Insider Brief
- Governments have set clear timelines to phase out RSA and ECC, with full migration to post-quantum cryptography expected by 2035.
- These requirements extend beyond public sector systems to contractors and industries handling regulated or sensitive data.
- The transition is complex and multi-year, requiring early planning, system audits, and coordination across infrastructure and vendors.
Governments are establishing timelines for the transition to post-quantum cryptography, with requirements extending beyond public sector organizations. These timelines apply to federal agencies, contractors, and sectors handling regulated or sensitive data.
NIST guidance indicates that quantum-vulnerable algorithms will be deprecated by 2030 and disallowed by 2035. The NSA requires national security systems to adopt quantum-resistant cryptography for new acquisitions starting in 2027. The European Union has outlined similar timelines, particularly for critical infrastructure.
NIST Migration Timeline
In November 2024, NIST published IR 8547 (Initial Public Draft), Transition to Post-Quantum Cryptography Standards, outlining a phased transition away from RSA, ECC, and related algorithms.
- By 2030 – Algorithms providing 112-bit security, including RSA-2048 and ECC P-256, are designated for deprecation. These algorithms are no longer suitable for new deployments, though existing systems may continue operating during migration.
- By 2035 – Quantum-vulnerable algorithms are expected to be fully phased out. Federal systems conforming to NIST and FIPS guidelines are expected to operate exclusively on post-quantum cryptographic standards, in line with National Security Memorandum 10.
The guidance extends in practice to organizations handling federal data, federal contractors, and entities operating in regulated environments. Industry analyses suggest migration efforts may need to begin several years in advance to meet these timelines.
NSA Requirements (CNSA 2.0)
The NSA’s Commercial National Security Algorithm Suite 2.0, originally published in 2022 and most recently updated in May 2025, defines requirements for systems processing classified or sensitive government information.
- By 2027 – New systems and acquisitions must support quantum-resistant cryptography. Software and firmware signing face exclusive-use requirements from January 1, 2027.
- By 2030 – Legacy equipment unable to support CNSA 2.0 must complete transition. Networking equipment must move to exclusive use of CNSA 2.0 algorithms.
- By 2031 – CNSA 2.0 use becomes mandatory across covered categories unless explicitly excepted.
- By 2033 – Operating systems, custom applications, and cloud services must reach exclusive use of CNSA 2.0.
- By 2035 – Full quantum resistance is required across all National Security Systems, in alignment with NSM-10.
The NSA specifies ML-KEM-1024 for key establishment and ML-DSA-87 for digital signatures, alongside AES-256 and SHA-384/512 for symmetric cryptography and hashing. These requirements extend across the defense supply chain, affecting contractors and vendors providing hardware, software, or services to government systems.
European Union Roadmap
In June 2025, the European Union published a coordinated post-quantum cryptography roadmap, developed by the NIS Cooperation Group in response to the European Commission’s April 2024 Recommendation.
- By the end of 2026 – Member states are expected to publish national PQC strategies, initiate cryptographic inventories, dependency maps, and launch pilot projects for high-and medium-risk use cases.
- By the end of 2030 – Critical infrastructures are expected to have transitioned to post-quantum cryptography for high-risk use cases.
- By the end of 2035 – Migration of medium-risk use cases is expected to be completed, with hybrid or fully standardized PQC deployed across as many systems as technically and economically feasible.
The Cyber Resilience Act introduces requirements for cryptographic agility, requiring systems to support updates to cryptographic mechanisms over time. Adjacent frameworks, including NIS2 and DORA, reinforce regulatory pressure across critical infrastructure and the financial sector, even where they do not directly mandate post-quantum adoption.
U.S. Federal Requirements
The Quantum Computing Cybersecurity Preparedness Act requires federal agencies to maintain inventories of cryptographic systems vulnerable to quantum attacks, develop migration plans prioritizing long-lived sensitive data, report progress regularly, and complete migration in alignment with federal timelines.
Migration costs have been estimated in the billions of dollars, reflecting the scale and complexity of updating federal systems.
Implications for Private Sector Organizations
Organizations working with government agencies or critical infrastructure are directly affected by these requirements. Compliance is often necessary for maintaining contracts and participating in regulated sectors.
Industries such as finance, healthcare, telecommunications, and energy may face increasing regulatory and operational pressure to adopt post-quantum cryptography. Supply chain requirements are also evolving, with vendors expected to demonstrate readiness for post-quantum standards.
Data with long confidentiality requirements, including healthcare records, financial data, and intellectual property, may be exposed to long-term risks associated with delayed decryption capabilities.
Why Timing Matters
Cryptographic migration is a multi-year process. Identifying dependencies, updating systems, coordinating with vendors, and validating implementations requires sustained effort across large and complex infrastructures.
Recent research has reduced estimated quantum resource requirements for breaking RSA-2048 from tens of millions of qubits to under one million under certain assumptions. These projections depend on advances in error correction and system design, which remain under active development.
Government timelines reflect both the expected pace of technological progress and the time required to complete migration efforts. Organizations that begin early have greater flexibility in planning and implementation, while delayed efforts may face constraints related to cost, vendor availability, and compliance deadlines.
Initial Steps in Migration
Early stages of migration focus on visibility and prioritization. Key activities include identifying cryptographic use across systems and infrastructure, mapping dependencies in certificates, key exchange, and authentication, evaluating vendor readiness and product support, and prioritizing systems based on data sensitivity and operational impact.
Large organizations may require extended timeframes to complete initial discovery due to system complexity and legacy dependencies. According to NIST guidance, understanding current cryptographic deployments is essential before migration can begin.
Closing Observations
Post-quantum cryptographic standards have been defined, and regulatory timelines are in place. Adoption is progressing across government systems, infrastructure providers, and technology platforms.
The transition from classical to quantum-resistant cryptography is underway, with implementation timelines influenced by both technical and regulatory factors.
Partner with the Year of Quantum Security 2026
This article is part of The Year of Quantum Security 2026 – a year-long editorial and convening initiative produced by The Quantum Insider, covering post-quantum readiness, quantum resilience, and responsible adoption.
Organizations supporting YQS2026 – post-quantum vendors, cybersecurity providers, telcos, and critical infrastructure operators – gain year-long editorial visibility across TQI, direct access to CISOs and policymakers, and category-leadership positioning at a pivotal moment in the security transition.
Founding Partner, Global Strategic, Program Partner, and Supporting Partner tiers are open for 2026.
→ Book a 20-minute briefing with Luke Preskey, CRO
QuantumSecurity2026.org | #YQS2026
