🟡 Medium  |  Source: Schneier on Security


France’s national cybersecurity agency ANSSI has announced it will stop certifying security products that lack quantum-resistant encryption from 2027, with a target for businesses to purchase only quantum-safe products by 2030. Because ANSSI certification is mandatory for French government agencies and critical infrastructure operators, this effectively mandates a migration away from classical encryption across those sectors. The move signals a broader regulatory shift in Europe towards post-quantum cryptography (PQC) standards.

Security Architect’s Take: Start a PQC readiness assessment now: audit your cryptographic inventory to identify RSA, ECC, and other classical algorithms in use across cloud workloads, TLS termination points, key management services, and VPNs. Prioritise systems with long data-sensitivity lifespans and align your roadmap to NIST PQC standards (FIPS 203/204/205) and emerging EU regulatory timelines.

Original advisory: France to Stop Certifying Non-Quantum-Safe Encryption