France Ditches Non-Quantum-Secure Vendors from 2027

France has set a hard deadline for quantum-resistant encryption, requiring security products to be certified by its national cybersecurity agency ANSSI from 2027 onwards. This means that vendors supplying government bodies, defense agencies, banks, and critical infrastructure operators in France must support post-quantum cryptography to gain certification.

The move is significant, as it aligns with the US National Security Agency's CNSA 2.0 program, which also requires quantum-resistant algorithms for national security acquisitions from January 1, 2027.

Crypto networks such as Bitcoin, Ethereum, Solana, Algorand, and Aptos are already engaged in post-quantum security planning, with varying levels of readiness. However, proof-of-stake blockchains like Ethereum and Solana face unique challenges due to their reliance on validator signatures that require coordinated changes.

France's Chief of Staff Samih Souissi has urged businesses to buy only quantum-safe products by 2030, framing the transition as a governance and sovereignty issue rather than just a technical challenge. The ANSSI certification change directly targets products deployed in France's most sensitive operational environments, creating a clear cut-off for product roadmaps, budget cycles, and compliance audits.