On April 9, the French National Information Systems Security Agency (ANSSI) announced France’s national cybersecurity roadmap for 2026-2027. The roadmap includes a chapter dedicated to the post-quantum cryptography transition with specific deadlines for all agencies.
According to the document, information systems that process sensitive data must operate with post-quantum cryptography. By the end of 2030After that year, only encryption products that incorporate this protection can be deployed.
The roadmap establishes three stages by the final deadline.
- By the end of 2026each agency should develop an inventory of durable sensitive data and identify which data requires priority post-quantum protection.
- By the end of 2027the affected technology components, such as encryption and digital signature systems, must be identified.
- and by the end of 2030the implementation of post-quantum cryptography must be completed in all systems that process sensitive information.
Why is France acting now?
The ANSSI document gives two reasons for acting before quantum hardware exists. The first one is The time required for a migration of that size. Updating cryptography across the nation’s infrastructure is a process that “must be anticipated and started now,” the document said.
The second is risk, known as. “Harvest now, decrypt later” (Save now, decrypt later): The practice of malicious attackers capturing encrypted data today with the intention of decrypting it when they have sufficient quantum hardware. The risk exists regardless of when Q-Day arrives.
As reported by CriptoNoticias, the roadmap would see France join institutions such as Google, which has announced it will migrate its infrastructure by 2029, and the US National Institute of Standards and Technology (NIST), which has set post-quantization migration deadlines of 2030 and 2035.
(Tag Translation) Bitcoin (BTC)
