In recent years, the race to secure digital infrastructure against quantum threat has accelerated worldwide. Governments, standardization bodies, and industry leaders have introduced strategic roadmaps to steer the transition to post-quantum cryptography (PQC), signaling a coordinated global push to safeguard critical systems for the future. With the first quantum-safe algorithms now standardized, the path forward is clearer than ever. As high-risk sectors - including government, defense, finance, healthcare, logistics, energy, telecom, and aerospace -face increasing vulnerability, the focus is shifting from theoretical planning to practical implementation, guided by the principle of crypto-agility.
Read the summary
- The European Commission and the NIS CG have laid out a roadmap mandating immediate action towards post-quantum cryptography transitions, with milestones set for 2026, 2030, and 2035.
- High-risk sectors are urged to identify and test systems for quantum vulnerabilities using NIST's PQC standards, emphasising collaboration with partners to ensure compliance with evolving guidelines.
- VTT is leading the post-quantum cryptography research in Finland, supporting national efforts and providing expert insights to help sectors transition confidently to quantum-safe technologies.
This summary is written by AI and checked by a human.
Crypto-agility is a key principle highlighted in these guidelines, referring to the ability to swiftly adapt cryptographic systems in response to new threats or standards. As emphasized by the National Institute of Standards and Technology (NIST), crypto-agility is not merely about swapping algorithms; it is about building resilient, flexible systems that can evolve alongside the cryptographic landscape.
The foundation for these global efforts was laid by the NIST’s PQC Competition, which began in 2016 and culminated in the selection of the first standardized quantum-safe algorithms in 2024. These methods are now being integrated into national and international strategies.
With international roadmaps now published, the transition to post-quantum cryptography is no longer a distant goal. It is a present-day mandate. From the United States to the European Union, the message is clear: organizations must act now to implement quantum-safe algorithms and build crypto-agile systems. This is not about preparing for a hypothetical future but about keeping pace with a rapidly evolving threat landscape. The time for waiting and observing has passed. Now is the time to execute.
Industries such as government, defense, finance, healthcare, logistics, energy, telecom, and aerospace sit at the frontlines of quantum risk. With sensitive data and long-term confidentiality at stake, these sectors are being called to action—starting with a full inventory of their cryptographic systems and moving swiftly toward hybrid or quantum-safe deployments to future-proof their security.
PQC roadmap
On April 11th, 2024, the European Commission published its recommendation for a coordinated implementation roadmap to guide the PQC transition. This was followed by the Network and Information Systems Cooperation Group (NIS CG), which released a detailed roadmap during the summer 2025 outlining concrete milestones for transitioning Europe’s digital infrastructure to PQC.
The roadmap defines three key phases with corresponding deadlines:
- By the end of 2026
- All Member States have implemented the First Steps, as defined by NIS CG.
- Initial national PQC transition roadmaps are in place.
- Planning and pilot projects for high- and medium-risk use cases have been initiated.
- By the end of 2030
- All Member States have implemented the Next Steps, as defined by NIS CG.
- PQC transition for high-risk use cases is completed.
- Planning and pilots for medium-risk use cases are completed.
- Quantum-safe software and firmware upgrades are enabled by default.
- By the end of 2035
- PQC transition for medium-risk use cases is completed.
- PQC transition for low-risk use cases is completed (as much as feasible).
In the corresponding document it is emphasized that these dates represent ultimate deadlines, and that implementation should be done as soon as possible to mitigate long-term risks.
Risk categories are defined based on the longevity and sensitivity of data. High-risk use cases involve data protected by public-key cryptography where a breach, even after a decade or more, would still cause significant harm. For more details on these categories, NIS CG’s documentation refers to The PQC Migration Handbook.
Cryptographic Agility in Action: Preparing Systems for the Post-Quantum Transition
On July 17th, NIST released its second public draft of the Considerations for Achieving Cryptographic Agility. At its core, the publication outlines how organizations can prepare their systems to adapt cryptographic algorithms over time without compromising security or disrupting operations.
Historically, transitions and deprecations of cryptographic algorithms have been challenging. As noted in the NIST guidelines, many systems were not designed with change in mind. Cryptographic components were often tightly integrated, making updates slow, costly, and prone to disruption. Today, we face the most significant cryptographic transition yet, the shift to post-quantum cryptography. This moment also presents a unique opportunity to redesign our systems to be modular, flexible, and agile.
As we begin integrating quantum-safe algorithms into our systems, it's important to recognize that the current shift is not a single change but a series of transitions. It begins with introduction of hybrid and dual-mode solutions, where classical algorithms such as RSA and ECDH are combined with post-quantum algorithms. This is followed by the gradual phasing out of classical algorithms, ultimately leading to the adoption of pure post-quantum solutions. This phased approach is necessary not only because different organizations and systems will progress at different speeds, but also because it allows time to study and build confidence in these new algorithms before relying on them entirely. To ensure secure communication across diverse environments, maintaining interoperability throughout the transition is essential.
In addition to this initial shift, we must also be prepared for ongoing changes. Vulnerabilities will inevitably emerge over time as computing power increases, algorithms evolve, and new technologies are developed. History shows that scientific progress often introduces new challenges. When these challenges arise, agility becomes essential for adapting quickly and securely. Systems built with flexibility in mind, which NIST refers to as agility-aware design, will be better equipped to handle these transitions and maintain strong security over time.
Of course, agility comes at a cost. It introduces complexity, which can expand the attack surface if not carefully managed. Designing secure, agile systems is not easy, but when done right, it becomes an investment that pays off in resilience and long-term maintainability.
NIST’s PQC standardization process continues
In 2024 NIST published the first three PQC standards, marking the beginning of the post-quantum era. The approach for secure key exchange uses lattice-based encapsulation techniques, while the digital signature schemes include both lattice-based and hash-based methods.
However, the standardization process is still ongoing. On March 11, 2025, NIST published an update confirming that a new algorithm for secure key exchange, HQC (Hamming Quasi Cyclic), will be standardized next. Unlike the earlier standards, HQC is based on coding theory. Having alternatives grounded in different mathematical foundations enhances flexibility and strengthens resilience in case vulnerabilities are discovered in any family of algorithms.
In parallel, NIST is also running a competition for additional digital signatures. This effort began in September 2022 and focuses on identifying solutions that complement the mathematical foundations of existing lattice-based standards, helping to ensure a broader and more resilient basis for security. As of October 2024, 14 candidate algorithms have advanced to the second round of evaluation.
Preparing for the quantum leap: key actions for high-risk sectors
To prepare for the shift to post-quantum cryptography, high-risk sectors should take the following steps:
- Identify where cryptographic algorithms are used across systems, including software, hardware, and third-party services.
- Assess which assets are most vulnerable to quantum threats, especially those involving sensitive data with long confidentiality requirements.
- Test NIST-selected PQC algorithms in controlled environments to evaluate performance and compatibility.
- Adopt hybrid cryptographic solutions that combine classical and quantum-safe algorithms to support a smooth transition.
- Collaborate with vendors and supply chain partners to ensure future products support PQC standards.
- Align internal policies with emerging national and international guidelines to maintain compliance and resilience as standards evolve.
VTT’s services and know-how
VTT is at the forefront of post-quantum cryptography research in Finland, leading national initiatives such as PQC Finland project and the ongoing Beyond the Limits of PQC project. These are among several efforts where our cryptography teams are advancing quantum-safe technologies, evaluating algorithms, conducting integration activities, and exploring diverse algorithmic foundations to support readiness across sectors. As part of this mission, VTT has also contributed to the national guidance on quantum preparedness, published by the Finnish National Emergency Supply Agency. Whether you're mapping out your transition roadmap or navigating the PQC shift, VTT is ready to support you with expert insights and hands-on guidance - so you can move forward with clarity and confidence.
