Get Involved
Strategic Migration & Operational Readiness

Transitioning from theoretical risk to mandatory compliance.

Level 2: Strategic Migration & Operational Readiness
In a nutshell

In 2026, post-quantum cryptography (PQC) is no longer a future roadmap item—it is a current operational requirement. For security specialists, this represents a fundamental re-engineering of the trust foundations across IT, OT, and supply chains. With a realistic migration window of 5–10 years, the work of cryptographic inventorying and architectural modernisation must begin now to meet upcoming EU mandates.

Core Pillars of the PQC Transition

The shift to quantum-resistant infrastructure is driven by a combination of tightening legal requirements, emerging technical vulnerabilities, and the immediate need to protect long-term data integrity.
1

Regulatory Imperatives

Compliance with NIS2, DORA, and the Cyber Resilience Act (CRA) now requires proof of cryptographic posture and supply chain oversight. PQC readiness is becoming a mandatory component of business continuity.
2

The "Pinnacle" Threat

Recent 2026 research into the Pinnacle architecture suggests that the timeline for breaking classical encryption may be shorter than previously estimated. This narrows the window for an orderly, non-disruptive migration.
3

Harvest Now, Decrypt Later (HNDL)

Protecting long-lived data (financial records, legal archives, and digital identities) is an immediate priority. Confidential data captured today remains vulnerable to future quantum decryption.

Strategic Objectives with POSEIDON

The POSEIDON project works on providing the technical tools and roadmaps to facilitate this transition. We focus on:

Hybrid Deployment

Implementing PQC + Classical solutions to maintain security during the transition.

Crypto-Agility

Designing infrastructure that allows for rapid algorithm updates without systemic downtime.

Phased Roadmaps

Aligning with the European Commission’s milestones for full migration by 2030 (critical sectors) and 2035 (all other sectors).

Learn more

Read the Full Strategic Article

Discover how new EU regulations and recent quantum research are shaping the future of cybersecurity, and explore the technical strategies required to secure your organisation.
Read the Full Strategic Article
Post‑Quantum Migration: Strategic Imperatives in the 2026–2035 Horizon
April 10, 2026

Is this for you?

This guide is specifically tailored for IT managers, security specialists, and compliance officers. It focuses on the "How" of the transition: from conducting cryptographic inventories to meeting European regulatory mandates. If your role involves risk management, infrastructure planning, or ensuring your organisation meets new cybersecurity standards, this article provides the strategic roadmap you need.

Expert Escalation

If you are a cryptographer, a senior developer, or a security architect who needs to examine the underlying mathematics, specific FIPS-standardised algorithms, and low-level implementation details, our advanced resources offer the technical rigour you require.
Go to Level 3: Advanced Expert Guide

Resources

Deepening your knowledge

If you are interested in deepening your knowledge of the topics covered at this level, we have gathered a collection of curated external resources—including official standards, research papers, and educational guides—to support your journey.

NIST NCCoE: Migration to Post-Quantum Cryptography (FAQs & background) — Web guide
Practical migration framing (what to inventory, how to think about change).
https://pages.nist.gov/nccoe-migration-post-quantum-cryptography/
CISA: Strategy for migrating to automated PQC discovery & inventory tools — Web resource
Focuses on building cryptography discovery/inventory as a foundation for migration.
https://www.cisa.gov/resources-tools/resources/strategy-migrating-automated-post-quantum-cryptography-discovery-and-inventory-tools
CISA: Post-Quantum Cryptography Initiative — News
Useful pointers and links for organisational readiness planning.
https://www.cisa.gov/quantum
DevTalk Episode 02: Post-Quantum Cryptography (Cloudflare) — Video (interview/talk)
Practical view from Cloudflare’s PQC work: deployment challenges, standards, and timelines.
https://www.youtube.com/watch?v=RmF05GpLE20
Secure your future: Upgrade to post-quantum cryptography … (Cloudflare) — Video (panel/interview)
What a phased PQC rollout can look like and why hybrid approaches are used during transition.
https://www.youtube.com/watch?v=L_pXbvL_0Vk
AWS re:Inforce 2025 — Post-quantum cryptography demystified … (AWS) — Video (conference session)
How large-scale services think about PQC readiness and operational migration.
https://www.youtube.com/watch?v=SG9ndQWH8S4
Transitioning organisations to post-quantum cryptography (Joseph et al., 2022) — Journal article
Organisational and technical challenges of PQC transition.
https://www.quintessencelabs.com/hubfs/2022-05-11_Nature_Transitioning%20organizations%20to%20post-quantum%20cryptography%20(1).pdf

European Commission: Coordinated Implementation Roadmap (PQC transition) — Document/library item
High-level EU-oriented roadmap for rolling out PQC.
https://digital-strategy.ec.europa.eu/en/library/coordinated-implementation-roadmap-transition-post-quantum-cryptography
AIVD/NL NCSC/CWI: Prepare for the Impact of Quantum Computers — PDF report
Dutch government-backed guidance on preparing for quantum impact and mitigation steps.
https://english.aivd.nl/publications/publications/2022/01/18/prepare-for-the-threat-of-quantumcomputers
BSI: Quantum-safe cryptography (brochure) — PDF brochure
German federal guidance: fundamentals, current developments, recommendations.
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Brochure/quantum-safe-cryptography.pdf?__blob=publicationFile&v=4
Post-Quantum Use In Protocols (pquip) group — Index page
IETF working group trying to give some guidance best practices for transition to post quantum cryptography in the context of other IETF working groups.
https://datatracker.ietf.org/wg/pquip/documents/
Guidance for migration to Post-Quantum Cryptography — Internet draft
Internet protocol related guidance to post quantum cryptography.
https://www.ietf.org/archive/id/draft-kwiatkowski-pquip-pqc-migration-00.html
Commission Recommendation on a Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography (EU, 2024-04) — Official document
EU-level recommendation outlining a coordinated and phased transition to post-quantum cryptography.
https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=OJ:L_202401101
Securing Tomorrow Today: Transitioning to Post-Quantum Cryptography (EU Agencies, 2024-11) — Joint statement
Joint EU agency perspective on urgency, principles and coordination of PQC migration.
https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Crypto/PQC-joint-statement.pdf?__blob=publicationFile&v=5
Prioritising post-quantum cryptography migration activities in financial services (Europol, 2026-01) — Report
Sector-specific guidance on PQC migration priorities for financial services.
https://www.europol.europa.eu/publications-events/publications/prioritising-post-quantum-cryptography-migration-activities-in-financial-services
Views on the Post-Quantum Cryptography transition (ANSSI, 2022 with 2023 follow-up) — Position paper
French national cybersecurity authority’s view on PQC risks, timelines and transition strategy.
https://messervices.cyber.gouv.fr/documents-guides/follow_up_position_paper_on_post_quantum_cryptography.pdf
Timelines for migration to post-quantum cryptography (NCSC UK) — Guidance
UK guidance outlining indicative timelines and planning assumptions for PQC migration.
https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
Canadian guidance on post-quantum cryptography algorithms — Guidance
National recommendations on algorithm selection and readiness considerations.
https://www.cyber.gc.ca/en/guidance/roadmap-migration-post-quantum-cryptography-government-canada-itsm40001
The PQC Migration Handbook (TNO, December 2024) — Handbook
Practical, implementation-oriented guidance for planning and executing PQC migration.
https://publications.tno.nl/publication/34643386/fXcPVHsX/TNO-2024-pqc-en.pdf
Quantum Threat Timeline Report (Global Risk Institute, 2024) — Report
Analysis of plausible timelines for quantum-enabled threats to cryptography.
https://globalriskinstitute.org/publications/quantum-threat-timeline-report-2024/
Transition to a Quantum-Secure Economy (World Economic Forum, 2022) — White paper
Strategic overview of economic and security implications of quantum computing risks.
https://www.weforum.org/publications/transitioning-to-a-quantum-secure-economy/
Radar 2025 of Post-Quantum Migration Solutions (Wavestone) — Industry report
Comparative overview of post-quantum migration approaches and solution landscape.
https://www.riskinsight-wavestone.com/en/2025/01/2025-radar-of-post-quantum-safety-solutions/

EUDI Wallet: Architecture and Reference Framework (GitHub repo) — Technical documentation repo
The shared EU work area for Wallet architecture/specs and related material.
https://github.com/eu-digital-identity-wallet/eudi-doc-architecture-and-reference-framework
EUDI Wallet ARF (rendered docs) — Technical documentation site
The same ARF content in a readable, versioned documentation format.
https://eu-digital-identity-wallet.github.io/eudi-doc-architecture-and-reference-framework/2.4.0/architecture-and-reference-framework-main/
ENISA: Digital Identity Standards (publication page) — Article/publication
How standards support EU digital identity and trust services (overview + downloads).
https://www.enisa.europa.eu/publications/digital-identity-standards
EUR-Lex: Summary of the European Digital Identity Framework — Official summary
Short explainer of what the EU framework aims to do and how it fits together.
https://eur-lex.europa.eu/EN/legal-content/summary/the-establishment-of-the-european-digital-identity-framework-including-the-provision-of-european-digital-identity-wallets-and-trust-services.html
PQC at the European Telecommunications Standards Institute (ETSI) — Video (presentation)
ETSI’s role in PQC/quantum-safe standardisation and how it connects to protocols and industry.
https://www.youtube.com/watch?v=GSdxtybjYVw
ETSI Security Conference 2024 — Day 2 (ETSI) — Video (conference recording)
Includes quantum-safe crypto discussion in an applied standards/industry context
https://www.youtube.com/watch?v=gTWrhxfp1YI

NCSC – Cyber chiefs unveil new roadmap for post-quantum cryptography migration
https://www.ncsc.gov.uk/news/pqc-migration-roadmap-unveiled
DEF CON 33 - Post Quantum Panic: When Will the Cracking Begin, & Can We Detect it? - K Karagiannis
https://youtu.be/OkVYJx1iLNs?si=ecBjB-PFpVQFLFqM
Why Human Agency Matters in the Quantum Age? | Mirosław Sopek | TEDxUniversity of Lodz
https://youtu.be/LeyFEBSOp-0?si=Is3Ekh8y_v-QsS3O

Beginner

Back to Level 1: Post-Quantum Foundations

For users new to PQC or wanting a high-level overview.

Expert

Go to Level 3: Cryptographic Foundations & Security Analysis

For those seeking research outputs, standards, or advanced material.

Get involved

Join the POSEIDON Community

Collaborate to strengthen the security and safety of Europe’s digital identities.

Application form

Privacy*
Newsletter
POSEIDON Logo
Securing European Digital Identities with Post-Quantum Solutions

contact@poseidon-pqc.eu

Cookies & Privacy Policies Funded by the European Union
Copyright © 2026. All rights reserved.
Navigation
Home About Activities Knowledge Contact

Subscribe to our newsletter

Stay informed by following us on LinkedIn and subscribing to our newsletter.
Privacy*