en.Wedoany.com Reported - Samih Souissi, Director of the Office of the French National Cybersecurity Agency (ANSSI), recently clarified two mandatory deadlines: from 2027, certification will cease for products without post-quantum cryptography (PQC) components; from 2030, government and corporate procurement will only accept quantum-resistant solutions. The agency's certification is mandatory for all French government entities and operators of critical infrastructure, including defense and armaments.

These two milestones mark the regulatory phase-out of classical algorithms such as RSA and ECC. Samih Souissi noted that this is not only a technical issue but also involves governance, industrial planning, regulation, and sovereignty. ANSSI issued its first PQC recommendations as early as 2022. A March 2025 study of 38 organizations revealed that none had established a transition plan, with risk analysis efforts "not initiated, not planned, and not budgeted." Over half of the organizations were vulnerable to "harvest now, decrypt later" threats, such as using VPNs to transmit sensitive data requiring confidentiality for over a decade. IBM executive Jerry Chow stated at a French quantum conference that this threat is expected to materialize by the mid-2030s. Startup Qperfect warned that the ECDSA algorithm, widely used in blockchain and cryptocurrencies, could be the first to be broken.

France has launched a €3 billion quantum technology initiative. The U.S. National Institute of Standards and Technology (NIST) finalized the first PQC standards in August 2024; the European Commission released a roadmap for coordinated member state transition in June 2025.

In response to ANSSI's ultimatum, industry has begun to act. In October 2025, Thales and Samsung obtained France's first Common Criteria (CC) PQC certifications after evaluation by the French Alternative Energies and Atomic Energy Commission-Leti Institute (CEA-Leti). Thales' MultiApp 5.2 Premium PQC smart card is used to secure identity documents, driver's licenses, health insurance cards, etc.; Samsung's S3SSE2A microcontroller integrates the ML-DSA signature scheme and won a cybersecurity category award at CES 2026. Laboratories including Amossys, Quarkslab, Synacktiv, and Serma Safety & Security are undergoing ANSSI certification. Capgemini Innovation Director Pascal Brier stated that banks and public services are already assessing necessary changes, noting that "this market is growing, and it will become very important." OVHcloud Quantum Director Fanny Bouton mentioned that European and American regulations are increasing simultaneously, requiring companies to address the dual challenge of auditing products and protecting data. For products containing only classical RSA and ECDSA, suppliers must add PQC components within two years or lose access to the public market. Manufacturers of hardware security modules (HSMs), enterprise VPNs, next-generation firewalls, and key management infrastructure face the highest short-term risk.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com