France mandates quantum-safe encryption from 2027

What happened?

France's National Agency for the Security of Information Systems (ANSSI) has announced that from 2027, it will stop certifying security products that do not incorporate cryptographic algorithms resistant to quantum computing. The measure, revealed by Samih Souissi, chief of staff of ANSSI, during the France Quantum conference, implies that French government bodies and critical infrastructures must migrate to post-quantum systems before the end of the decade. Additionally, ANSSI recommends that by 2030 all companies purchase exclusively products with quantum-safe encryption. This decision, reported by Reuters and widely disseminated in media such as Slashdot, marks a regulatory milestone worldwide.

Why is it important?

Quantum computing, although still in development, threatens to break current encryption systems (such as RSA and ECC) through algorithms like Shor's. The risk known as "harvest now, decrypt later" worries governments and companies: attackers can store encrypted data today and decrypt it when they have a sufficiently powerful quantum computer. According to a 2023 World Economic Forum report, it is estimated that by 2030 a quantum computer capable of breaking RSA-2048 in hours will exist, underscoring the urgency of the measure. France, being the first country to impose mandatory regulatory deadlines, sets a precedent that could accelerate global adoption of post-quantum standards, such as those being developed by the US NIST. Souissi himself highlighted that "it is not just a technical problem, but one of governance, industrial planning, regulation, and sovereignty," according to Reuters.

Consequences for businesses and users

• For hardware and software manufacturers: they will need to redesign products to include algorithms like CRYSTALS-Kyber (for key exchange) and CRYSTALS-Dilithium (for digital signatures), standardized by NIST in 2024. This entails significant R&D costs; according to a 2023 McKinsey study, migrating to post-quantum cryptography could cost tech companies between $50 and $100 million over the next five years. Moreover, manufacturers that do not adapt will lose ANSSI certification, essential for selling to the French government and critical infrastructures.
• For critical infrastructures: sectors such as energy, transportation, telecommunications, and finance will have to audit their cryptographic systems and plan massive migrations before 2027 if they want to maintain ANSSI certification. In France, 75% of critical infrastructures depend on ANSSI-certified products, according to agency data. This could involve replacing legacy systems that have been in operation for decades, with estimated costs in the billions of euros nationally.
• For end users: in the short term, they will not notice changes, but in the long term they will gain protection against future quantum attacks. The measure could also raise the price of certified products, as manufacturers pass on R&D costs. However, ANSSI expects global competition to reduce these surcharges in the long run.

Context and comparisons

The French initiative adds to the efforts of NIST, which in 2024 standardized the first post-quantum algorithms (CRYSTALS-Kyber, CRYSTALS-Dilithium, SPHINCS+, and FALCON), and the US National Security Memorandum of 2022 urging federal systems to migrate. However, France is the first country to set concrete non-certification dates, giving it a pioneering role. Unlike voluntary recommendations, ANSSI certification is mandatory for government use and critical infrastructures, making the announcement a de facto regulatory requirement. Comparatively, the European Union has not yet set binding deadlines, although the Cybersecurity Regulation (CRA) and the Cyber Resilience Act are under discussion. Germany and the Netherlands have shown interest in following the French model, according to statements by their respective cybersecurity agencies in 2025. This move also aligns with NATO's strategy, which in 2024 published its roadmap for post-quantum cryptography in defense.

What should readers know?

Migrating to post-quantum cryptography is not trivial. It involves replacing communication protocols such as TLS, SSH, and IPsec; updating hardware (especially IoT devices with limited resources, which often use lightweight cryptography); and training security teams. ANSSI has published detailed technical guides on its website, recommending starting with an inventory of cryptographic assets and prioritizing the most critical systems. The 2027 deadline is tight: according to a 2025 Gartner report, only 20% of French companies have begun the transition. Companies operating in France or collaborating with its government should start planning immediately, including risk assessment, algorithm selection, and interoperability testing. Additionally, they should consider that other countries may adopt similar deadlines, so a global migration strategy is advisable.

Beyond France

The French decision could influence the European Union, which is already working on the Cybersecurity Regulation (CRA) and the certification of ICT products. The European Commission has indicated it will evaluate the French measure as a possible model for a community directive. Globally, the measure reinforces the need to adopt open standards and collaborate with bodies such as NIST and ETSI to avoid fragmentation. Countries like Japan, South Korea, and Australia have already announced pilot post-quantum migration plans, while China has heavily invested in quantum computing and post-quantum cryptography, according to a 2024 CSIS report. Regulatory fragmentation could be a challenge, but the French initiative acts as a catalyst for coordinated action. In Souissi's words, "it is a matter of technological sovereignty," and the world is watching.