The roadmap consists of three key phases: identifying cryptographic services requiring upgrades by 2028, executing high-priority updates between 2028 and 2031, and completing the full migration by 2035. The guidance highlights that sectors heavily reliant on encryption, such as finance and telecommunications, must begin transitioning sooner due to global interoperability needs. Meanwhile, industries with complex operational technology infrastructure will require extensive planning to integrate PQC into their systems.
Quantum computing’s ability to break current encryption algorithms makes proactive migration crucial. Organizations are encouraged to assess their cryptographic dependencies, map out vulnerabilities, and develop structured upgrade plans. The NCSC also acknowledges challenges in securing WebPKI certificates and industrial control systems, which require further technological advancements to support PQC integration.
Security experts stress that adopting cryptographic agility—where systems can support both traditional and quantum-resistant encryption during migration—is essential for a smooth transition. Regular testing, risk assessments, and collaboration with industry stakeholders will be critical in adapting to the evolving cryptographic landscape.
The transition to PQC is inevitable, and organizations must act now to prevent future security gaps. As part of its efforts, the NCSC is launching pilot programs to support businesses and regulators in assessing their cryptographic infrastructure and preparing for this industry-wide shift.
Source: Industrial Cyber
The European Cyber Intelligence Forum is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.