The most important sentence in the European post-quantum roadmap is not a cryptographic one. It is a governance deadline: all EU Member States should start transitioning to post-quantum cryptography by the end of 2026, while critical infrastructure should move high-risk protection as soon as possible and no later than the end of 2030.
That changes the board conversation. Post-quantum cryptography is no longer only a standards topic or a research watch item. For organisations in or selling into the EU, it is becoming an evidence programme that needs owners, asset discovery, supplier requirements, pilot scope, and risk acceptance before the engineering migration is complete.
What changed
On 23 June 2025, EU Member States, supported by the Commission, issued a coordinated implementation roadmap for the transition to PQC. The roadmap follows the Commission recommendation from April 2024 and is designed to synchronise national transition activity rather than leave every sector to invent its own timeline.
The operational message is direct: begin the transition by the end of 2026. For critical infrastructure, the roadmap points to a faster path, with high-risk use cases moving to PQC as soon as possible and by the end of 2030 at the latest. That does not mean every certificate, device, and protocol will be post-quantum by 2026. It means the organisation should already be able to show a credible transition motion.
Why this lands inside NIS2 and DORA work
NIS2 and DORA teams are already building risk registers, supplier controls, incident processes, and resilience evidence. PQC belongs in that same machinery. It touches cryptographic asset inventories, identity infrastructure, software-update signing, VPNs, cloud connectivity, PKI, backup encryption, service meshes, and regulated data flows.
A useful 2026 deliverable is therefore not a glossy “quantum-safe” claim. It is a pack of evidence: where public-key cryptography is used, which systems protect data with long confidentiality lifetimes, which suppliers have PQC roadmaps, which pilots are planned, and which risk owners have accepted remaining exposure.
The first practical questions
- Which data still matters in 2030 and beyond? Prioritise retained personal data, regulated records, critical operating data, intellectual property, and long-term contracts.
- Which services depend on RSA, ECDH, ECDSA, or EdDSA? Discovery should include public TLS, internal TLS, SSH, VPN, S/MIME, signing pipelines, HSM policies, device firmware, and embedded systems.
- Which suppliers control the upgrade path? PQC readiness often depends on TLS stacks, identity platforms, cloud services, HSM firmware, endpoint clients, and appliance vendors.
- Where will hybrid modes be tested first? A narrow pilot on representative traffic teaches more than a paper policy that never reaches production.
The language matters
For public communication and procurement records, avoid overclaiming. Use evidence-led wording: standards-aligned, roadmap-ready, hybrid migration, cryptographic inventory, and post-quantum readiness. Those phrases are less dramatic than “future-proof”, but they survive audit review.
Further reading: the European Commission coordinated PQC roadmap, the Commission press release, and the UK NCSC migration timeline.