France's ANSSI Will Stop Certifying Non-Quantum-Safe Products in 2027. Here's What That Means.

On 16 June 2026, at the France Quantum conference in Paris, ANSSI's chief of staff Samih Souissi said the agency will stop certifying security products that lack post-quantum cryptography from 2027, and that businesses should be buying only quantum-safe products by 2030.

For vendors and buyers in the French market, this turns a recommendation into a condition of access. Here is what changed, and what to do about it.

Why this is a procurement gate, not a guideline

ANSSI certification, called qualification in French regulatory terms, is required for security products used by government agencies and operators of vital importance. No qualification, no access to one of Europe's largest public-sector technology markets.

By tying that qualification to post-quantum cryptography, ANSSI makes quantum resistance a pass-or-fail eligibility criterion. Souissi was explicit about the stakes: "It's not only a technical issue. It's a matter of governance, industrial planning, regulation, and sovereignty."

The driver is harvest now, decrypt later: attackers store encrypted data today to break it once a quantum computer can. Long-lived sensitive data is exposed first, which is why agencies argue migration has to start before the machine exists.

The timeline is tighter than it looks

2027: new qualifications require a post-quantum component 2030: public buyers should procure only quantum-safe products

Two dates, but the real runway is shorter than either suggests.

ANSSI qualification typically takes 12 to 18 months. A product entering the pipeline in mid-2026 is already on a tight schedule to clear the 2027 cutoff. Existing certifications stay valid until they expire, but renewal now depends on post-quantum conformance. And the 2030 procurement horizon means any contract signed before then should favor quantum-safe products, or risk paying for systems that fall out of the qualified perimeter before their service life ends.

This is not a future policy. The first post-quantum Common Criteria certificates in France were issued to Thales and Samsung in late 2025. The pipeline is open and moving.

What ANSSI actually requires: hybrid, not replacement

A common misreading is that products must swap classical algorithms for post-quantum ones. That is not the requirement.

ANSSI requires hybrid mechanisms: a proven classical algorithm and a post-quantum algorithm composed together, for key establishment and for signatures. The logic is sound. Post-quantum schemes are newer and less battle-tested, so the classical layer stays as the audit trail of decades of cryptanalysis while the post-quantum layer guards against future quantum capability. A product shipping ML-DSA alone, with no classical signature retained, does not meet the bar.

For vendors, this means revisiting product architecture, cryptographic libraries, and key management, rather than flipping a switch.

France is aggressive, but not alone

This is arguably Europe's hardest line on post-quantum adoption to date. It does not stand by itself.

The US NSA's CNSA 2.0 makes post-quantum support a procurement requirement for new national security systems from 1 January 2027, the same year. Two of the world's most demanding certification regimes have landed on the same cutoff, through different mechanisms, with the same effect: vendors who can't show post-quantum capability by 2027 start losing government access on both sides of the Atlantic. France is aligning with NIST's standards (ML-KEM, ML-DSA, SLH-DSA) rather than inventing its own, which keeps multinational vendors on a single track.

The market is already responding. Capgemini's chief innovation officer told Reuters the demand from banks and public services is "becoming big… very substantial." OVHcloud's head of quantum described the dual burden plainly: auditing products and securing held data, while aligning with ANSSI, the EU, and NIST at once.

The first step is the one most organizations skip

ANSSI places cryptographic inventory and crypto-agility at the front of the transition, and makes them a governance responsibility rather than an engineering afterthought.

The reason is practical. Cryptography is not in one place. It is spread across libraries, firmware, identity systems, PKI, TLS, VPNs, signing workflows, and long-lived equipment in the field. You cannot migrate, prioritize, or prove compliance for what you cannot see. The hardest part of meeting the 2027 and 2030 deadlines is rarely choosing an algorithm. It is knowing where cryptography lives and being able to change it without rebuilding everything around it.

Two moves follow from that:

• Inventory your cryptographic assets and measure exposure, especially for long-life equipment whose cryptography must hold past 2030.
• Build crypto-agility so an algorithm can be swapped without re-architecting the product or the estate. ANSSI names this as the factor that decides how hard compliance will be.

Where Evertrust fits

This is the work Evertrust CLM is built for and bonus point : the platform already holds ANSSI CSPN certification.

Evertrust CLM discovers certificates across an estate, including ones no network scan reaches, which is the visibility ANSSI asks organizations to establish first. It already issues the algorithms at the center of this shift, having added ML-DSA and SLH-DSA support in 2025, and it issues hybrid certificates that carry a classical and a post-quantum signature together, the exact composition ANSSI requires. Its grading engine scores every certificate against policy built on ANSSI, NIST, and CA/Browser Forum rules, and flags what falls short. Its automation renews and reinstalls certificates without the manual, service-interrupting work that makes a deep cryptographic change painful.

As a French and European platform, with EU data residency and ANSSI CSPN certification, Evertrust CLM also keeps the cryptographic estate under European control as the transition runs, which is part of the point ANSSI is making.

The takeaway

ANSSI has converted a multi-year plan into a market signal vendors can no longer treat as advice. Qualification now depends on hybrid post-quantum cryptography, the runway to 2027 is already short given how long certification takes, and 2030 sets the procurement line for buyers.

Whether your organization meets this as a controlled upgrade or a scramble is mostly decided now, by whether your cryptographic estate is inventoried, agile, and automated. That work starts before the deadline, and before the first quantum computer that makes any of it urgent in the first place.