Summary
- France plans to stop certifying security products without quantum-resistant encryption from 2027, creating a procurement deadline for government and critical-sector suppliers.
- Quantum-safe migration depends on cryptographic inventory, hybrid deployment, protocol testing, hardware readiness, and long transition planning.
- Vendors, banks, public services, telecoms, cloud providers, and industrial operators will need stronger evidence of cryptographic resilience before the quantum threat becomes practical.
ANSSI is preparing to stop certifying security products that lack quantum-resistant encryption from 2027, moving post-quantum cryptography from long-range planning into the procurement process for products used in sensitive French environments.
The policy, reported from the France Quantum conference, would make quantum-safe capability part of the approval path for security products bought by government bodies and critical operators. Businesses are also being encouraged to buy only quantum-safe products by 2030, giving suppliers and customers a timetable that is close enough to affect product roadmaps, contract renewals, and assurance work already under way.
ANSSI certification carries weight in French public-sector and critical-sector procurement. It can influence whether a product is suitable for use in higher-assurance environments, how buyers assess supplier credibility, and what evidence is expected during due diligence. Once quantum-resistant encryption becomes part of that process, vendors without a credible migration path risk being pushed out of sensitive markets before quantum computers become operationally relevant.
The agency’s wider guidance on post-quantum cryptography treats the transition as a long programme rather than a software update. ANSSI says post-quantum cryptography is the most promising route for resisting the quantum threat, while also warning that migration will take more than a decade and affect the whole cybersecurity field.
What quantum-safe encryption means
Modern public key cryptography relies on mathematical problems that are difficult for classical computers to solve. RSA, elliptic curve cryptography, key exchange, digital signatures, certificate chains, secure boot, VPNs, encrypted messaging, code signing, identity systems, and public key infrastructure all depend on that assumption. A cryptographically relevant quantum computer would weaken or break many of those protections.
Post-quantum cryptography does not involve encrypting data with a quantum computer. It refers to classical algorithms designed to resist attacks from both classical computers and future quantum computers. The most urgent work sits around public key cryptography, where systems agree keys, verify identities, and prove authenticity. Symmetric encryption such as AES is less directly exposed, although key length, implementation quality, and surrounding protocols still need attention.
The risk is already present for information that must remain confidential for years. Attackers can steal encrypted traffic or archives now and keep them until future computing capability makes decryption viable. State material, health records, industrial designs, legal archives, telecoms traffic, financial records, and long-lived identity credentials all sit inside that long confidentiality window.
The hard work starts with inventory
Many organisations do not know where cryptography is used across their estate, which algorithms are embedded in products, which libraries are depended on, which certificates support critical workflows, or which systems cannot easily be upgraded. Cryptography is often buried inside appliances, firmware, industrial controllers, authentication platforms, cloud services, VPNs, third-party applications, smart devices, and managed services.
Migration therefore becomes a governance programme as well as a technical one. Procurement teams will need to ask suppliers which algorithms are used, whether products support hybrid cryptography, what update path exists, how keys and certificates are managed, and whether protocol changes will affect latency, bandwidth, interoperability, or device performance. Broad claims of quantum readiness will not be enough in certified environments.
Hybrid deployments are likely to dominate the transition. Many systems will combine established algorithms with post-quantum algorithms so that compromise of one does not immediately collapse the whole protection model. That gives organisations time to test interoperability and performance, but it also increases complexity. More keys, larger messages, certificate-chain changes, and protocol negotiation all create operational work.
Performance and footprint will shape deployment. Post-quantum signatures and key encapsulation mechanisms can involve larger public keys, signatures, or ciphertexts than existing algorithms. Datacentre environments may absorb those changes more easily than constrained devices, low-latency systems, mobile networks, satellites, industrial equipment, payment infrastructure, and embedded hardware, where message size, memory, processing power, and update capacity directly affect feasibility.
Certification becomes a market signal
France’s certification direction puts supplier roadmaps under pressure. A vendor selling into public-sector or critical-sector markets can no longer treat post-quantum readiness as an optional future feature. It becomes part of assurance, market access, and product lifecycle planning. Products with long deployment cycles will need credible support before buyers commit to systems expected to remain in service through the 2030s.
Cloud and software providers may move faster where they control the service layer and can update cryptographic libraries centrally. Hardware vendors, embedded product makers, industrial equipment suppliers, semiconductor designers, and specialist infrastructure providers face a longer path, especially where products are certified, safety-related, or deployed in environments with limited downtime.
Banks and public services will need to place cryptographic migration alongside operational resilience, outsourcing, and data governance. Changing cryptography can affect authentication, transaction signing, secure communications, backup restoration, digital evidence, and regulatory records. A rushed migration can create outages or interoperability failures; a delayed migration can leave long-lived sensitive data exposed to future decryption.
ANSSI’s move also intersects with European sovereignty and standards alignment. French buyers and suppliers will need to track national certification requirements, EU policy, and US NIST standards while avoiding fragmented implementation that forces vendors to maintain separate product variants for different jurisdictions. Multinational suppliers and cloud providers will feel that tension most acutely.
The immediate work is discovery, classification, and evidence. Organisations need to identify where cryptography sits, decide which data and systems require long-term protection, demand supplier roadmaps, test hybrid implementations, and make future certification requirements part of architecture decisions now. France has made the procurement deadline visible; the exposed estate may take much longer to understand.





