Post-Quantum Cryptography (PQC) Readiness in 2026

Key Takeaways

• Post-quantum cryptography readiness requires four core capabilities: Discovery, Planning with pilot execution, Continuous Intelligence, and Automation, together enabling true crypto-agility before the 2030 transition window.
• NIST finalized the first three PQC standards (FIPS 203, 204, 205) in August 2024 as part of the first round of algorithm research, giving organizations a concrete foundation to start migration. A second set of algorithms is in the validation phase currently.
• Attackers are already harvesting encrypted data today to decrypt later when CRQC- Cryptographically relevant quantum computers arrive, making this a present-day risk.
• Recent research from Google Quantum AI shows that the quantum resources required to break widely used cryptography are significantly lower than previously estimated, compressing already tight migration timelines.
• The G7, EU, U.S, India, and Australia have all set 2030–2035 as mandatory transition windows for critical systems to migrate to quantum-resistant cryptography.
• Transition happens in four phases: Discovery (6-12 months), Planning and Pilots (6-18 months), Intelligence and automation (through 2035).
• Crypto-agility is not the destination; it is a continuous operational state. In a post-quantum world, cryptographic transitions must happen through black-box, policy-driven automation, with no humans in the loop. One-time migration will not suffice as algorithms continue to evolve over the next 10–20 years.

The quantum computing era is arriving faster than most predicted. On January 8th, 2026, bipartisan legislation reauthorizing the National Quantum Initiative signaled a decisive shift from research to deployment. For enterprise leaders, this is not a distant technology trend to monitor. It is an immediate strategic imperative requiring board-level attention and resource allocation.

The core challenge is straightforward: quantum computers capable of breaking today’s encryption are approaching viability. The Cloud Security Alliance estimates that “Q-Day” (when a cryptographically relevant quantum computer (CRQC) can break RSA-2048) could arrive by 2030. Some industry leaders project even earlier timelines. IonQ has unveiled a roadmap targeting CRQC capabilities as early as 2028, with Google hinting at error-corrected quantum computing by 2029.

The 2026 pivot: From quantum research to operational deployment

The quantum ecosystem has shifted gears. Where 2025 focused on awareness through the International Year of Quantum Science and Technology, 2026 is the Year of Quantum Security, marking a move from research to operational deployment.

The ‘Year of Quantum Security’ was officially launched on January 12, 2026, in Washington, D.C., with participation from the FBI, CISA, and NIST. Federal agencies are now treating post-quantum cryptography as operational guidance rather than theoretical discussions from last year. This coordinated global effort centers on post-quantum cryptography, quantum resilience, and the responsible protection of quantum technologies.

The 2026 NQIRA legislation empowers key federal agencies to advance real-world quantum capabilities. NIST will establish multiple quantum centers focused on sensing, measurement, and engineering. NSF directs multidisciplinary research spanning from theoretical foundations to practical implementation. NASA has been formally added with authority to pursue quantum communications, quantum sensing, and space-based quantum technologies. OSTP leads the development of an international quantum cooperation strategy aligning U.S. efforts with trusted global partners.

This broader interagency engagement reflects an understanding that quantum advancement is multifaceted. The work centers on standards, infrastructure, workforce, and supply chains that make quantum capabilities usable and secure in the real world.

The global PQC compliance landscape and timelines

The quantum policy momentum extends well beyond U.S. borders. The G7 Cyber Expert Group, co-chaired by the U.S. Department of the Treasury and the Bank of England, recently issued a coordinated roadmap urging banks, insurers, exchanges, and regulators to accelerate PQC preparations. The roadmap outlines a six-phase framework spanning from early awareness and governance through execution, testing, and continuous validation.

Multiple international bodies have established concrete timelines:

Year	Aim
2030	U.S. requirement for TLS 1.3 support; European Union target for critical infrastructure migration; Australia’s full transition deadline
2032	G7’s recommended window for addressing the most critical systems
2035	Broad international consensus for completing PQC transition (U.S., UK, Japan, Canada, EU)

These are policy requirements, particularly for organizations serving government clients or operating critical infrastructure. The European Commission’s messaging is clear: start transitioning by the end of 2026, and complete protection of critical infrastructures no later than the end of 2030.

Understanding the quantum threat timeline

A Cryptographically Relevant Quantum Computer (CRQC) is a quantum computer powerful enough to break widely used public-key cryptography like RSA-2048 and elliptic curve cryptography. While no CRQC exists today, the timeline for their arrival is compressing faster than many anticipated.

Recent breakthroughs, most notably from Google Quantum AI, have significantly reduced the quantum resources required to break modern cryptography, compressing expected timelines for real-world risk. New research indicates that breaking widely used elliptic curve cryptography may require significantly fewer resources than previously estimated, potentially reducing requirements by an order of magnitude and enabling faster attack execution timelines on sufficiently advanced quantum systems. That represents a dramatic reduction from earlier estimates of 20 million qubits. According to research cited by Gartner, advances in quantum computing will make asymmetric cryptography unsafe by 2029 and fully breakable by 2034. Cloud Security Alliance estimates the Q-day to be in April 2030.

This fundamentally shifts the conversation from “if” quantum systems will break cryptography to “how soon existing systems become vulnerable.

Harvest Now, Decrypt Later (HNDL): Present-day post-quantum threat

The immediate concern is not when quantum computers will arrive but that the window to prepare is shrinking faster than expected. Recent research suggests that once sufficient quantum capability is achieved, certain cryptographic systems could be compromised in minutes, further reinforcing the urgency of addressing Harvest-Now, Decrypt-Later risks today.

It is that adversaries are already collecting encrypted data today, storing it until quantum capabilities mature enough to decrypt it. This attack strategy, known as “Harvest-Now, Decrypt-Later” (HNDL), makes the quantum threat a present-day risk rather than a future concern.

The Federal Reserve’s 2025 research paper confirms that HNDL represents a present-day risk. Data encrypted today with vulnerable algorithms may be readable in 5-10 years. This is particularly alarming for information that is valuable, sensitive, and has a long shelf life: personal information, financial transactions, intellectual property, healthcare records, and state secrets that may need to remain confidential for years or decades.

As the Harvard Business Review explains, unlike the Y2K threat, which had a known fixed deadline, the quantum threat is retroactive. The damage from data stolen today will be realized years from now, making inaction a failure of risk management.

Implement the NIST PQC frameworks

After running a competition since 2016, NIST announced three finalized PQC standards on August 13, 2024. These standards specify key establishment and digital signature schemes designed to resist future attacks by quantum computers. In March 2025, NIST also selected HQC as an additional backup algorithm for key encapsulation.

Table: NIST Post-Quantum Cryptography Standards

Standard	Algorithm	Use Case	Replaces
FIPS 203	Kyber (ML-KEM)	Key Encapsulation	RSA, ECDH
FIPS 204	Dilithium (ML-DSA)	Digital Signatures	RSA, ECDSA
FIPS 205	SPHINCS+ (SLH-DSA)	Digital Signatures (backup)	Hash-based alternative
FIPS 206 (Draft)	FALCON (FN-DSA)	Digital Signatures	Smaller signatures

 

These standards replace vulnerable asymmetric cryptography. Symmetric encryption (AES-256) and hashing (SHA-2, SHA-3) are considered quantum-resistant and do not require replacement for PQC purposes. Organizations should focus their migration efforts on public-key cryptography.

Pillar 1: Discovery – Solving the Cryptographic Visibility Gap

Cryptography exists throughout the enterprise: network traffic, application code, hardware security modules, certificate stores, key management systems, cloud services, IoT devices, legacy applications, build systems, mobile apps, and containerized workloads. Organizations often discover cryptographic implementations in forgotten applications, legacy systems, embedded devices with hardcoded keys, and shadow IT deployments.
Before migrating to PQC, organizations must identify what cryptography they currently use and where. According to CISA’s strategy document, automated cryptography discovery and inventory tools are essential prerequisites for PQC transition.

Discovery as an ongoing program

The NIST NCCoE Migration to PQC Project emphasizes that cryptographic discovery should be viewed as a long-term, perhaps permanent program rather than a one-time project. Migration is an ongoing process of cryptographic agility requiring continuous monitoring and inventory management. New PQC algorithms are expected to be published over the next 10-20 years.

Discovery alone can take 12-24 months for large enterprises. When you add planning, vendor dependencies, testing requirements, and execution, organizations starting in 2026 will have adequate runway to meet 2030 deprecation timelines. Those waiting until 2028 or later face compressed, high-risk transitions. Discovery is the first gate to PQC readiness. Without it, organizations cannot prioritize risk, plan migration, or measure progress.

Pillar 2: Planning with Pilot – From Inventory to Execution

Once discovery is complete, organizations must transition from visibility to execution. Planning must include real-world pilot deployments:

• Identifying high-risk systems (external TLS, identity, APIs)
• Running hybrid PQC deployments (ML-KEM with classical cryptography)
• Validating performance, compatibility, and operational constraints
• Aligning vendor and infrastructure readiness

Pilot-driven planning reduces uncertainty and prevents large-scale migration failures.

Pillar 3: Intelligence – Continuous Risk and Crypto Awareness

PQC is not a one-time migration problem, it is an evolving risk landscape. Organizations require continuous intelligence into:

• Cryptographic exposure and vulnerable algorithms
• System-level risk tied to HNDL
• Vendor readiness and third-party dependencies
• Emerging research signals, including findings from organizations like Google Quantum AI

Without intelligence, discovery becomes stale, planning becomes outdated, and migration becomes reactive.

Pillar 4: Automation – The Engine Behind Crypto-Agility

Automation is what transforms PQC readiness from strategy into execution. Without automation, organizations cannot manage hybrid cryptography, shortened certificate lifecycles, or rapid algorithm transitions at scale.

PQC represents more than a migration. It is the first large-scale test of crypto-agility: the ability to upgrade cryptographic algorithms, key types, and policy safely, primarily through configuration and standard interfaces, without redesigning every application.

As the World Economic Forum notes, the migration to quantum safety is not just a challenge but an opportunity. Early adoption can strengthen an organization’s leadership, trust posture, and client confidence. Organizations increasingly expect their partners to include quantum-safe migration plans within their technology roadmaps as a condition for maintaining long-term relationships.

Crypto-agility becomes achievable when all four pillars are operational:

1. Central control of cryptographic policy and key lifecycle, ensuring standards, rotation, and audit are consistent.
2. Stable interfaces for applications, so crypto choices are not hard-wired into each system.

Organizations that build crypto-agility first will find that PQC becomes a managed rollout rather than a one-time scramble. They will also be better prepared for future algorithm updates, newly discovered weaknesses, and shifting expectations across regulators and industry bodies.

Discovery provides visibility. Planning with a pilot enables safe execution. Intelligence keeps decisions current. Automation delivers scale and speed. Together, they transform PQC from a one-time migration into a continuous operational capability.

The 2026 PQC Readiness Execution Plan

Based on guidance from NIST, the G7 Cyber Expert Group, and industry practitioners, organizations should approach PQC migration in three phases. This structure balances immediate risk reduction with long-term comprehensive transition.

Phase 1: Build your cryptographic inventory Q1-Q2 2026 (6-12 months)

Deploy discovery tools combining both passive (network monitoring, certificate lifecycle management integration) and active (code scanning, CBOM generation) approaches. Map critical systems, sensitive data, and communication protocols. Identify third-party dependencies and vendor roadmaps. Establish a governance framework with executive sponsorship.

As the ISACA playbook recommends, stand up a crypto transition working group that includes security architecture, PKI owners, identity, networking, DevOps, and compliance. Give it an executive sponsor and add a risk register entry labeled “Quantum Risk.” Classify data requiring 10+ years of confidentiality for early protection.

• Stand up a crypto transition working group with executive sponsorship
• Add “Quantum Risk” to your enterprise risk register
• Begin a comprehensive cryptographic inventory across all environments
• Classify data requiring 10+ years of confidentiality for early protection

Phase 2: Migrate TLS and SSH key exchanges Q3-Q4 2026 (6-18 months)

Address Harvest-Now, Decrypt-Later threats to critical systems. Upgrade to TLS 1.3 and enable PQC key exchanges using ML-KEM. This phase provides immediate protection with relatively straightforward implementation, largely through software and configuration upgrades.

The infrastructure readiness is encouraging. According to Cloudflare’s research, the majority of top websites already support TLS 1.3 (required for PQC key exchanges), and hybrid PQC adoption is accelerating rapidly. Upgrading an OpenSSH server to use PQC for key exchange is typically a software upgrade. Once upgraded, communication is protected against HNDL risks.

Hybrid approaches combining classical and post-quantum algorithms will dominate enterprise implementations in 2026. This pragmatic strategy provides defense-in-depth while allowing organizations to maintain operations with current and legacy systems.

• Pilot hybrid key exchange (ML-KEM + ECDHE) on non-critical systems
• Test PQC certificates for interoperability and performance
• Update procurement requirements to mandate PQC support and crypto-agility
• Develop IoT/OT strategy for constrained devices with long lifetimes

Phase 3: Migrate signatures and complete transition (2026-2035)

Complete the transition to PQC-compliant cryptography. Migrate digital signatures to ML-DSA, replace RSA/ECDSA authentication credentials, update APIs and application code, coordinate with vendors for third-party software updates, and implement hybrid approaches during transition. This phase requires code changes, hardware updates, vendor coordination, extensive testing, and, at times, architectural modifications.

As recent research demonstrates, the pace of quantum advancement is accelerating. Organizations must assume timelines will continue to compress and build systems that can continuously adapt.

Accelerate PQC readiness with AVX

AppViewX provides comprehensive capabilities for enterprises managing certificates and cryptographic assets across complex, hybrid environments.The AVX platform aligns directly to the four pillars of PQC readiness, Discovery, Planning, Intelligence, and Automation enabling organizations to achieve crypto-agility at scale.

1. Cryptographic discovery and inventory

   AppViewX provides both passive and active discovery capabilities with integration across PKI systems, application-level discovery, multi-cloud and hybrid environment coverage, and Cryptographic Bill of Materials (CBOM) generation. The platform provides unified visibility across your cryptographic estate, which is the essential first step identified by every regulatory roadmap.

2. Automated lifecycle management at scale

   AppViewX automates certificate discovery and enrollment, renewal workflows, installation and deployment, monitoring and alerting, and revocation and replacement. This automation becomes necessary as organizations manage both classical and PQC cryptography with different rotation requirements.

3. Policy based cryptographic governance

   AppViewX enables centralized policy definition and enforcement for algorithm policies, key length requirements, certificate template standardization, compliance reporting mapped to PQC migration phases, and role-based access control. These policies can evolve from identifying vulnerable cryptography to enforcing PQC-compliant algorithms as your transition progresses.

4. PQC testing and readiness assessment

   The AppViewX PQC Test Center enables organizations to assess their PQC readiness and begin testing quantum-safe certificates before integrating them into production environments. Users can set up their own hosted Quantum-Safe PKI hierarchy and generate PQC-ready certificates and keys to test compatibility.

The AVX PQC Assessment Tool scans code, dependencies, configurations, and certificates to automatically generate a CBOM in industry-standard CycloneDX format and a PQC readiness score that highlights vulnerabilities for a smooth, secure transition to quantum-safe cryptography.

Ready to assess your PQC readiness? Request a demo to see how AppViewX delivers the visibility, automation, and crypto-agility your security strategy demands. Or explore the Quantum Trust Hub to begin your cryptographic assessment today.