ML-KEM-1024 | FIPS 203 | CSPN ANSSI Chiffrement souverain post-quantique

Compliance and Certifications

CSPN Ready · EAL4+ Ready. Built for ANSSI evaluation, aligned with NIS2, DORA, and the European Commission’s 2026 PQC transition roadmap.

ANSSI Certification

CSPN Certifications

Two CSPN certification dossiers in preparation for ANSSI evaluation:

CSPN Encryptor

FPGA network encryptor
  • Throughput: 800 Gbps to 6.4 Tbps
  • Scope: FPGA network encryption
CSPN Ready

CSPN Agent

Software encryption agent
  • Throughput: 1 to 10 Gbps
  • Scope: multi-platform software agent
CSPN Ready
CSPN (First Level Security Certification) is issued by ANSSI after evaluation by an accredited CESTI laboratory. Evaluation covers 25 to 50 man-days over approximately 2 months. CSPN freezes the hardware and software configuration. Any change requires recertification (12-18 months). This ensures stability and traceability of each deployment.
Regulations

Regulatory Framework

NIS2 Oct. 2024

Network and Information Security Directive 2

Effective: October 2024 (transposition ongoing in France via “Loi Résilience”). Requires essential and important entities to implement proportionate encryption measures. Article 21.2(h): cryptography and encryption policies. Covers 18 sectors and tens of thousands of entities across Europe.

DORA Jan. 2025

Digital Operational Resilience Act

Effective: 17 January 2025 (EU regulation, directly applicable). Article 9: financial entities must implement cryptographic protection measures based on data classification. Requires monitoring of cryptographic threats, including quantum threats. Crypto-agility required.

LPM Active

Loi de Programmation Militaire

Covers France’s 249 OIVs (Vital Importance Operators). Art. R.1332-41 mandates ANSSI-certified encryption for vital information systems — penalties for non-compliance are administrative and criminal.

eIDAS 2.0 Dec. 2026

Regulation (EU) 2024/1183

New European digital identity framework. EUDI Wallet mandatory in every Member State by December 2026. GARANCE PKI already uses X.509 v3 and ML-DSA-87 post-quantum signatures, preparing for eIDAS 2.0 trust anchors.

Cryptographic Standards

Algorithms and Protocols

ML-KEM-1024
FIPS 203 — Post-quantum key encapsulation — NIST August 2024
AES-256-GCM
FIPS 197 — Authenticated symmetric encryption
X.509 v3
PKI certificates
IKEv2 / IPsec
RFC 7296 + RFC 9370 — Secure tunnel protocol
ML-DSA-87
FIPS 204 — Post-quantum digital signatures
HKDF-SHA256
RFC 5869 — Key derivation
Post-Quantum Migration

European PQC Roadmap

Published 23 June 2025 by the European Commission:

End 2026All Member States must begin PQC transition
2030High-risk use cases must be fully transitioned
2035Broadest possible migration
From 2027ANSSI will no longer accept products without PQC for security visa issuance

Need a compliance audit?

We review your current encryption stack, map it against LPM/NIS2/DORA requirements, and deliver a concrete remediation plan.

Request an audit →