Thales launches Europe’s first certified smartcard ready for the Quantum Age

• Thales’ solution is the first quantum-resistant smartcard in Europe to receive high-level security certification, underscoring its commitment to staying ahead of emerging cyber risks in the quantum era.
• The certified product integrates innovative cyber mechanism into a smartcard format—ideal for applications that demand strong future-proof identity protection, such as electronic ID cards, health cards, and driving licenses.
• It is ready for real-world deployment, providing governments and institutions with a secure foundation for next-generation identity solutions.

As quantum computing evolves, many of today’s cryptographic methods will no longer be secure, since quantum computers will be able to solve complex mathematical problems much faster than classical computers. A recent Gartner® report* says “By 2029, advances in quantum computing will make conventional asymmetric cryptography unsafe to use.” Thales has spent years investing in post-quantum cryptography to ensure critical systems stay safe in the future.

By becoming the first company to receive high-level Common Criteria¹ certification for a quantum-resistant smartcard, Thales will help government services protect sensitive data —such as those on ID cards, health cards, and driver’s licenses—and ensure that citizens’ identities are secure against emerging quantum threats.

The innovative smartcard (‘MultiApp 5.2 Premium PQC’), developed by Thales and certified by the French Cybersecurity Agency (Agence nationale de la sécurité des systèmes d’information – ANSSI), uses advanced digital signature designed to resist attacks, even from powerful quantum machines. It’s the first of its kind to be certified at such a high security level (EAL 6+²) under the Common Criteria framework. The certified product also features new Digital Signature Algorithms³ standardised by the American NIST - National Institute of Standards and Technology. These specific signature algorithms are powerful cryptographic tools used to verify that data or a digital message really comes from the right sender and has not been altered.

From an end-user perspective, nothing changes: citizens will continue to use their cards as usual. What’s revolutionary is what’s inside. The card uses a new generation cryptographic signature designed to withstand the immense computing power of tomorrow’s quantum computers. This ensures that sensitive personal data remains protected not just today—but well into the future.

This first certification for a solution incorporating post-quantum cryptography reflects ANSSI’s commitment to supporting innovation, while upholding the highest cybersecurity standards. The joint work of Thales, CEA-Leti IT Security Evaluation Facility, and ANSSI is a strong signal that Europe is ready to lead the way in post-quantum security, enabling organisations and governments to deploy solutions that anticipate future risks, rather than waiting for quantum computers to become mainstream" Franck Sadmi, Head of National Certification Center, French Cybersecurity Agency (ANSSI).

This certification is a landmark moment not only for Thales but for the entire digital security ecosystem. It shows that future-proof cybersecurity is no longer a concept—it’s a reality. By achieving the highest level of security for a quantum-resistant smartcard, Thales is paving the way for trust in tomorrow’s civil identities. We’re proud to lead this crucial transformation" Nathalie Gosset, VP Identity & Biometric Solutions at Thales.

¹ Common Criteria : an international standard confirming the product meets strict security requirements.

² The Evaluation Assurance Level (EAL) is an international scale used to measure the robustness of IT security. It ranges from EAL1 (basic tested) up to EAL7 (the highest, formally verified level). An EAL6+ certification means the product has been tested and proven to provide very high security against sophisticated attacks, suitable for critical applications like government, finance, and defense.

³ FIPS 204 is a new U.S. government standard that defines a digital signature algorithm designed to remain secure even in the age of quantum computers. It is a foundation for digital integrity of things like secure transactions, ID documents, software updates, or electronic contracts. FIPS standards are published and approved by NIST (the U.S. National Institute of Standards and Technology) and are widely recommended and adopted across industries worldwide, especially in sectors like government, defense, finance, and digital technology.