Why the EU Is Acting Now
Quantum computers capable of cracking today’s public‑key algorithms are no longer a distant threat. The European Commission sounded the alarm in Recommendation (EU) 2024/1101 on 11 April 2024, urging Member States to coordinate a migration to post‑quantum cryptography (PQC). . On 23 June 2025 the Commission released the Coordinated Implementation Roadmap for PQC, turning that advice into a concrete multi‑year plan that makes December 2030 the deadline for full adoption across critical infrastructure.
The timing reflects hard technical forecasts. Gartner estimates that advances in quantum hardware will render classical asymmetric crypto unsafe by 2029, exposing any data harvested today to retrospective decryption. With long‑lived assets—medical files, financial records, industrial IP—already being intercepted for “harvest‑now‑decrypt‑later” attacks, regulators see no buffer left.
Inside the 2030 Roadmap
The Roadmap divides the transition into three escalating phases:
By Dec 2025 – Inventory. Every operator of essential or important services must locate where RSA, ECC or other vulnerable schemes sit in software, hardware security modules (HSMs), certificates, IoT fleets and long‑term archives.
2026‑2027 – Hybrid pilots. Organisations must run production pilots that pair classical algorithms with PQC (e.g., X25519 + Kyber768) so performance, interoperability and compliance can be proven under fire.
By Dec 2030 – Complete migration. All new key exchanges and signatures protecting sensitive European data must rely exclusively on PQC algorithms approved by NIST or endorsed by ENISA.
Progress reports submitted every six months to ENISA will benchmark each Member State and expose laggards to public and regulatory pressure.
Regulatory tail‑winds
The Roadmap doesn’t stand alone. Two pieces of legislation already tighten the vice:
Digital Operational Resilience Act (DORA). In force since 17 January 2025, DORA obliges banks, insurers, payment firms and ICT suppliers to use “robust cryptographic controls” and to test them continuously.
NIS2 Directive. Effective from 14 October 2024, NIS2 extends mandatory security measures—including end‑to‑end encryption “where appropriate”—to energy, health, transport, digital infrastructure and 14 other sectors.
Auditors assessing DORA or NIS2 compliance will inevitably ask how an organisation’s crypto‑baseline aligns with the PQC roadmap; procrastination therefore translates into direct regulatory risk.
From Paper to Practice: Building Crypto‑Agility
Merely choosing a new algorithm is not enough. NIST’s CSWP 39 “Considerations for Achieving Crypto Agility” (March 2025) lays out three cornerstones: abstract APIs, upgradable firmware and disciplined key inventories. ENISA echoes that guidance, urging enterprises to start with hybrid cryptography—combining a conventional algorithm such as X25519 with a PQC scheme like Kyber—to smooth interoperability and rollback during the learning curve.
The standardisation pipeline is ready: NIST finalised FIPS 203 (Kyber) and 204 (Dilithium) in August 2024. Vendors reacted quickly; F5’s BIG‑IP 17.5 now offers the cipher‑group X25519_Kyber768Draft00 for TLS 1.3, while Commvault enabled “store‑now‑decrypt‑never” backups based on PQC in June 2025. These examples prove that migrating is feasible today—provided your infrastructure can swap algorithms without tearing down production.
The practical playbook therefore starts with:
Map and classify. Catalogue every certificate, firmware image and crypto library; label each by data‑sensitivity and lifespan.
Prioritise. Tackle high‑sensitivity, long‑retention workloads (e.g., health records) first.
Pilot hybrids. Deploy dual‑stack algorithms in non‑critical segments, measure latency and throughput, and adapt key‑management processes.
Automate rotation. Use crypto‑agile APIs so future upgrades—from Kyber768 to Kyber1024, for instance—are a firmware push, not a forklift.
Kryptus Differentials
Because PQC adoption is ultimately an engineering exercise, hardware, software and expertise must converge. Kryptus delivers all three:
| Solution | Key Capabilities | Value for Organisations |
|---|---|---|
| kNET HSM | Common Criteria EAL4+, & FIPS 140‑2 Lvl3; HSM prepared for PQC algorithms (ML-KEM and ML-DSA); PKCS#11, JCA Provider & KMIP APIs | Post-Quantum algorithms are NIST CAVP certified, ready for use. |
| KeyGuardian | Portable cryptocomputer with quantum True RNG, OTP, and PQC-ready engine | Secure mobility and critical credential protection for diplomatic and defence scenarios. |
| CommGuard | Tamper-resistant hardware; supports AES-256, SHA-512, and proprietary algorithms; PQC-ready; operates at Layer 2/3/4 with up to 10 Gbps full-duplex performance | Ensures secure, high-performance IP communication for headquarters, sites, and remote operations, aligning with EU security requirements. |
Next step: Talk to our specialists about Kryptus crypto‑agility solutions and prepare confidently for the 2030 PQC deadline.
A empresa é um dos destaques do pavilhão brasileiro comandado pela ABIMDE, onde apresenta soluções Leia mais
Por: Dr. Roberto Gallo In this short article, I continue to explain how HSMs deliver Leia mais