France to Stop Certifying Non-Quantum-Safe Encryption

Schneier on Security

Overview

France is pushing for a major shift in its cybersecurity approach by announcing that it will stop certifying encryption products that are not resistant to quantum computing. This decision, communicated by the French cybersecurity agency ANSSI, will take effect in 2027, with a push for businesses to adopt quantum-safe encryption by 2030. The move will primarily impact government agencies and critical infrastructure operators, as ANSSI approval is mandatory for their encryption systems. The urgency behind this transition stems from the potential threats posed by quantum computers, which could break traditional encryption methods. By enforcing this policy, France aims to enhance the security of its digital communications and protect sensitive information from future quantum attacks.

Key Takeaways

  • Affected Systems: Non-quantum-safe encryption products, government encryption systems, critical infrastructure security systems
  • Action Required: Transition to quantum-safe encryption products by 2030, ensure compliance with ANSSI's certification requirements.
  • Timeline: Disclosed on October 2023

Original Article Summary

France is accelerating its transition to post-quantum encryption: France’s cybersecurity agency ANSSI said on Tuesday it would stop certifying security products that lack quantum-resistant encryption, a move that will force government bodies and critical operators to shift away from older systems. Samih Souissi, ANSSI’s chief of staff, said at the France Quantum conference that the agency would halt such certifications from 2027, and that businesses should be buying only quantum-safe products by 2030. ANSSI approval is required for use in French government agencies and critical infrastructure, making the policy a de facto phase-out of older encryption...

Impact

Non-quantum-safe encryption products, government encryption systems, critical infrastructure security systems

Exploitation Status

No active exploitation has been reported at this time. However, organizations should still apply patches promptly as proof-of-concept code may exist.

Timeline

Disclosed on October 2023

Remediation

Transition to quantum-safe encryption products by 2030, ensure compliance with ANSSI's certification requirements

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Critical.

Related Coverage

Armored Likho APT Targeting Government, Electric Power Entities

SecurityWeek

A new cyber espionage group known as Armored Likho is reportedly targeting government and electric power sectors. This advanced persistent threat (APT) uses modular remote access tools (RATs) and information stealers to conduct its operations, which appear to be financially motivated as well as aimed at gathering intelligence. The implications of these attacks are significant, as they could compromise sensitive government data and disrupt critical infrastructure, potentially leading to broader security risks. Organizations in these sectors should remain vigilant and improve their cyber defenses to protect against such targeted campaigns.

Jul 6, 2026

Palo Alto Networks and Koi Security sued over alleged AI hallucinations in security report

SCM feed for Latest

MeetingTV, a videoconferencing service, has taken legal action against Koi Security over a blog post that claimed its domain and Zoomcorder service were associated with a cyber threat linked to China. The lawsuit argues that this accusation is unfounded and damaging to MeetingTV's reputation. The post suggested that the services could be fronts for a malicious actor, raising concerns about the implications of such allegations in the cybersecurity space. This incident highlights the potential consequences of misinformation in the tech industry, especially regarding national security. Companies in the cybersecurity field need to ensure the accuracy of their claims to prevent reputational harm to others.

Jul 6, 2026

Indirect Prompt Injection in Web Content Targets AI Agents

Infosecurity Magazine

Researchers at Zscaler discovered that some websites are embedding hidden text designed to manipulate AI agents into making cryptocurrency payments. This technique, known as prompt injection, tricks AI systems into executing unintended commands. The findings raise concerns about the security of AI systems, particularly as they become more integrated into financial transactions. If AI agents are misled into processing unauthorized payments, it could lead to significant financial losses for users and companies. This incident highlights the need for better safeguards against manipulation of AI technologies.

Jul 6, 2026

US government agency pays $1 million to data extortion group Kairos

SCM feed for Latest

A U.S. government agency has reportedly paid $1 million to the data extortion group Kairos after the attackers gained unauthorized access to its network. The breach was facilitated through a brute-force credential attack, where hackers systematically guess passwords to gain entry. This incident raises significant concerns about the security measures in place at government entities and the growing threat posed by ransomware groups. The payment underscores the financial impact of such attacks and highlights the need for stronger cybersecurity protocols to protect sensitive government data. As ransomware attacks become more common, agencies must prioritize their defenses to prevent similar incidents in the future.

Jul 6, 2026

Opera GX Flaw Let Sites Auto-Install Mods to Steal Data

Infosecurity Magazine

A recently discovered flaw in the Opera GX gaming browser allowed malicious websites to automatically install modifications (mods) that could steal data from other pages users visited. This vulnerability raised concerns about user privacy and security, as it could enable attackers to access sensitive information without the users' consent. The issue has now been patched, but it serves as a reminder of the potential risks associated with browser extensions and modifications. Users of Opera GX should ensure they have updated their browser to the latest version to mitigate any risks. This incident highlights the ongoing challenges in maintaining security in web browsing environments.

Jul 6, 2026

North Korean Hackers Target Open Source Developers in Supply Chain Attacks

SecurityWeek

North Korean hackers are behind a campaign known as PolinRider, which has compromised over 100 legitimate open source packages and repositories. The attackers are using these compromised resources to deliver a backdoor and an information-stealing malware to unsuspecting developers. This incident is particularly concerning as it targets the open source community, which often relies on shared code and collaboration. Developers who unknowingly use these tainted packages may expose their systems and sensitive information to further exploitation. The implications are significant, as it raises questions about the security of open source software and the risks developers face when integrating third-party code into their projects.

Jul 6, 2026