidential for years (state secrets, health records, long-lived intellectual property) is the highest-priority harvest-now-decrypt-later target.
- Track vendor roadmaps, not just standards. A supplier's PQC support timeline — and whether it maps to hybrid key exchange (classical + PQC) rather than a risky PQC-only cutover — matters more day to day than the underlying NIST algorithm choice.
- Expect procurement questions to change. Even outside France, RFPs and vendor security questionnaires are increasingly likely to ask for quantum-readiness timelines as a baseline compliance item.
France's move is a regulatory signal other national agencies will watch closely. A certification-based phase-out is easier to enforce than a voluntary migration target, and if it proves workable, expect similar dated cutoffs from other EU member states and agencies operating comparable product-certification schemes.
The bottom line
This isn't a research-lab milestone — it's a compliance deadline with a mandatory gatekeeper attached. Organizations that sell into or operate French critical infrastructure now have a fixed date to work backward from, and everyone else has a preview of where procurement requirements are heading.
Frequently Asked Questions
What exactly did ANSSI announce?
ANSSI said it will stop certifying security products that lack quantum-resistant encryption starting in 2027, and that businesses should be purchasing only quantum-safe products by 2030.
Why does ANSSI certification matter so much?
ANSSI approval is required for products used by French government agencies and critical-infrastructure operators, so losing certification eligibility effectively locks non-quantum-safe products out of that market.
Does this mean quantum computers can break encryption today?
No — the policy addresses the 'harvest now, decrypt later' risk, where adversaries store encrypted data now to decrypt later once a sufficiently powerful quantum computer exists, not a current break of standard encryption.
Sources
- 1France to Stop Certifying Non-Quantum-Safe Encryption — Schneier on Security