France’s ANSSI Will Block PQC-Free Products From Certification Starting 2027

June 17, 2026 — France’s national cybersecurity agency, ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information), confirmed on Tuesday that it will stop certifying security products that lack quantum-resistant encryption. The deadline is 2027.

Samih Souissi, ANSSI’s chief of staff, made the announcement at the France Quantum 2026 conference at Station F in Paris. He added that businesses should be purchasing only quantum-safe products by 2030, Reuters reported.

ANSSI certification (known as “qualification” in French regulatory terminology) is a prerequisite for use across French government agencies and critical infrastructure operators. Losing certification eligibility amounts to losing access to one of Europe’s largest government technology markets.

Souissi framed the decision as extending beyond technical cybersecurity. “It’s not only a technical issue,” he said. “It’s a matter of governance, industrial planning, regulation, and sovereignty.”

The policy reflects growing concern about Harvest Now, Decrypt Later (HNDL) attacks, in which adversaries intercept and store encrypted communications today with the intention of decrypting them once a cryptographically relevant quantum computer (CRQC) becomes available.

Industry players at the conference signaled that demand for PQC-capable products is already accelerating. Pascal Brier, chief innovation officer at Capgemini, told Reuters that banks and public services are actively assessing their exposure. “That market is becoming big. It’s going to be very substantial,” Brier said.

IBM executive Jerry Chow said at the event that the quantum threat to current cryptography could materialize by the mid-2030s. Separately, Qperfect warned that the Elliptic Curve Digital Signature Algorithm (ECDSA), widely used in blockchain systems, could be among the earliest targets for quantum attacks.

Fanny Bouton, head of quantum at French cloud provider OVHcloud, told Reuters the industry faces a compounding compliance challenge. “We face two challenges: auditing our products and securing all the data we hold in order to meet ANSSI’s requirements,” she said. As a European operator, OVHcloud must simultaneously satisfy ANSSI, the European Commission’s requirements, and U.S. NIST standards.

France has backed its quantum technology ambitions with a national strategy launched in 2021 that committed €1.8 billion in public and private funding over four years. [EDITOR: Reuters cites a “3 billion euro” figure; the original 2021 plan was €1.8 billion. The discrepancy may reflect additional commitments since 2021, including the PROQCIMA program for quantum computer development. Verify the current total before publication.]

My Analysis

ANSSI has been telegraphing this move for years. Its first position paper on the PQC transition arrived in 2022, with a follow-up in late 2023 that stated ANSSI would “stop delivering security labels for certain types of products claiming long-term security” without PQC. The agency’s own FAQ page confirmed it was targeting “PQC obligations for qualification starting in 2027.” What changed yesterday is that ANSSI’s chief of staff said it publicly at a major conference, in front of the French quantum ecosystem, with Reuters in the room. The guidance became a commitment.

I wrote three weeks ago that post-quantum deadlines are likely about to compress, with governments converting their 2025 guidance documents into binding obligations clustered around 2028 to 2030. ANSSI’s announcement is the latest confirmation of that pattern, and one of the clearest: a certification authority with direct market-access power, setting a hard date, in public, at a conference covered by international media.

Another 2027 Procurement Gate

The timing is impossible to ignore. ANSSI’s 2027 certification cutoff now runs in parallel with NSA’s CNSA 2.0 procurement gate, which requires all new National Security System acquisitions to support CNSA 2.0 algorithms starting January 1, 2027. Two of the world’s most demanding cryptographic certification authorities, serving two of the world’s largest defense and government technology markets, have independently converged on the same year for making PQC a pass-fail requirement.

The mechanisms differ. CNSA 2.0 operates through procurement eligibility, NIAP validation, and the Risk Management Framework. ANSSI operates through its qualification and certification schemes, which function as a gatekeeper for any security product deployed across French government agencies and critical infrastructure under the NIS2 directive. The practical effect is the same: vendors who cannot demonstrate PQC capability by 2027 start losing access to government contracts on both sides of the Atlantic.

As I covered in my CNSA 2.0 Deep Dive, the 2027 gate is the moment when PQC transitions from a planning exercise to a procurement reality. ANSSI’s announcement doubles that pressure. A vendor selling security products into both U.S. national security environments and French government networks now faces a two-front deadline with no wiggle room.

The Hybrid Requirement Compounds the Challenge

ANSSI’s announcement carries a dimension that CNSA 2.0 does not. As I analyzed in detail when ANSSI doubled down on hybrid PQC, the agency strongly recommends hybrid mechanisms (combining classical and post-quantum algorithms) for any product offering protection beyond 2030. ANSSI extends this recommendation to signatures, on the reasoning that post-quantum signature schemes are newer and less battle-tested than their key-establishment counterparts. This is a stricter posture than what the NSA requires; CNSA 2.0 permits hybrid as an interim measure but trusts post-quantum algorithms to stand alone.

The European Cybersecurity Certification Group’s Agreed Cryptographic Mechanisms v2, published in May 2025, reinforced this position at the EU level. Note 40 of that document states that LWE- and MLWE-based mechanisms “shouldn’t be used in a standalone way.” Three separate notes in the same document repeat the same requirement for ML-DSA signatures and ML-KEM key encapsulation.

For vendors, this means that supporting ML-KEM (formerly CRYSTALS-Kyber) or ML-DSA (formerly CRYSTALS-Dilithium) in isolation will not satisfy ANSSI certification requirements. Products will need hybrid implementations that pair post-quantum algorithms with established classical cryptography. That is a harder engineering lift than simply adding a new algorithm to the stack.

The Sovereignty Signal

Souissi’s framing of the decision as a matter of “sovereignty” and “industrial planning” is consistent with a pattern I have tracked across my PQC sovereignty analysis. ANSSI has explicitly reserved the right to certify an algorithm set that does not exactly match NIST’s selections. The agency names FrodoKEM (an unstructured-lattice scheme that trades performance for conservatism) as an acceptable alternative KEM, and it has left open the possibility of endorsing algorithms that NIST did not select.

France, Germany, and the Netherlands jointly led the development of the EU’s Coordinated Implementation Roadmap for PQC, published in June 2025. That roadmap sets three milestones: national transition plans by end of 2026, high-risk systems migrated by end of 2030, and full migration by end of 2035. ANSSI’s 2027 certification cutoff runs ahead of the EU’s own 2030 target for high-risk use cases. Within the European framework, France has placed itself at the front of the enforcement queue.

This matters for the multinational compliance geometry I examined in my Global PQC Migration Timelines Deep Dive. A vendor selling security products across the U.S., France, and Germany must now simultaneously satisfy CNSA 2.0’s pure-PQC preference and algorithm restrictions, ANSSI’s mandatory hybrid requirement and potential algorithm divergence, and BSI’s own hybrid mandate with its FrodoKEM and Classic McEliece recommendations. No single implementation satisfies all three. As I argued in Quantum Ready, the operational answer is to deploy hybrid as the highest-common-denominator default and carve out jurisdiction-specific configurations where regulators demand different algorithm choices.

The Preparedness Gap

A May 2025 study commissioned by ANSSI through PQShield found that none of the surveyed organizations had a post-quantum transition plan in place. CISOs lacked precise timelines for migration, and many had not identified PQC use cases. Organizations identified a need for guidance from ANSSI itself before they could begin preparatory work.

That same finding echoed across the continent. An ENISA assessment of over 1,350 organizations across 27 EU member states, cited in a December 2025 CEPS Task Force report, concluded that most European stakeholders remain largely unprepared, with substantial portions of operators in critical sectors not even planning to invest in quantum-safe measures.

ANSSI’s announcement is aimed squarely at this preparedness gap. By making certification contingent on PQC, the agency converts a recommendation into a market forcing function. Security product vendors who want to sell to French government agencies and critical infrastructure operators will need PQC capability certified by ANSSI, or they will lose market access. The vendors, in turn, will pull PQC capability through their supply chains, component suppliers, and cryptographic library providers.

The same dynamic played out with previous ANSSI certification requirements, and as I have argued repeatedly, this is the pattern that matters more than any debate about when Q-Day will arrive. Regulators, certification bodies, and procurement authorities are setting their own quantum deadlines, and those deadlines are binding regardless of when a CRQC actually exists. ANSSI’s announcement is the latest and one of the most consequential additions to that growing list.

What This Means in Practice

For security product vendors selling into the French government market, the clock started yesterday. ANSSI qualification processes typically take 12 to 18 months. Products entering the pipeline now, in mid-2026, are on a tight schedule to achieve qualification before the 2027 cutoff. Products that have not begun the process are already behind.

For CISOs and procurement teams at French government agencies and critical infrastructure operators, the immediate action item is to verify that upcoming procurement cycles specify PQC-capable products. Any security product acquisition with a delivery date in 2027 or later should include PQC requirements in the solicitation language. ANSSI will not certify products without it, and deploying uncertified security products in environments that require ANSSI qualification is not an option.

For multinational organizations operating across jurisdictions, this announcement reinforces the convergence I mapped in my Global PQC Migration Timeline. The U.S., France, Germany, Australia, the UK, Canada, and the EU are all setting PQC deadlines between 2027 and 2035. The spread of dates matters less than the direction: every major jurisdiction is moving toward mandatory PQC, and the earliest binding deadlines are less than six months away. The PQC Migration Framework at pqcframework.com provides the structured methodology for organizations that need to begin.