France’s cybersecurity agency, ANSSI, will stop certifying security products that lack quantum-resistant encryption from 2027, with businesses advised to buy only quantum-safe products by 2030. The decision, reported by Reuters, effectively phases out older cryptographic systems for government agencies and critical infrastructure operators that rely on ANSSI certification. ANSSI Chief of Staff Samih Souissi framed it as “a matter of governance, industrial planning, regulation, and sovereignty” at the annual France Quantum conference.
The timeline mirrors the US National Security Agency’s CNSA 2.0 requirement—new national security systems must use quantum-resistant algorithms from January 2027, with legacy systems phased out by 2030. For blockchain networks, the move intensifies focus on Q-Day, the point at which quantum computers can break current encryption. Security experts warn of “harvest now, decrypt later” attacks, where encrypted data is collected today for future decryption. Google has set a 2029 deadline for its own post-quantum transition, while quantum security firm Project Eleven estimates a cryptographically relevant quantum computer could appear as early as 2030—placing roughly 7 million Bitcoin at risk.
The crypto industry is already responding. The Ethereum Foundation formed a dedicated post-quantum security team, Coinbase’s quantum advisory council urged migration planning, and the Stellar Development Foundation revealed a three-stage roadmap for the XLM network. Coinbase analysts noted that Algorand and Aptos may have a head start, while proof-of-stake networks like Ethereum and Solana face extra work due to validator signature dependencies. France’s mandate turns the long-standing quantum threat into a concrete procurement deadline, pressing vendors and blockchain projects alike to demonstrate upgrade paths.
