France has stopped certifying any product that doesn't include quantum-safe encryption, a move that cybersecurity analysts say will speed up the global shift to post-quantum standards. The mandate, effective immediately, applies to all new and renewed certifications for hardware, software, and cloud services sold or used in the country.
Why France moved now
Quantum computers powerful enough to break today's encryption aren't here yet — but they're getting closer. French regulators decided they can't wait. The certification halt forces manufacturers, from smartphone makers to banking software vendors, to build quantum-resistant algorithms into their products before they can earn a government stamp of approval. That stamp matters: without it, many products can't be sold to French government agencies or regulated industries like energy and finance.
The decision is a direct bet that the threat is real and the transition needs to start immediately. It's not a recommendation — it's a red line.
Cybersecurity strategies get a hard deadline
For years, companies have treated quantum-safe encryption as a forward-looking research topic. France's mandate changes that. Chief information security officers now have to figure out how to retrofit existing systems and ensure new ones meet the standard. The impact goes beyond France. International suppliers that want access to the French market — a major European economy — will have to redesign products, and those redesigns will likely roll out globally because it's cheaper to produce one version.
The move also pressures other governments. If France's approach works, expect regulators in Germany, Japan, and the U.S. to follow suit with their own deadlines. The European Union's cybersecurity agency has already flagged quantum-safe encryption as a priority, but no other member state has gone this far this fast.
A boost for quantum-safe tech sectors
The mandate is a clear tailwind for companies that already offer quantum-safe encryption solutions. Startups and established firms specializing in post-quantum cryptography, lattice-based algorithms, and hardware security modules are likely to see a surge in demand. The certification pause creates a bottleneck: products without quantum-safe protections can't get approved, so buyers have to switch — or wait. Most won't wait.
Investment in the sector was already growing. France's move could accelerate that trend, pulling venture capital and government R&D money into quantum-resistant infrastructure. The exact size of the market isn't known, but the scope is broad — everything from web encryption and VPNs to medical device firmware and car-to-car communications falls under the certification umbrella.
What happens next
Manufacturers now face a tight window. The French certifying body, ANSSI, hasn't announced a grace period. Companies that already have products in the pipeline for certification will have to revise them. New applications will be rejected until the quantum-safe components are added.
The first real test will come within six months, when the earliest batch of redesigned products should hit the certification desk. If ANSSI approves them, the template will be clear. If it sends them back, the industry will have to rethink its approach. Either way, the clock is ticking.
