France to stop certifying products without quantum-safe encryption

By Leo Marchandon PARIS, June 16 (Reuters) - France's cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems. Samih Souissi, ANSSI's

AI & New Tech

SEE ALL

Trendline

JetZero Begins Construction on Greensboro Assembly Site for Blended Wing Aircraft

Trendline

Commodore Launches Flip Phone Blocking Social Media to Promote Digital Minimalism

Trendline

Threads Reaches 500M Users, Introduces New Personalization Features

What is the story about?

By Leo Marchandon

PARIS, June 16 (Reuters) - France's cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems.

Samih Souissi, ANSSI's chief of staff, said at the France Quantum conference that the agency would halt such certifications from 2027, and that businesses should be buying only quantum-safe products by 2030.

ANSSI approval is

required for use in French government agencies and critical infrastructure, making the policy a de facto phase-out of older encryption.

"It's not only a technical issue," Souissi said. "It's a matter of governance, industrial planning, regulation, and sovereignty."

The move reflects concern that attackers may store encrypted data now and unlock it later when quantum computers become strong enough to crack today's protections, a risk known as "harvest now, decrypt later."

"VERY SUBSTANTIAL" MARKET

The shift is already pushing companies to adapt.

Pascal Brier, chief innovation officer at Capgemini, said demand was growing as banks and public services assess what must change. "That market is becoming big. It's going to be very substantial," he told Reuters.

France is backing quantum technology with a 3 billion euro ($3.5 billion) plan, while the European Union trails China in patent share despite hosting many quantum companies.

IBM executive Jerry Chow said at the event that the threat could emerge by the mid-2030s, while Qperfect warned that Elliptic Curve Digital Signature Algorithm, or ECDSA, a standard used in blockchain, could be among the first systems broken.

Fanny Bouton, head of quantum at OVHcloud, told Reuters the industry faces a dual compliance burden. "We face two challenges: auditing our products and securing all the data we hold in order to meet ANSSI's requirements," she said.

"As a French and European player, we face even more constraints, as we will need to align with all these standards," she said, referring to ANSSI, the EU Commission and U.S. NIST requirements.

(Reporting by Leo Marchandon; Editing by Matt Scuffham)