The European Union is moving to strengthen its cybersecurity posture with the adoption of post-quantum cryptography. Backed by the European Commission, Member States have issued a roadmap and timeline to begin transitioning to this advanced form of encryption. The set of recommendations that Member States need to implement for a synchronised transition to post-quantum cryptography is divided into ‘First Steps’ that are required to initiate the transition, and ‘Next Steps’ that should follow.
Following the Commission’s Recommendation issued last April, the EU move stems from a strategy developed by the NIS Cooperation Group and reflects growing urgency for Europe to act as quantum computing capabilities accelerate. Post-quantum cryptography is built on algorithms designed to resist decryption by quantum computers, marking a significant step toward defending against next-generation cyber threats. All EU Member States are expected to begin the shift by the end of 2026, with critical infrastructure required to complete the transition no later than 2030.
“As we enter the quantum era, post-quantum cryptography is essential to ensure a high level of cybersecurity, fortifying our systems against future threats,” Henna Virkkunen, executive vice-president for technological sovereignty, security, and democracy, said in a media statement. “The post-quantum cryptography roadmap provides a clear direction to ensure the robust security of our digital infrastructure.”
Titled A Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography, the document is the first deliverable from the NIS Cooperation Group’s post-quantum cryptography work stream. It serves as an initial high-level guide for EU Member States. Many of the steps outlined for the post-quantum cryptography transition constitute ‘no-regret’ moves; they improve cybersecurity in general and support compliance with cybersecurity regulations, in particular the NIS2 Directive.
The roadmap recommends that Member States initiate a national post-quantum cryptography transition strategy following First Steps by the end of 2026 and coordinate their efforts at the EU level. At the same time, high-risk use cases should be transitioned to post-quantum cryptography as soon as possible, no later than the end of 2030. Furthermore, quantum-safe upgrades should then be enabled by default, and the post-quantum cryptography transition plans should be refined, in particular by implementing the recommended Next Steps.
By 2035, the transition should be completed for as many systems as practically feasible. This ambitious timeline is justified by the severe consequences broken cryptography would have on safeguarding data and securing sensitive communications, which are vital for the EU and its Member States’ society, economy, security, and prosperity.
Last April, the European Commission initiated calls for proposals within Horizon Europe’s 2023-2024 digital, industrial, and space work program, focusing on research and innovation in artificial intelligence (AI) and quantum technologies. With an investment of €112 million in AI, and quantum research and innovation, a new series of calls has been introduced, totaling over €112 million from the 2023-2024 Horizon Europe Digital, Industry, and Space work program.
The recommendations in this document include measures to ensure that stakeholders are informed of the quantum threat to cryptography and can exchange their knowledge and experience at the national, European, and international levels. It is recommended to ensure that the quantum threat becomes a part of the risk management of relevant entities and to establish mature cryptographic asset management to facilitate the transition to post-quantum cryptography and improve cryptographic agility in general.
As part of the ‘First Steps,’ the EU outlines eight foundational components for transitioning to post-quantum cryptography. One of the initial priorities is engaging key stakeholders early, including cybersecurity leaders, government agencies, and technical experts, to ensure coordinated planning and execution. This includes CTOs, CISOs, CIOs from critical sectors, government bodies, research institutions, and national cybersecurity authorities. Their coordinated input is essential for shaping and executing a national roadmap.
Organizations must also improve cryptographic asset management by keeping detailed and current inventories of all systems using cryptography. These should be supported by asset management tools and standards such as cryptographic bills of materials. Accurate inventories are vital for effective risk management and business continuity planning.
It is also necessary to map internal and external dependencies across applications, platforms, and operational processes. Understanding these connections enables smoother migration planning, better supply chain coordination, and interoperability across the EU.
Quantum-related threats should be integrated into national and organizational risk assessments. These risks must be elevated to board-level discussions and reflected in public cybersecurity reports to ensure adequate attention and resources.
The supply chain must be engaged early in the process. Product and service providers need to align their roadmaps with post-quantum cryptography goals and ensure cryptographic agility is built into their offerings. This coordination supports both national and EU-level transition strategies.
Raising awareness across organizations is also essential. Targeted, role-specific programs should be developed to educate personnel about quantum threats and cryptographic transition priorities. Multiple communication channels, including official platforms, social media, and industry publications, should be used to deliver timely and accurate information.
Knowledge sharing and collaboration should be prioritized through participation in expert communities, international dialogues, and the NIS Cooperation Group’s work stream on post-quantum cryptography. This helps synchronize efforts across borders and sectors.
Finally, each country should establish a national timeline and implementation plan. Priorities should be clearly defined using a flexible prepare-plan-act framework. Timelines will vary depending on specific use cases, but a coordinated and adaptable strategy will support a more secure and resilient transition. These initial actions are critical to building a unified and well-informed path toward quantum-resistant cryptographic systems across the EU and its member states.
After work on the First Steps has started and an initial implementation plan has been established, it is important to pursue activities that could help to carry out a smooth migration and to fine-tune and update the implementation plan continuously. Further actions which should be considered in this process.
As part of its ‘Next Steps,’ the EU emphasizes the need to build cryptographic agility and prepare a secure upgrade path for future systems. New products must be designed with the flexibility to update cryptographic mechanisms as threats evolve. Beginning in December 2027, this will be a formal requirement under the Cyber Resilience Act. Even before full transition to post-quantum cryptography, products should be capable of receiving software and firmware updates signed with quantum-safe algorithms. Update mechanisms must be in place, using standardized post-quantum signatures, and procurement processes should explicitly require this level of agility.
Ongoing engagement with stakeholders and vendors is essential to refine migration strategies and maintain alignment across industry and regulation, including compliance with evolving frameworks like NIS2. The EU calls for allocating the necessary budget and skilled personnel to manage the complexity of this transition. Lifecycle management costs must be factored in from the outset to ensure continuity.
Certification schemes must also be adapted. National and European cybersecurity certification systems under the Cybersecurity Act need to reflect quantum-era threats. Collaboration with groups such as the EU Cybersecurity Certification Group is encouraged to ensure up-to-date guidance. These requirements must be embedded into product evaluations, procurement protocols, and regulatory compliance, with close coordination among NIS2 and eIDAS supervisory bodies.
The regulatory landscape requires review and revision. Existing national laws related to cryptography should be updated to incorporate post-quantum standards. Where such laws do not exist, new frameworks must be developed. These updates should be informed by input from peer countries and the NIS Cooperation Group. Post-quantum cryptography requirements should start to appear in procurement contracts, certifications, and partnership agreements.
The EU sees strong potential in leveraging its cybersecurity ecosystem. Public-private partnerships are needed to help vendors and service providers align with national migration roadmaps. Training programs must be updated or created to equip cybersecurity professionals and specialists with post-quantum cryptography knowledge. Member States are urged to pool educational resources and share experiences to accelerate capacity building. Funding opportunities, both national and European, should be directed toward post-quantum cryptography implementation. Cyber coordination centers and competence hubs can support these efforts.
International cooperation plays a central role. The EU should actively participate in global post-quantum cryptography standardization work and promote collaboration between national and EU initiatives. Authorities are encouraged to support research, share technical knowledge, and build joint programs, including PhD-level study and innovation.
Pilots and testing infrastructure must also be developed and expanded. Engagement in international testbeds, such as ETSI Plugtests and IETF post-quantum cryptography hackathons, will provide valuable insights. National centers of expertise can further enhance readiness. Real-world use cases should guide the testing phase to ensure that any deployment is grounded in operational resilience and threat reality. This multi-layered approach reflects the EU’s commitment to a secure and coordinated shift to post-quantum cryptography, ensuring systems remain trusted and resilient in a quantum-capable future.
In May, the Post-Quantum Cryptography Coalition (PQCC) released its Post-Quantum Cryptography Migration Roadmap to assist organizations in navigating the complexities of transitioning to quantum-safe cryptography. The comprehensive and tailorable guide provides a strategic framework across four critical categories – preparation, baseline understanding, planning and execution, and monitoring and evaluation, equipping organizations with actionable tools and methodologies to safeguard their data against emerging quantum threats.
