EU PQC Timeline

To Go:

Brief Summary

The NIS Cooperation group, PQC Workstream have published the following timeline:

First Steps by 31.12.2026

Initiate transition planning and pilots for high and medium risk use cases. All member states to establish a transition roadmap.

1. Identify and involve stakeholders.
2. Support mature cryptographic asset management.
3. Create dependency maps.
4. Perform quantum risk analysis.
5. Include the supply chain.
6. Create a national awareness and communication program.
7. Share knowledge and get involved with the NIS CG work stream on PQC.
8. Develop a timeline and an implementation plan.

To Go:

---

Next Steps by 31.12.2030

PQC Transition for high risk use cases has been completed and transition planning and pilots for medium risk use cases should be completed and Quantum safe software and firmware upgrades are enabled by default.

1. Support cryptographic agility and a quantum-safe upgrade path.
2. Allocate resources for the transition.
3. Adapt certification schemes.
4. Evolve the rules.
5. Look for opportunities within the ecosystem.
6. Considering transversal activities throughout the creation and implementation of the roadmap.
7. Implement pilot use cases and contribute to testing centres.

To Go:

---

31.12.2035

The PQC transition for medium risk use cases has been completed and the PQC transition for low risk use cases has been completed as much as possible.

Reference

See “A Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography”