France Says Goodbye to Old Encryption: What Irish Businesses Need to Know About Quantum Safety

France’s cybersecurity agency ANSSI has announced it will stop certifying security products that do not use quantum-resistant encryption. The change takes effect in 2027, and the agency wants all businesses to be buying only quantum-safe products by 2030.

For an Irish business owner, this might sound like something that only matters to big companies or tech firms. But encryption is the foundation of almost every digital transaction your business makes, from processing card payments to sending emails to storing customer data. A shift to quantum-safe encryption will eventually affect every business that uses digital tools.

Why Encryption Is Changing

Current encryption methods work by making it extremely difficult for computers to crack certain mathematical problems. The security of your online banking, your email, and your customer database all depend on this being hard to break.

Quantum computers work differently. They can solve some of these mathematical problems much faster than traditional computers. When quantum computers become powerful enough, which experts say could happen within the next ten to fifteen years, today’s encryption methods will no longer be secure.

This is not science fiction. The technology to break current encryption with quantum computers does not exist yet at a practical scale. But the clock is ticking, and the data you encrypt today could be stored by attackers now and decrypted later when the technology catches up.

What France Is Doing and Why It Matters

ANSSI approval is required for security products used by French government agencies and critical infrastructure operators. By announcing it will stop certifying non-quantum-safe products from 2027, France is essentially forcing its entire public sector and regulated industries to switch to quantum-resistant encryption.

This matters for Irish businesses for three reasons:

Supply chain ripple effects. If your business sells products or services to French companies or government bodies, you may need to comply with their encryption requirements. Many software vendors will update their products for the French market first, and Irish businesses will eventually get those same updates, whether they need them yet or not.

EU alignment. France is often a trailblazer for European regulation. What starts in Paris often reaches Brussels, and from there, Dublin. If France is moving this direction, it is reasonable to expect similar requirements across the EU within a few years.

Long-term data obligations. Under GDPR, Irish businesses that hold personal data have an obligation to keep that data secure for as long as they hold it. If you store customer data today that could still be sensitive in ten years, you need to think about whether today’s encryption will still be adequate when quantum computers arrive.

What to Do About It

Quantum-safe encryption is not something you need to panic about today. But it is something you should start asking about. Here are three practical steps:

Ask your software vendors. When you renew contracts with your IT providers, ask about their quantum-readiness plans. Are they working on updating their encryption? Do they have a timeline?

Check your long-term data. If your business holds data that needs to stay confidential for more than five years, start thinking about how you will protect it against future threats.

Watch for updates. The major cloud providers, Microsoft, Google, and Amazon, are all working on quantum-safe encryption updates. Make sure you apply those updates when they become available.

The Bottom Line

France’s announcement is not a reason to panic. It is a reason to pay attention. Encryption is the invisible infrastructure that makes digital business possible. The shift to quantum-safe encryption is coming, and the businesses that start paying attention now will have a smoother transition than those that wait until they have no choice.