Post-quantum cryptography in 2026

Post-quantum cryptography (PQC) is no longer a niche concern for mathematicians, standards bodies, or defence specialists. 

In 2026, it is becoming a mainstream board issue because the standards baseline now exists, migration expectations are hardening across several jurisdictions, and the practical work of discovering and replacing vulnerable cryptographic dependencies will take years, not months. 

The Time to Act is Now 

For UK and European organisations, the central issue is not dramatic speculation about “Q-Day.” It is the long lead time required to change cryptography that is deeply embedded in certificate hierarchies, VPNs, machine identity, software-signing pipelines, firmware updates, cloud platforms, telecoms infrastructure and industrial environments. The NCSC has been clear on this point: organisations should be planning now, with discovery and planning by 2028, priority migration by 2031, and completion by 2035. It has also moved beyond high-level warning into practical advice, recommending ML-KEM-768 and ML-DSA-65 for most typical use cases, while noting that hash-based signatures may be particularly useful for software and firmware signing. 

Driving a Coordinated Leap into the Quantum Era 

What makes this especially important in the UK and Europe is that cryptography is not just an internal IT dependency; it is a shared dependency across interconnected markets and public services. European organisations do not operate in isolation. Banks, telecom operators, cloud providers, software vendors, digital public services, and critical infrastructure operators all rely on one another’s trust models, certificates, protocols, and supply chains. That is why the European Commission and the NIS Cooperation Group have pushed a coordinated implementation roadmap for PQC: the risk is not only weak cryptography, but a fragmented transition that breaks interoperability or leaves critical sectors moving at different speeds.

Harvest Now, Decrypt Later Attacks 

The threat driver is equally clear. The risk is not that a large-scale fault-tolerant quantum computer is publicly known to exist today. The risk is that capable adversaries can collect encrypted data now and retain it for future decryption. For organisations holding sensitive data with a long shelf life, that is already a strategic problem. Government communications, legal material, M&A data, trade secrets, pharmaceutical research, industrial intellectual property, long-retention customer records, and software or firmware trust chains all fall into this category. In practice, PQC is therefore not only about future confidentiality; it is also about preserving authenticity and trust in digital signatures, signed updates and cryptographic roots of trust. 

Growing Geopolitical Pressure on Cyber Resilience 

The geopolitical backdrop makes delay more dangerous. The NCSC’s 2025 Annual Review asserts that state actors continue to present a significant threat to UK and global cyber security. ENISA’s Threat Landscape 2025 reaches a similarly stark conclusion for the EU, describing a threat environment in which the Union is consistently targeted by diverse yet increasingly convergent threat groups. ENISA assesses Russia-nexus intrusion sets as the most active against EU Member States during the reporting period, while also highlighting China-nexus activity against public administration, telecommunications and other strategic sectors, and continued Iran-nexus targeting of civil society, NGOs, public administration, and transport. In other words, the actors most likely to benefit from long-horizon cryptographic weakness are already active inside the sectors and jurisdictions that matter most. 

Quantum is More than Just a Cyber-Security Challenge 

This is one reason PQC in Europe is about more than cyber defence alone. It is increasingly bound up with sovereignty, industrial policy, and trusted infrastructure. The EU’s wider quantum agenda, including the planned EU Quantum Act and EuroQCI, shows that Brussels is not treating quantum-era security merely as a problem of algorithm replacement. It is also framing it as a question of industrial scale-up, supply-chain resilience, governance, and secure European communications infrastructure. The debate is therefore as much about who defines trusted digital infrastructure in the next era as it is about who migrates first. 

Financial Services Highlight the Need for a Coordinated Transition 

Finance offers a particularly good illustration of this shift. In financial services, PQC is not just about one institution securing its own data. It is about trust across payment rails, shared market infrastructure, service providers, supervisors, and counterparties. The G7 Cyber Expert Group’s January 2026 roadmap treats the transition as a coordinated financial-sector challenge, centred on inventory, governance, supplier dependencies, and phased execution rather than isolated technical upgrades. That framing is instructive beyond banking: wherever sectors depend on shared digital trust, PQC rapidly becomes an ecosystem issue. 

Operational and Technical Barriers Slow Down Quantum Migration

The same logic applies across telecoms, healthcare, manufacturing, transport, energy, and other operationally complex highly regulated sectors. These environments combine long-lived data, embedded devices, industrial protocols, difficult maintenance windows, and supplier-managed technology stacks. That makes “big bang” migration unrealistic. It also makes basic discovery essential. Organisations need to know where vulnerable public-key cryptography actually sits, which data or signatures need to remain trustworthy for ten years or more, and which estates are hardest to change without operational disruption. In that respect, the NCSC’s phased approach is pragmatic: discover first, prioritise second, migrate in line with risk and refresh cycles rather than pretending every dependency can be resolved at once. 

A Global Shift from Observation to Action 

Although the centre of gravity for many organisations will be the UK and Europe, the broader global trend points the same way. Canada has now formalised a phased government migration approach with discovery, prioritisation, procurement obligations, and completion milestones running through 2035. Australia has taken an even firmer position in one respect, recommending the cessation of traditional asymmetric cryptography by the end of 2030. Taken together, these moves show that the international direction of travel is no longer passive observation. It is structured preparation. 

The 2026 Board-Level Mandate for Quantum-Ready Security 

The board-level conclusion is straightforward. PQC is not a distant research problem, and it is not just an American policy issue reframed for others. For the UK and Europe, it now sits at the intersection of cyber resilience, regulatory preparedness, industrial strategy, supply-chain assurance, and geopolitical competition. The organisations that respond well in 2026 will not necessarily be those with the deepest quantum expertise. They will be the ones that understand where trust actually lives in their environment, how long that trust must endure, and how to move before cryptographic debt, supplier inertia and geopolitical pressure make the transition materially harder than it needed to be.

Board Takeaway 

The immediate board question is not whether quantum computers will break current cryptography tomorrow. It is whether the organisation is starting early enough to manage a long, complex, and dependency-heavy transition in a controlled manner. In the UK and Europe, that means acting now, aligning with emerging public guidance, and using the next few years to reduce cryptographic debt before timing, regulation, supplier drag and geopolitical pressure narrow the available options.