France just became the first major country to set a national deadline that puts post-quantum cryptography on a hard procurement timetable. From 2027, security products without quantum-resistant encryption cannot be certified for use in French government agencies or critical infrastructure. From 2030, businesses are expected to buy only quantum-safe products. The migration clock that AcadeResearch warned about in April has now started to ring at a national-policy level.

On June 16, 2026, at the France Quantum conference, Samih Souissi, chief of staff at France’s national cybersecurity agency ANSSI, announced that the agency would stop certifying security products that lack quantum-resistant encryption starting in 2027. Souissi added that businesses should be purchasing only quantum-safe products by 2030. The announcement was reported by Reuters and confirmed in the same day’s policy guidance from PostQuantum.com, SafeLogic, and Value the Markets (Reuters via WHTC, 2026; PostQuantum.com, 2026; SafeLogic, 2026).

The change is operationally significant for one specific reason. ANSSI approval, known as a “Visa de sécurité” in French regulatory terminology, is a prerequisite for any cryptographic product used by French government agencies or critical infrastructure operators in sectors including energy, telecommunications, finance, and transportation. Losing certification eligibility in France amounts to losing access to one of Europe’s largest government technology procurement markets, and a strong market signal that flows through to EU-wide procurement decisions.

For readers following the long-running quantum threat story, this is the moment the migration timeline acquired teeth. AcadeResearch’s April 2026 analysis of Q-Day, the day a cryptographically relevant quantum computer breaks RSA and ECC encryption, examined when the threat would arrive and what organizations needed to do. The ANSSI announcement turns “must do now” from a recommendation into, for products sold in France, a regulatory requirement.

Five Numbers That Frame the Mandate

Before examining what the announcement actually requires, the infographic below collects the most consequential dates and dollar figures from the announcement and the broader global PQC transition.

What ANSSI Actually Announced

The mandate has two distinct deadlines and applies to a defined regulatory perimeter.

The first deadline is 2027. From that year, ANSSI’s certification program will no longer issue security visas to products that do not include quantum-resistant cryptographic mechanisms. ANSSI’s own guidance, published on its government website, confirms that the agency “is aiming to put in place PQC obligations for qualification starting in 2027” (ANSSI / cyber.gouv.fr, 2026). For vendors selling to French government agencies, defense contractors, banking institutions, telecommunications operators, and other regulated critical-infrastructure customers, this means PQC support becomes a baseline requirement, not a competitive differentiator, within roughly 12 months.

The second deadline is 2030. By that year, ANSSI expects French organizations to be procuring only quantum-safe products. This is consistent with ANSSI’s published three-phase roadmap, which had previously targeted full standalone PQC adoption “probably not earlier than 2030” (ANSSI Position Paper, 2024). The June 16 announcement formalizes that previously soft target into a hard procurement deadline.

The regulatory perimeter is specific. ANSSI’s existing remit covers classified defense data, the Diffusion Restreinte protective marking, the Systèmes d’Information Vitale (SAIV) framework for vital information systems, and the formal certification of cryptographic products via the Visa de sécurité. The mandate applies inside this perimeter. ANSSI explicitly noted in its accompanying guidance that “beyond the mentioned perimeter, no dedicated regulation is currently planned” (ANSSI, 2026). In practical terms, however, French commercial customers tend to align procurement standards with ANSSI requirements for risk-management reasons, which extends the de facto reach of the mandate beyond the strictly regulated population.

One additional detail matters. ANSSI’s preference, repeated across its 2023, 2024, and 2026 guidance, is for hybrid post-quantum cryptography during the transition period: a combination of a traditional pre-quantum algorithm (RSA or ECC) with a NIST-standardized post-quantum algorithm such as ML-KEM (FIPS 203), ML-DSA (FIPS 204), or SLH-DSA (FIPS 205). The hybrid approach preserves classical security assurance during the period in which the cryptographic community is still gaining confidence in the new algorithms, while providing immediate protection against the harvest-now, decrypt-later threat (ANSSI Position Paper, 2024).

How France Compares to the Global PQC Timeline

France’s 2027 certification cutoff is not the earliest deadline in the global PQC transition, but it is the first national-policy hard regulatory gate of its kind. The chart above shows the broader landscape.

The most important reference points are NIST and the NSA. NIST finalized the first three post-quantum cryptography standards in August 2024: FIPS 203 (ML-KEM for key encapsulation), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA as a hash-based signature backup), with FIPS 206 (FN-DSA, based on Falcon) in draft (NIST, 2024). The NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), announced in 2022 and operational in 2025, requires that all new National Security System acquisitions support CNSA 2.0 algorithms starting January 1, 2027, with full migration of National Security Systems required by 2035 in line with National Security Memorandum 10 (NSM-10) (Codegic / NSA CNSA 2.0 summary, 2026).

The European Commission published its coordinated PQC implementation roadmap in June 2025, which sets three EU-wide milestones: by the end of 2026, member states publish national PQC transition plans and pilot projects; by the end of 2030, critical infrastructure operators complete transition for high-risk use cases; by the end of 2035, full migration is completed for medium-risk use cases (EU Cloud Patterns, 2026). France’s announcement places ANSSI ahead of the EU baseline by approximately three to five years for the products it certifies.

The UK National Cyber Security Centre (NCSC) has published a three-phase roadmap targeting discovery by 2028, high-priority migration by 2031, and full migration by 2035. Germany’s BSI has been similarly active, with PQC migration roadmaps first published in 2022 and updated in 2024 to align with the finalized NIST standards. The G7 Cybersecurity Working Group published a coordinated declaration in May 2026 endorsing PQC migration as a shared priority.

For US federal agencies, the timeline is increasingly concrete. A draft executive order reviewed by Nextgov in May 2026 would require all federal agencies to transition digital signatures for high-impact systems and high-value assets to a PQC standard by December 31, 2031, and to use post-quantum cryptography for key establishment by December 31, 2030 (Nextgov, 2026). Covered contractors face a 2030 compliance deadline for the same PQC standards. The Government Accountability Office estimates the cost of migrating US federal civilian information systems to PQC between 2025 and 2035 at approximately $7.1 billion (Quantum Insider, 2026).

The cumulative implication is straightforward. Every major Western economy has now committed to a PQC migration deadline somewhere between 2027 and 2035. France’s announcement is the most aggressive front-end deadline applied to a national certification regime, but it is structurally consistent with the broader policy framework.

Why a Certification Mandate Matters More Than a Recommendation

For nearly four years, the post-quantum cryptography conversation has been carried primarily by recommendations: NIST recommending early adoption, NSA encouraging migration planning, BSI publishing implementation roadmaps, ANSSI itself issuing position papers since 2021. Vendors with sophisticated cryptographic engineering teams have started PQC integration. Many have not. The reason is straightforward: recommendations do not change procurement until procurement officers can no longer buy non-compliant products.

ANSSI’s 2027 certification cutoff changes the procurement math. Vendors selling cryptographic products into the French government or critical infrastructure market cannot retain certification eligibility without integrating one or more of the NIST-standardized PQC algorithms by 2027. Vendors that have not started the integration work now have approximately 12 to 18 months to complete it before existing certifications expire. The product engineering, side-channel analysis, hybrid integration, and ITSEF (Information Technology Security Evaluation Facility) testing required for a French security visa cannot be compressed to less than that.

The cascading effect on global product roadmaps is the more consequential dimension. Cryptographic libraries, network protocols, hardware security modules, VPN appliances, code-signing infrastructure, and database encryption modules are typically engineered to support multiple national certification regimes simultaneously. When ANSSI sets a 2027 cutoff, the same engineering decisions affect products sold into Germany, the rest of the EU, the UK, Canada, Australia, and the United States. Vendors who calibrate their roadmaps to the ANSSI deadline are by extension positioning their products for the broader Western PQC transition.

That is the second-order economic effect. The first-order effect is more direct. Suppliers that do not move now will lose access to the French government technology market between 2027 and 2030, and will face increasing procurement headwinds across the EU and the broader G7 thereafter.

What This Means for the Q-Day Timeline

In April 2026, AcadeResearch examined Q-Day, the point at which a cryptographically relevant quantum computer is capable of breaking RSA-2048 and elliptic curve cryptography. The analysis covered the Google research suggesting the qubit threshold for breaking RSA-2048 had been lowered by approximately twenty-fold relative to 2019 estimates, Google’s internal 2029 deadline for its own PQC migration, and the harvest-now, decrypt-later (HNDL) threat that allows adversaries to capture encrypted traffic today and decrypt it once quantum capability arrives.

The ANSSI mandate, viewed against that backdrop, is most usefully understood as a hedge against the HNDL window. ANSSI’s published guidance makes the connection explicit. The agency cites “the harvest now, decrypt later approach” as a primary motivation for the accelerated timeline and notes that “for security products aimed at offering a long-lasting protection of information (until after 2030) or that will potentially be used after 2030 without updates,” PQC support should be a baseline requirement (ANSSI Position Paper, 2024).

The economic reasoning is direct. A government communication encrypted today with RSA-2048 needs to remain confidential not for the few seconds it is transmitted, but for the decades during which the underlying secret remains sensitive. If a cryptographically relevant quantum computer arrives in 2029, 2032, or 2035, every encrypted communication captured between today and that arrival is at risk of retrospective decryption. ANSSI’s mandate effectively brings forward the date by which French government and critical infrastructure communications begin to use cryptography that is resistant to that retrospective threat.

What Organizations Should Do Now

For organizations whose products will be sold into the French market, the ANSSI 2027 deadline requires immediate action. SafeLogic’s June 17 analysis identified four operational priorities (SafeLogic, 2026). First, build a cryptographic inventory: identify every place RSA, ECDSA, ECDH, and other quantum-vulnerable algorithms are used inside the organization’s products. Second, prioritize crypto-agility: the ability to swap cryptographic algorithms in production without rebuilding the surrounding system. Third, engage the certification pathway early: ANSSI evaluations and ITSEF assessments take months to complete, and the queue is likely to grow rapidly through 2026. Fourth, plan for hybrid deployment: ANSSI explicitly recommends hybrid PQC during the transition, which means engineering work on both the classical and the post-quantum side of the cryptographic stack.

For organizations whose products will be sold into the broader EU, UK, and US markets, the timeline is similar even if the regulatory mechanism differs. The EU PQC roadmap, the NSA CNSA 2.0 framework, the UK NCSC three-phase roadmap, and the US draft executive order all converge on a 2030 procurement transition for most regulated categories, with 2035 as the outer boundary for full migration. Vendors building to the ANSSI deadline are simultaneously building to those broader requirements.

For end-user organizations, the practical first step is procurement language. Any cryptographic-product contract signed in 2026 or later should include a PQC transition clause requiring the vendor to articulate, on a defined timeline, how the product will support FIPS 203, FIPS 204, and FIPS 205. Vendors that cannot provide that articulation are positioning their customers for a forced migration on the seller’s timeline rather than the buyer’s.

The Bottom Line

References