France's cybersecurity agency ANSSI announced it will stop issuing certifications to products without quantum-resistant encryption starting in 2027. By 2030, all businesses must shift to quantum-safe solutions entirely. The decision affects every vendor seeking to sell to the French public sector.
Why the ANSSI decision carries more weight than a guideline?
ANSSI is France's national authority for information systems security certification. Without its approval, vendors cannot sell products to French government agencies or critical infrastructure operators. That effectively blocks older cryptographic systems from a large procurement market.
ANSSI Chief of Staff Samih Souissi made the announcement at the France Quantum 2026 Summit. "It's not only a technical issue," he said. "It's a matter of governance, industrial planning, regulation, and sovereignty." The statement was made publicly, with Reuters in the room, turning guidance into a formal commitment.
A striking parallel: the US National Security Agency set the same deadline independently. All new national security system acquisitions must support CNSA 2.0 algorithms by January 1, 2027. Marin Ivezic of Applied Quantum described it this way: the two most demanding cryptographic certification authorities in the world converged on the same year as their pass-fail date.
What is Q-Day and why the urgency now?
Q-Day is the anticipated moment when a quantum computer becomes powerful enough to break modern RSA and ECDSA encryption. No such machine exists yet, but timelines are shrinking. In March, Google announced it is migrating its own systems to post-quantum cryptography by 2029. In May, security firm Project Eleven estimated that a cryptographically capable quantum computer could arrive as early as 2030.
Security researchers also warn about "harvest now, decrypt later" attacks. Adversaries collect encrypted data today, expecting to decrypt it once quantum computing matures. That's why the transition needs to begin well ahead of Q-Day itself. Governments clearly see it that way.
The technical foundation is already in place. In 2024, the US National Institute of Standards and Technology finalized three post-quantum algorithms: ML-KEM, ML-DSA, and SLH-DSA. These form the basis of CNSA 2.0 and serve as the reference point for France's requirements.
How much Bitcoin is actually at risk?
Analytics platform Glassnode estimated in May that roughly 1.92 million Bitcoin are "structurally unsafe" in a quantum-attack scenario. Project Eleven puts the number higher: up to 7 million BTC could be at risk if a capable quantum computer arrives by 2030. Both figures need to be read alongside the type of address holding those coins.
- Early-era P2PK addresses: the public key is written directly into the blockchain and can be targeted without any prior transaction requirement.
- P2PKH addresses (pre-SegWit standard): the key is hidden until coins are first moved. Risk exists only if the address has already sent a transaction.
- Modern SegWit P2WPKH addresses: the public key stays hidden until funds are spent. The lowest exposure among common address formats.
Most coins in modern wallets sit in P2WPKH addresses. The real concentration of risk is in old dormant addresses where the public key is already visible on-chain.
What is the crypto market already doing?
The Ethereum Foundation formed a dedicated post-quantum security team this year, making it an explicit network priority. Coinbase's quantum advisory council urged blockchain builders to start planning migrations now. Ethereum and Solana draw particular attention because their proof-of-stake networks rely on validator signatures that could be vulnerable to quantum attacks.
Algorand has already deployed quantum-resistant cryptography and outlines a phased roadmap to full quantum readiness. The Stellar Development Foundation announced a three-stage plan to migrate the XLM network to post-quantum standards.
France's move puts real pressure on the broader market. Once a major procurement market starts requiring PQC from 2027, manufacturers and protocol developers will no longer have the option to delay.
Comments
Your email address will not be published. Required fields are marked *