France to stop certifying products without quantum-safe encryption

By Reuters News

By Leo Marchandon

PARIS, June 16 (Reuters) - France's cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems.

Samih Souissi, ANSSI's chief of staff, said at the France Quantum conference that the agency would halt such certifications from 2027, and that businesses should be buying only quantum-safe products by 2030.

ANSSI approval is required for use in French government agencies and critical infrastructure, making the policy a de facto phase-out of older encryption.

"It's not only a technical issue," Souissi said. "It's a matter of governance, industrial planning, regulation, and sovereignty."

The move reflects concern that attackers may store encrypted data now and unlock it later when quantum computers become strong enough to crack today's protections, a risk known as "harvest now, decrypt later."


"VERY SUBSTANTIAL" MARKET

The shift is already pushing companies to adapt.

Pascal Brier, chief innovation officer at Capgemini, said demand was growing as banks and public services assess what must change. "That market is becoming big. It's going to be very substantial," he told Reuters.

France is backing quantum technology with a 3 billion euro ($3.5 billion) plan, while the European Union trails China in patent share despite hosting many quantum companies.

IBM executive Jerry Chow said at the event that the threat could emerge by the mid-2030s, while Qperfect warned that Elliptic Curve Digital Signature Algorithm, or ECDSA, a standard used in blockchain, could be among the first systems broken.

Fanny Bouton, head of quantum at OVHcloud OVH.PA, told Reuters the industry faces a dual compliance burden. "We face two challenges: auditing our products and securing all the data we hold in order to meet ANSSI's requirements," she said.

"As a French and European player, we face even more constraints, as we will need to align with all these standards," she said, referring to ANSSI, the EU Commission and U.S. NIST requirements.

Capital.com is an execution-only brokerage platform and the content provided on the Capital.com website is intended for informational purposes only and should not be regarded as an offer to sell or a solicitation of an offer to buy the products or securities to which it applies. No representation or warranty is given as to the accuracy or completeness of the information provided.
The information provided does not constitute investment advice nor take into account the individual financial circumstances or objectives of any investor. Any information that may be provided relating to past performance is not a reliable indicator of future results or performance.
To the extent permitted by law, in no event shall Capital.com (or any affiliate or employee) have any liability for any loss arising from the use of the information provided. Any person acting on the information does so entirely at their own risk.
 

Cryptocurrency-related content is intended solely as news and market commentary. Crypto Derivatives are not available to Retail clients registered with Capital Com (UK) Ltd.