🟡 Medium | Source: Schneier on Security
France’s national cybersecurity agency ANSSI has announced it will stop certifying security products that lack quantum-resistant encryption from 2027, with a target for businesses to purchase only quantum-safe products by 2030. Because ANSSI certification is mandatory for French government agencies and critical infrastructure operators, this effectively mandates a migration away from classical encryption across those sectors. The move signals a broader regulatory shift in Europe towards post-quantum cryptography (PQC) standards.
Security Architect’s Take: Start a PQC readiness assessment now: audit your cryptographic inventory to identify RSA, ECC, and other classical algorithms in use across cloud workloads, TLS termination points, key management services, and VPNs. Prioritise systems with long data-sensitivity lifespans and align your roadmap to NIST PQC standards (FIPS 203/204/205) and emerging EU regulatory timelines.
Original advisory: France to Stop Certifying Non-Quantum-Safe Encryption