Post-Quantum Cryptography: How Governments Worldwide Are Shaping the Transition Ahead
Governments around the world are accelerating action on post-quantum cryptography (PQC), driven by growing recognition that migrating from today’s cryptography is a multi-year effort.
The risk of “harvest now, decrypt later,” where sensitive data intercepted today may be decrypted in the future, has shifted from a theoretical concern to a strategic policy issue. This is particularly true for government institutions, critical infrastructure entities, and organizations holding long-lived or highly sensitive data.
As a result, 2026 is emerging as a clear inflection point. Across multiple jurisdictions, regulators are moving beyond non-binding guidance toward enforceable expectations, expressed through planning, governance, procurement requirements, and supervisory oversight. While legal frameworks and timelines differ, the direction is consistent: organizations are expected to understand their cryptographic exposure and demonstrate a credible path toward post-quantum resilience.
Global PQC Requirements: Shared Expectations Across Governments
Government action on post-quantum cryptography varies in form, ranging from binding mandates for government and national security systems to policy frameworks, technical standards, and supervisory guidance, often enforced through procurement requirements, audits, and regulatory oversight. Across these models, the emphasis is on preparation and coordination rather than rushed, near-term deadlines.
Despite differences in legal frameworks, expectations are converging. Organizations are increasingly expected to establish cryptographic visibility through discovery and inventory, identify long-lived and sensitive data, develop formal PQC transition plans, and adopt cryptographic agility. Vendor and supply-chain readiness is also becoming a core requirement, with reporting or attestation beginning to emerge in some sectors.
This alignment is reinforced through multilateral coordination. For example, the G7 Cyber Expert Group’s recent roadmap, which frames PQC as a systemic resilience issue for the financial sector, reflects a broader global shift toward early preparation and standards alignment rather than rushed execution. A similar approach is now visible in national strategies well beyond the G7.
How This Plays Out Across Regions
United States: From Guidance to Binding Federal Mandates
In the United States, the transition to post-quantum cryptography has unfolded in deliberate phases, moving from strategy and standards into binding operational and procurement requirements. What began as a planning exercise is now shaping how federal agencies buy, design, and modernize systems.
The groundwork was laid in 2022, when the Office of Management and Budget issued OMB Memorandum M-23-02, directing federal agencies to inventory their cryptographic systems and prepare for migration away from quantum-vulnerable algorithms. This made cryptographic visibility a formal federal requirement rather than a best practice.
In 2024, the planning phase accelerated. The White House published its Report on Post-Quantum Cryptography under National Security Memorandum-10, confirming that inventory, cost modeling, and migration planning were active workstreams across agencies. In parallel, the National Institute of Standards and Technology finalized its first post-quantum cryptography standards — FIPS 203, 204, and 205 — largely settling algorithm selection and shifting the conversation toward execution.
By 2025, the U.S. government began moving from preparation to execution. The National Security Agency, through the Committee on National Security Systems, released CNSS Policy 15, anchoring post-quantum algorithms into national security systems. Shortly after, NSA published CNSA 2.0, establishing concrete expectations and timelines for vendors, cloud providers, and operators supporting national security workloads. That same year, the Department of Defense issued operational guidance requiring defense components to identify and continuously track cryptographic usage across business systems, cloud infrastructure, mobile devices, and IoT, reinforcing cryptographic inventory as an ongoing readiness metric.
The most decisive shift came in June 2025, when the White House directed the Department of Homeland Security to identify technology product categories where post-quantum cryptography was commercially mature. This marked the move from policy into procurement. That directive culminated in January 2026, when the Cybersecurity and Infrastructure Security Agency issued federal buying guidance identifying product categories expected to support post-quantum cryptography, signaling to vendors that PQC readiness is increasingly treated as non-optional in the federal market.
Taken together, the U.S. approach shows a clear progression: standards (2024), mandates and timelines (2025), and procurement enforcement (2026).
European Union: Coordinated Readiness Without a Single Mandate
The European Union has taken a coordinated policy approach rather than imposing a single binding mandate. PQC adoption is being driven through alignment across Member States, supported by European Commission roadmaps and ENISA guidance, with the goal of avoiding fragmentation across the Single Market.
The EU's public transition arc began in April 2024, when the European Commission issued a formal recommendation urging Member States to develop coordinated national implementation roadmaps for post-quantum cryptography. This was followed by the establishment of a dedicated PQC workstream within the NIS Cooperation Group to align sequencing and risk-based prioritization.
The approach became more concrete in June 2025, when the Commission and Member States published the first roadmap deliverable. This introduced explicit milestones: initial national strategies by the end of 2026, transition of high-risk and critical infrastructure systems by 2030, and completion of the long tail of systems by 2035 where practically feasible.
Importantly, PQC is not treated as a standalone cryptography program. It is positioned as part of broader cyber risk management and compliance, explicitly linked to frameworks such as NIS2, DORA for the financial sector, and the Cyber Resilience Act for products entering the Single Market.
In practice, this means EU organizations should expect PQC readiness to surface through national implementation, procurement, audits, and sectoral supervision — even without a single EU-wide "PQC law." By 2026, preparedness is expected to be demonstrable; by 2030, critical systems should be migrated; and by 2035, most remaining systems should follow.
United Kingdom: Supervisory Pressure Over Legislation
The UK's National Cyber Security Centre has positioned PQC as a long-term national resilience issue and published a coordinated roadmap extending to 2035.
The transition is structured in clear phases: by 2028, organizations across government, financial services, and critical national infrastructure are expected to have completed cryptographic discovery, inventory, and dependency mapping, with formal transition plans in place; from 2028 to 2031, the focus shifts to early execution, including vendor alignment, hybrid deployments, and the highest-priority system upgrades; and from 2031 to 2035, wider migration is expected as implementations mature.
NCSC's algorithm preferences sit closer to the U.S. position than the rest of Europe: ML-KEM- 768 and ML-DSA-65 are the headline recommendations, and while hybrid is accepted as an interim measure, NCSC has explicitly stated a preference for pure post-quantum signatures. To accelerate market readiness, NCSC has also launched a pilot under the Assured Cyber Security Consultancy scheme, qualifying consultancies to deliver PQC discovery and migration planning.
While the guidance is not legally binding, PQC readiness is increasingly treated as a supervisory benchmark within broader cyber resilience and operational risk oversight, particularly for regulated sectors such as financial services and the National Health Service.
Canada: Planning and Reporting as Formal Obligations
Canada has published a formal, time-bound roadmap for migrating federal non-classified IT systems to post-quantum cryptography. Under ITSM.40.001, issued by the Canadian Centre for Cyber Security in June 2025, federal departments were required to submit initial PQC transition plans by April 2026, report progress annually thereafter, complete migration of high-priority systems by the end of 2031, and transition remaining systems by the end of 2035.
April 2026 was a notable inflection point: it marked the first concrete sovereign PQC deadline in any G7 nation, and every federal department was required to designate a senior official accountable for the migration. Although these requirements apply directly to federal systems, they are already shaping expectations for suppliers, cloud providers, and organizations operating within the federal ecosystem, aligning Canada's trajectory closely with those of the United States and the United Kingdom.
Australia: Readiness First, Migration Next
Australia has issued some of the most prescriptive cryptographic timelines of any English- speaking jurisdiction. The Australian Signals Directorate, through its Information Security Manual, has stated that organizations should have a refined PQC transition plan by the end of 2026, commence transition of critical systems and data by the end of 2028, and complete the migration by the end of 2030. After 2030, traditional asymmetric cryptography — including RSA, Diffie-Hellman, ECDH, and ECDSA — is expected to be retired.
ASD has taken a distinctive position on hybrid cryptography: rather than mandating hybrid deployments as European agencies do, it has directed organizations toward pure post-quantum implementations, with ML-KEM-1024 named as the required key encapsulation mechanism. ML-KEM-768 is acceptable as an interim measure but is also expected to be retired in line with the 2030 horizon.
While the ISM applies most directly to federal government and critical infrastructure, regulated sectors such as financial services and healthcare are increasingly aligning procurement and risk- management practices with ASD guidance, making the 2030 horizon a de facto industry deadline.
Japan: Coordinated Transition Aligned to 2035
Japan's post-quantum transition is coordinated around a national 2035 target and anchored in technical standards defined through CRYPTREC. The National Cyber Command Office's interim report in late 2025 confirmed that government agencies must transition by 2035, aligning Japan with the United States, the European Union, the United Kingdom, and Canada.
A significant milestone came in April 2026, when an external evaluation of ML-KEM for CRYPTREC was completed, supporting its inclusion in the CRYPTREC Ciphers List — Japan's equivalent of the U.S. CNSA suite. This removed a major procurement barrier and signaled that the Japanese government is accelerating PQC adoption ahead of its formal national roadmap, which is expected by May 2027. From 2026 through the late 2020s, agencies are expected to move from planning into early execution, including upgrades for higher-risk environments, hybrid classical–post-quantum approaches, and cryptographic agility.
Into the early 2030s, broader migration of priority systems is expected as implementations mature, with the approach designed to cascade into critical infrastructure operators and public- sector suppliers through procurement and technical alignment.
Germany: Hybrid Mandate and an Accelerated Threat Estimate
Germany's Federal Office for Information Security has taken one of the most prescriptive technical positions in Europe. The updated BSI Technical Guideline TR-02102-1, refreshed in January 2026, sets clear horizons: full migration to quantum-safe cryptography by 2030 for critical infrastructure under NIS2 and KRITIS regulation, and by 2032 for all other organizations, with classical asymmetric algorithms formally deemed deprecated thereafter.
BSI uniquely requires hybrid schemes — combining classical and post-quantum algorithms — for both key establishment and signatures, with the exception of hash-based signatures such as LMS and XMSS, which can stand alone. Its approved algorithm list includes ML-KEM alongside FrodoKEM and Classic McEliece as conservative fallbacks, reflecting a defense-in- depth posture less common outside Germany and France.
The urgency has been reinforced by BSI's own annual assessment of quantum computing progress, which in 2025 shortened the estimated horizon for a cryptographically relevant quantum computer from roughly 20 years to 10–15. Despite this, a joint BSI–KPMG market survey found that fewer than 5% of German organizations currently have a formal migration plan in place — a readiness gap that is becoming a strategic concern for the broader European industrial base.
France: Procurement Pressure Through the Security Visa
France's national cybersecurity agency ANSSI has structured its PQC transition around a three- phase model and is exerting some of the most direct procurement pressure in Europe. Phase 1 prioritizes hybrid deployments as defense-in-depth; Phase 2, beginning in 2025, targets hybrid schemes providing full post-quantum assurance; Phase 3 will move toward pure PQC where appropriate.
The decisive lever is the Visa de sécurité. From 2027, ANSSI will no longer accept products for security visa certification unless they incorporate post-quantum cryptography — a position that effectively forces vendors selling into the French market, and any organization relying on visa- certified products, to migrate ahead of broader European timelines.
ANSSI co-chairs the EU NIS Cooperation Group PQC workstream alongside Germany and the Netherlands, shaping the bloc's coordinated approach. Banque de France has been running PQC experiments since 2022, including a high-profile cross-continental experiment with the Monetary Authority of Singapore in November 2024 that trialled quantum-resistant algorithms for email signing and encryption, with plans to extend to cross-border payment networks. In early 2026, ANSSI explicitly framed quantum computing's emergence in geopolitical terms, reinforcing 2030 as a hard horizon for critical-infrastructure migration.
Spain: National Strategy and Industrial Deployment in Parallel
Spain follows the EU coordinated roadmap and has supplemented it with a national approach driven by the Centro Criptológico Nacional and the Ministry for Digital Transformation, which released the Estrategia de Tecnologías Cuánticas de España in 2025. Recommended algorithms include the NIST set alongside FrodoKEM as a conservative option, consistent with the broader European hybrid-friendly posture.
Spanish industry has been notably active in turning policy into production. Telefónica launched Interconexión CPDs, the country's first data-center communications service secured with post- quantum cryptography and supporting quantum key distribution, and at MWC 2026 in Barcelona presented its Quantum Telco framework and Quantum-Safe Cryptographic Hub, built around IBM LinuxONE hardware for organizations migrating to NIST PQC algorithms. Catalonia's research center CTTC is co-leading work on PQC and quantum communication for future 6G networks, reinforcing Spain's position as both a regulatory implementer and an industrial contributor to the European quantum stack.
Belgium: Cross-Sector Coordination Within the EU Framework
Belgium has aligned with the EU coordinated roadmap and pushed forward through national coordination led by the Centre for Cybersecurity Belgium. A white paper published jointly with the Belgian Cyber Security Coalition and Quantum Circle in September 2025 frames migration as a three-phase journey: awareness and assessment, planning and strategy, then implementation and beyond.
The Belgian model takes a risk-tiered approach. High-risk systems should be in planning by 2026 and fully migrated by 2030; medium-risk systems should be in planning by 2026 with pilots complete by 2030 and full migration by 2035; lower-risk systems can be sequenced later. As host to the EU institutions and NATO, Belgium plays an outsized coordinating role in shaping continental PQC readiness, with active sector use cases documented across telecom, banking, healthcare, and retail.
India: Sovereign Assurance Built Around the National Quantum Mission
India's PQC trajectory is shaped by its Department of Science and Technology under the National Quantum Mission, which published a comprehensive national roadmap in February 2026 — Implementation of Quantum Safe Ecosystem in India — through a dedicated task force.
The strategy proposes a tiered approach. Critical Information Infrastructure is targeted for migration by 2028–2029, broader enterprise adoption by 2033, and a Cryptographic Bill of Materials inventory is expected from all in-scope organizations by December 2026. The framework introduces a sovereign three-tier national laboratory system for PQC product testing and certification, aligned with ISO/IEC 17025 and India's Digital Personal Data Protection Act, with designation authority shared between the Telecom Engineering Centre, the Bureau of Indian Standards, and the Ministry of Electronics and Information Technology.
A distinctive feature is the emphasis on domestic assurance and reduced dependence on foreign validation. The Department of Telecommunications is expected to mandate PQC readiness for new telecom equipment procured from 2026 onward, a particularly significant signal given the scale of India's 5G deployment and the breadth of public digital infrastructure that depends on it.
Singapore: Risk-Based Mainstreaming of PQC
Singapore has taken a deliberate risk-oriented approach rather than imposing a hard cross- economy deadline. In October 2025, the Cyber Security Agency published a Quantum-Safe Handbook and a Quantum Readiness Index, developed jointly with GovTech, IMDA, and industry partners. In March 2026, the Senior Minister of State for Digital Development and Information formally confirmed that post-quantum cryptography will be the mainstream solution for Singapore's quantum-safe migration, with NIST standards as the baseline.
Implementation pressure is being applied through procurement and the Cyber Trust Mark. GovTech is extending the Mark to vendors managing critical government data, and the Cyber Security Agency will require it of Critical Information Infrastructure owners, cybersecurity auditors, and licensed cybersecurity service providers offering penetration testing and managed security operations. Singapore is also building nationwide quantum-safe networks under the NQSN+ initiative, and the Monetary Authority of Singapore — alongside Banque de France — has been an early mover on cross-border financial-sector PQC trials, signaling expectations for the banking sector well ahead of any formal mandate.
Turkey: Capability Building Ahead of a National Roadmap
Turkey is at an earlier stage of the policy cycle than most of the jurisdictions above. There is no formally published national PQC migration roadmap with binding deadlines as of mid-2026, although capability has been building since TÜBİTAK BİLGEM established its Quantum Technologies Division in early 2023. Work spans quantum communication, quantum random number generation, post-quantum cryptography research, and quantum sensing.
Turkish national technology leadership has publicly highlighted post-quantum cryptography breakthroughs as a strategic priority alongside national supercomputing and indigenous satellite capability. The Information and Communication Technologies Authority is widely expected to develop a national roadmap; in the meantime, practical pressure on Turkish banks, critical infrastructure operators, and exporters comes primarily from EU customer requirements and NATO interoperability expectations rather than domestic mandate. Sector advisors are urging banks and payment platforms to begin cryptographic inventories, prioritize harvest-now-decrypt- later exposure, and adopt hybrid cryptography during the interim.
United Arab Emirates: Early Move From Policy to Execution
The UAE has moved early from awareness into structured preparation for post-quantum cryptography. In 2025, it approved a National Encryption Policy and executive regulation requiring government entities to develop clear, officially approved transition plans, with cryptographic discovery, inventory, and risk assessment as prerequisites.
In 2026, compliance-critical entities are expected to formalize migration plans and prioritize higher-risk systems, with phased oversight rather than immediate full migration. Procurement and regulatory alignment are already shaping market behavior, with PQC readiness increasingly influencing eligibility for public-sector and regulated-sector opportunities. The UAE Cyber Security Council has paired policy with delivery, expanding its partnership with the Advanced Technology Research Council and its commercial arm VentureOne to scale cryptographic discovery tooling, national cryptographic libraries developed by the Technology Innovation Institute, and entanglement-based quantum key distribution across government and enterprise environments.
GCC and Jordan: Sector-Led Momentum
Across the wider GCC, approaches vary but the direction is consistent. Saudi Arabia enforces strong cryptographic hygiene through national controls and standards, while Qatar, Kuwait, Bahrain, and Oman are embedding quantum risk into broader cybersecurity modernization efforts.
Jordan offers a clear example of sector-specific leadership. In January, the Central Bank of Jordan published a roadmap for transitioning the banking sector to quantum-resistant encryption, framing PQC as a resilience and governance issue for national financial infrastructure.
What This Means for Organizations in 2026
Taken together, these signals point to a clear shift. Governments are not demanding immediate, universal migration to post-quantum cryptography, but they are moving decisively past awareness. In 2026, preparedness is expected to be visible and defensible.
At a minimum, organizations should now be able to demonstrate:
- Cryptographic visibility across applications, infrastructure, cloud services, and connected devices
- Risk-based transition plans aligned to data sensitivity and system criticality
- Active vendor engagement and clarity on PQC and crypto-agility roadmaps
- Early execution, such as pilots, hybrid deployments, or prioritized system upgrades
Post-quantum readiness is increasingly showing up in procurement decisions, architecture reviews, audits, and supervisory discussions, even where formal migration deadlines are years away.
The organizations best positioned for this transition are those treating PQC as an ongoing capability, not a one-off upgrade. That starts with visibility. Without understanding where cryptography is used and how it is embedded across systems and suppliers, effective migration isn’t possible.
As governments continue translating policy signals into operational expectations, the gap between prepared and reactive organizations will widen. The global transition to post-quantum cryptography is underway, and 2026 is the year when readiness becomes measurable, defensible, and increasingly required.
This is what QuantumGate addresses. As 2026 emerges as the year organizations are expected to complete cryptographic discovery, QuantumGate focuses on enabling that visibility through its Crypto Discovery Tool, giving entities a clear, defensible view of where cryptography is used and which systems are exposed. That foundation supports structured post-quantum transition planning and the adoption of quantum-resilient and hybrid cryptography, with crypto agility as a core design principle.