Navigate the Post-Quantum Transition with Confidence

This FAQ explains what PQC is, why it matters now, and how your business can prepare, while also addressing key regulatory expectations and steps for building future-proof resilience.

What is quantum-safe or Post-Quantum Cryptography?

Quantum-safe or post-quantum cryptography refers to new families of encryption and digital signature algorithms designed to remain secure even when attackers have access to large-scale quantum computers. Security bodies such as NIST and national agencies in the US, UK and EU are now standardising these algorithms so that governments and industry can adopt them with confidence.

What is meant by the term Q-Day?

Q-day is the term used to describe the future point in time when quantum computers become powerful enough to break widely used public-key cryptographic algorithms, such as RSA and ECC. On Q-day, encrypted data protected by these traditional methods could be decrypted by adversaries with access to a sufficiently advanced quantum computer. This creates significant risks for any sensitive data that is currently being stored or transmitted using vulnerable encryption. Preparing for Q-day is a key driver behind the adoption of quantum-safe/Post-Quantum Cryptography, ensuring long-term protection of critical information.

What does "HNDL" and "TNFL" mean in this context?

Harvest Now, Decrypt Later (HNDL) refers to a strategy where attackers steal and store encrypted data today, with the intention of decrypting it in the future once quantum computers are powerful enough to break current encryption methods.

Trust Now, Forge Later (TNFL) refers to a risk scenario where digital signatures or authentication mechanisms that are trusted today could be forged in the future by attackers with access to quantum computers.

Why does Post-Quantum Cryptography matter to my business now?

Sensitive data stolen today can be stored and decrypted later once quantum capabilities mature, which means long-lived data (financial records, health information, IP, citizen data) is already at risk from "HNDL" attacks. Regulators and standards bodies are signalling that organisations are expected to start planning and migrating well before quantum computers are widely available, so waiting may translate into compliance gaps and higher remediation costs.

How does Post-Quantum Cryptography help with resilience and business continuity?

PQC ensures that critical services, customer channels, and digital supply chains remain secure as cryptographic standards evolve. A robust PQC programme includes cryptographic inventories, risk-based prioritisation, and crypto-agility (the ability to switch algorithms quickly), all of which strengthen operational resilience and business continuity.

What are regulators and standards bodies expecting?

Across jurisdictions, guidance now links quantum readiness to good cybersecurity risk management and "state of the art" encryption. Examples include NIS2 and its implementing regulations in Europe, sector rules such as DORA for financial services, and international roadmaps encouraging organisations to phase out vulnerable cryptography by the early-to-mid 2030s.

What should boards and executives be asking?

Boards and executives are expected to treat quantum risk as a strategic issue, not a purely technical one. Typical questions include:

• Where in our organisation is cryptography currently used to protect sensitive data, systems, and transactions?
• How long does our sensitive data need to remain confidential, and does it have a long "shelf life"?
• What is our current level of awareness and preparedness for quantum threats across the business?
• What is our roadmap for migrating to quantum-safe cryptography, and who is responsible for overseeing it?
• How are our critical suppliers and partners preparing for quantum risk, and are they aligned with our own plans?
• Are our existing budgets, resources, and controls sufficient to address PQC migration and ongoing compliance requirements?
• How are we keeping up to date with regulatory expectations (e.g., NIS2, DORA) and industry standards for quantum readiness?
• What would be the business impact if encrypted data or digital signatures were compromised after Q-day?

What practical steps can organisations take in the next 12–24 months?

Organisations should start with education and awareness, assessing the impacts associated with PQC risks, and building a strategic response. This will include compiling a cryptographic inventory, a quantum risk assessment and a high-level PQC roadmap aligned to existing cyber and resilience programmes. Engaging key vendors, updating encryption policies for crypto-agility and piloting PQC in low-risk environments are pragmatic early moves that demonstrate progress to regulators, customers and internal stakeholders.

What are the leading quantum-safe algorithms?

NIST has selected several PQC algorithms, such as CRYSTALS-Kyber (for encryption) and CRYSTALS-Dilithium (for digital signatures). These are being standardised and will replace or supplement current algorithms like RSA and ECC. Although, this is expected to change at pace, hence crypto-agility is key in any strategy.

Who should lead Post-Quantum Cryptography efforts in my organisation?

Responsibility typically sits with the CISO, CTO, or a dedicated cryptography lead, but PQC migration requires collaboration across leadership, IT, compliance, risk, and procurement teams.

Is Post-Quantum Cryptography only relevant for large enterprises?

No, any organisation handling sensitive or regulated data should be planning for PQC. SMEs are also at risk from quantum threats and may face regulatory requirements in the future.

The UK's National Cyber Security Centre (NCSC) has unveiled critical guidance outlining a comprehensive roadmap for organisations to migrate to post-quantum cryptography (PQC) by 2035. This strategic framework addresses the existential threat quantum computers pose to current encryption standards that underpin banking, communications, and sensitive data protection across every sector.

Three-Phase Migration Timeline

NCSC Chief Technical Officer Ollie Whitehouse emphasized that quantum computing will "revolutionise technology, but it also poses significant risks to current encryption methods". The guidance establishes three distinct phases:

• By 2028: Organisations must identify vulnerable cryptographic services and develop migration plans
• 2028-2031: Execute high-priority upgrades
• By 2035: Complete full PQC implementation across all systems

Building UK PQC Capability

To support this transition, the NCSC has launched a pilot scheme running until March 2027 to assure consultancy firms offering PQC discovery, assessment, and planning services. This initiative aims to build accessible expertise across the UK market, ensuring organizations can navigate what NCSC describes as a "multi-year effort spanning more than one investment cycle".

Key Resources:

• NCSC PQC Migration Timeline Guidance
• Official NCSC Announcement

European and UK organizations face mounting legal obligations to migrate to post-quantum cryptography (PQC) as data protection regulators formalize quantum threats within existing compliance frameworks. The UK's Information Commissioner's Office (ICO) has explicitly stated that organizations "should consider identifying and addressing quantum risks as part of their existing legal obligations to adapt to new and emerging cyber threats to personal information" under GDPR. This marks a critical shift from voluntary best practice to enforceable regulatory requirement.

DORA and NIS2 Mandate Crypto-Agility

The EU's Digital Operational Resilience Act (DORA), effective January 2025, requires over 21 financial entity types to develop formal cryptographic policies acknowledging quantum threats and implement "cryptographic agility mechanisms enabling rapid algorithm replacement". Financial institutions must maintain comprehensive cryptographic inventories and justify continued use of classical cryptography through annual residual risk assessments.

Similarly, NIS2's Implementing Regulation (EU) 2024/2690, effective November 2024, mandates that digital service providers including cloud, DNS, and data center operators align with international PQC standards and demonstrate cryptographic agility compliance.

GDPR and State-of-the-Art Security Obligations

The ICO warns that organizations must achieve "crypto agility" by keeping encryption under regular review and staying alert to vulnerabilities, noting that "at some stage in the next 10 years, PQC is likely to become an accepted and widely implemented norm in the future state of the art".

Under GDPR Article 32, organizations must employ security measures reflecting the "state of the art"—meaning failure to address quantum risks could constitute non-compliance. The ICO specifically requires breach notifications for "store now, decrypt later" (SNDL) attacks that expose personal information or mistakes implementing PQC that risk people's rights and freedoms.

Key Resources:

• ICO Quantum Technologies Guidance
• EU PQC Coordinated Roadmap

The Financial Services Information Sharing and Analysis Center (FS-ISAC) has published a critical white paper urging synchronized global action on post-quantum cryptography (PQC) migration across the banking sector. Released in September 2025, "The Timeline for Post-Quantum Cryptographic Migration" provides financial institutions with a strategic roadmap to combat quantum computing threats that could break current encryption protecting wire transfers, payment networks, and customer data.

Four-Phase Migration Framework

Developed with international experts from QSFF and CFDIR's Quantum-Readiness Working Group, the paper outlines a four-phase approach:

• Initiation: Securing executive buy-in and budget
• Discovery: Cryptographic asset inventory across all systems
• Deployment: Implementing PQC for high-risk systems by 2030
• Exit: Complete removal of quantum-vulnerable algorithms by 2035

Peter Bordow, FS-ISAC PQC Workgroup Chair and Wells Fargo's Managing Director of Quantum Security, called it "a critical first step forward for the global financial ecosystem".

Addressing "Crypto-Procrastination" Risk

The paper warns against "crypto-procrastination"—underestimating migration complexity and treating quantum threats as distant concerns. Banking's interconnected infrastructure creates massive dependencies on payment rails, cloud providers, core banking vendors, and third-party integrations that must all transition in sync.

FS-ISAC Chief Strategy Officer Mike Silverman emphasized that "sector coordination and proactive strategies" are essential to maintain trust and operational resilience.

Key Resources:

• FS-ISAC White Paper Download
• Official FS-ISAC Announcement
• FS-ISAC PQC Resources Hub

If you've attended a recent cybersecurity conference, you've probably heard something like this: "Step one—deploy a cryptographic discovery tool." It sounds sensible. It's also a recipe for chaos in most banks.

Here's the uncomfortable truth that tool vendors won't tell you: banking isn't a start-up. Your organisation operates within carefully constructed frameworks of policies, procedures, standards, and guidelines—and for very good reason. Duty segregation, regulatory compliance and risk governance exist because financial services handles other people's money and trust.

Before any discovery tool touches your infrastructure, ask yourself: Who has authorised this? Which systems can it scan? Who will see the results? What happens when it finds something alarming in a production environment at 3am?

This is why we advocate for what we call PQC Pre-Discovery—the essential groundwork before any scanning begins.

Pre-Discovery means proactively updating your cryptographic policies, standards, guidelines and procedures to address quantum risk. It means training the security, infrastructure and compliance teams who'll interpret discovery outputs and act on findings. It means establishing governance frameworks that ensure discoveries lead to decisions, not just dashboards.

Without this foundation, discovery becomes an expensive audit that generates alarming reports nobody is empowered to address.

The banks that will transition smoothly to post-quantum cryptography aren't those rushing to scan first. They're the ones building organisational readiness—so when discovery happens, it's purposeful, authorised and actionable.

Pre-Discovery isn't bureaucracy. It's how serious institutions prepare for serious change.

For the past quarter-century, cryptography has been the ultimate "commons" in enterprise IT. Like air conditioning or floor tiles, it simply existed—baked into products, included in subscriptions, rarely requiring its own budget line. When did your finance team last approve a cryptographic budget line item, let alone an enterprise-scale cryptography renewal programme?

This comfortable arrangement is about to end. Post-quantum cryptography transitions will require visible, accountable expenditure and shareholder communications. And here's where it gets interesting: how you account for that expenditure depends significantly on where you operate.

For US banks under GAAP:

Both cryptographic discovery and subsequent upgrades will likely flow through as expenses, hitting your P&L directly. No capitalisation to soften the blow across multiple years.

For European and international banks under IFRS:

You'll still expense discovery activities, but cryptographic upgrades may qualify as capital expenditure—particularly when framed as risk mitigation investments and capability enhancements.

This distinction matters enormously for planning. European banks have potential flexibility to treat quantum-ready infrastructure as a strategic asset. US banks face more immediate earnings impact. International banks can start in Europe and transfer valuable lessons to their US operations, deferring starts and reducing the present value of costs but still ending on time.

The regulatory direction is clear. DORA's Regulatory Technical Standard (Recital 9 and Article 6.4) explicitly requires financial entities to address "threats from quantum advancements" with cryptoagility. For European banks, PQC readiness isn't optional future-proofing—it's compliance today.

Start conversations with your CFO and CRO now. Map the accounting treatment. Build multi-year budget cases that reflect your jurisdiction's rules.

Quantum threats don't wait for budget cycles. Your planning shouldn't either.

Reference: DORA Regulatory Technical Standard

Let's play with an acronym.

In the cryptography world, PQC means "Post-Quantum Cryptography"—the new algorithms designed to resist attacks from future quantum computers. But here's the thing: those quantum computers can't yet break today's encryption. Which means everything we're doing right now isn't really "post" anything.

It's Pre Quantum Computing.

And if we're being honest about Pre Quantum Computing readiness, let's start with an uncomfortable question: have you actually finished the basics?

We still find TLS 1.0 and TLS 1.1 enabled on production banking systems—protocols deprecated years ago. Some organisations haven't even disabled SSL 3.0, which was broken in 2014. We encounter MD5 and SHA-1 still protecting data that really shouldn't be protected by algorithms with known collision vulnerabilities. We see RSA keys under 2048 bits—legacy technical debt hiding in plain sight.

This isn't exotic. This is cryptographic housekeeping that authoritative guidance has recommended since at least 2021. Four years on, it should be done.

So before we discuss quantum-resistant algorithms and crypto-agility roadmaps, perhaps we need a more fundamental conversation:

Are you ready for Post-Quantum Cryptography? Or are you still not ready for Pre-Quantum Computing?

One comes before the other. And it's not the one most vendors want to sell you.

References:

• NCSC: Using TLS to protect data
• Mozilla: SSL Configuration Generator

Quantum computers pose an existential threat to the encryption protecting your organization's most sensitive data—from financial transactions to customer records and intellectual property. Unlike incremental cyber risks, the quantum threat operates on a compressed timeline: adversaries are already harvesting encrypted data today through "store now, decrypt later" attacks, banking on future quantum capabilities to break current encryption standards. The UK NCSC and EU mandate PQC migration by 2035, but the 2025 Quantum Threat Timeline Report confirms the threat timeline has accelerated, with cryptographically relevant quantum computers projected as early as the 2030s.

Why This Is a Board-Level Issue

Post-quantum cryptography migration is not an IT project—it's a multi-year strategic transformation requiring executive sponsorship, cross-functional governance, and significant capital allocation. Financial industry executives interviewed for the Global Risk Institute's 2025 report confirmed that "clear directives from regulators would trigger immediate action," with regulatory timelines estimated between one to five years.

Under GDPR, DORA, and NIS2, organizations must maintain "state-of-the-art" security, meaning quantum-vulnerable cryptography increasingly represents legal liability. CISOs must build cryptographic agility—the organizational capability to rapidly swap algorithms without operational disruption—which demands governance frameworks, vendor management strategies, and continuous risk monitoring owned by the C-suite.

FAQ: Post-Quantum Cryptography for Executives

Q: What exactly is post-quantum cryptography?

PQC refers to new encryption algorithms designed to resist attacks from both classical and quantum computers. NIST finalized the first three PQC standards in 2024, replacing vulnerable algorithms like RSA and elliptic curve cryptography that quantum computers could break.

Q: When will quantum computers threaten our current encryption?

While experts debate exact timelines, the consensus points to the 2030s for cryptographically relevant quantum computers. However, the "harvest now, decrypt later" threat is immediate—adversaries collect encrypted data today to decrypt once quantum capabilities mature.

Q: What should our organization do first?

Begin with a cryptographic inventory: identify where encryption exists across applications, databases, networks, and third-party systems. Conduct a risk assessment prioritizing long-lived sensitive data, then develop a migration roadmap aligned with UK NCSC's 2028-2035 timeline.

Q: Is this just a CISO responsibility?

No. Successful PQC migration requires the CIO (infrastructure modernization), CTO (application refactoring), CFO (multi-year budget allocation), Chief Procurement Officer (vendor PQC roadmaps), and General Counsel (regulatory compliance). This is an enterprise-wide transformation program.

Q: What are the regulatory requirements?

The UK ICO explicitly requires organizations to address quantum risks under GDPR's security obligations. EU's DORA mandates financial institutions maintain cryptographic policies acknowledging quantum threats, while NIS2 requires cloud and digital infrastructure providers to demonstrate PQC alignment. Non-compliance risks enforcement action.

Q: How much will this cost?

Migration is a multi-year, multi-investment cycle effort spanning discovery, vendor remediation, system upgrades, and testing. Costs vary by organizational complexity, legacy system dependencies, and third-party vendor readiness. Budget for consulting assessments, tooling for automated cryptographic discovery, and phased implementation programs.

Key Resources:

• NIST Post-Quantum Cryptography Plain Language Guide
• CSA Practitioner's Guide to PQC
• Global Risk Institute Quantum Threat Timeline 2025

This groundbreaking 4-part series by Darren Bender introduces the "Post-Quantum Negligence" legal framework, analyzing how duty of care, foreseeability, and liability standards are evolving as quantum threats become quantifiable. The series applies established legal principles including Mosca's Theorem and the Learned Hand Formula to help organisations understand their documentation obligations and defensible positions.

The Series

Key Concepts

Mosca's Theorem

Darren applies Mosca's Theorem—a framework for understanding when organisations must begin PQC migration based on: (1) how long data must remain secure, (2) how long migration will take, and (3) when quantum computers will become cryptographically relevant. This mathematical framework transforms abstract quantum risk into quantifiable, legally defensible timelines.

The Learned Hand Formula

The classic negligence test (B < P × L) asks whether the burden of precaution is less than the probability of harm multiplied by the magnitude of loss. As quantum timelines compress and regulatory expectations crystallise, the "burden" of PQC preparation becomes increasingly reasonable—and failure to act increasingly difficult to defend.

Duty of Care in the Quantum Era

The series argues that duty of care obligations are evolving as quantum threats become:

• Foreseeable: Major security agencies have published timelines; NIST has standardised PQC algorithms
• Quantifiable: Mosca's Theorem provides a mathematical framework for risk assessment
• Actionable: Standards, tools, and methodologies for migration now exist

Connect with Darren Bender on LinkedIn for ongoing analysis of legal liability in the quantum era.

The industry standard approach starts with cryptographic discovery tools. ProteQC's Pre-Discovery™ methodology starts with your organisation. Here's why that distinction matters.