How to Transition From Post-Quantum Preparedness to Post-Quantum Cryptography (PQC) Adoption

Quantum computing effectively breaks the encryption that safeguards our digital universe today, including RSA and ECC. And while the exact timeline for cryptographically relevant quantum computers (CRQCs) is still fuzzy, we are already firmly in the post-quantum (PQ) era.

“Harvest now, decrypt later” (HNDL) style attacks that target long-life data and devices are underway, post-quantum cryptography (PQC) algorithms are available from NIST, and there are an increasing number of government PQC mandates and timelines across sectors. With that, it is well past the time to move from PQ preparedness to PQC adoption.

Key Takeaways:

• With the availability of PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) and an increasing number of government PQC mandates, the post-quantum (PQ) era is effectively here.
• And that means organizations need to move beyond preparing for PQ and start implementing PQC in production.
• The journey to PQC is not a simple flip of the switch, but rather a staged enterprise-wide transformation that requires a well-constructed roadmap with clear ownership to realize quantum resistance.

PQC around the globe

Transitioning our digital universe requires global collaboration across governments and industry. Some of the more notable initiatives include the NIST Post-Quantum Cryptography Project, the National Cybersecurity Center of Excellence Migration to Post-Quantum Cryptography, the Internet Engineering Task Force (IETF), the Open Quantum Safe (OQS) project, and MITRE’s Post-Quantum Cryptography Coalition.

NIST PQC standards

After running a global competition, NIST published the first three PQC algorithms in August 2024:

• ML-KEM (FIPS 203) – module-lattice-based key-encapsulation mechanism standard (formerly CRYSTALS-Kyber)
• ML-DSA (FIPS 204) – module-lattice-based digital signature standard (formerly CRYSTALS-Dilithium)
• SLH-DSA (FIPS 205) – stateless hash-based digital signature standard (formerly SPHINCS+)

NIST also selected HQC in March 2025 as a backup for general encryption, with a draft standard expected in 2026.

Hybrid vs. Pure PQC migration

One of the ongoing debates is whether to take a hybrid or pure approach to PQC migration. Hybrid PQC migration applies both a traditional public key algorithm like RSA and a PQC algorithm together in the same handshake or signature scheme.

Pure PQC migration replaces all traditional algorithms with PQC algorithms for all cryptographic assets. While pure PQC migration helps ensure quantum readiness now and provides a simpler long-term architecture, it is often incompatible with legacy systems that cannot handle PQC key sizes and message formats and presents with a higher migration risk. In comparison, a hybrid approach affords a more gradual PQC migration with operational continuity but comes with added overhead and complexity.

ANSSI in France and BSI in Germany both favor a hybrid approach to PQC migration, expressing concerns over the relatively untested nature of new standards to real-world attacks. And the European Commission has published the Post-Quantum Cryptography Implementation Roadmap for EU Member States that promotes a hybrid approach employing PQC alongside existing cryptographic approaches or with quantum key distribution (QKD).

However, the U.S. National Security Agency (NSA) favors a pure approach with exclusive PQC algorithm use by 2030 for all National Security Systems (NSS). As well, the UK’s National Cyber Security Centre (NCSC) advises that a hybrid approach should only be used as an interim measure on the path to full PQC adoption.

PQC migration is a staged enterprise-wide transformation

Hybrid or pure, the journey to PQC is not a simple flip of the switch, but rather a staged enterprise-wide transformation. Armed with NIST’s PQC algorithms, here is a practical roadmap to facilitate your own PQC journey.

Build your PQC plan of attack

• Assign PQC program ownership and accountability with authority to coordinate cross-functionally.
• Assemble a complete inventory of all your cryptographic assets, including algorithms, protocols, libraries, keys, and dependencies such as APIs and third-party integrations. Use of a unified cryptographic security platform can be invaluable to this effort and will also help you keep this inventory current.
• Prioritize PQC migration with a focus on assets that protect high risk and long-life data such as company intellectual property.
• Determine the best PQC migration approach – hybrid or pure – for your organization. For reference, most large organizations today seem to be taking a hybrid approach that tests PQC in production while keeping classic encryption algorithms as a safety net.

Pilot NIST-approved PQC algorithms

• Move from the lab to controlled pilots in non-critical environments to validate PQC algorithm performance and interoperability.
• Engage supply chain partners early on and regularly to confirm their roadmaps incorporate PQC. Think of it like third party software bill of materials (SBOMs), but for PQC. The use of a cryptographic security platform can help simplify and facilitate these efforts both initially and on an ongoing basis.

Integrate PQC into lifecycle management

• Align PQC migration efforts with your IT refresh cycle to streamline implementation with minimal cost and disruption.
• Update security policies to include PQC adoption.
• Embed PQC requirements into procurement policies, templates, and processes.
• Update network protocols (TLS, IPsec, SSH) to support PQC or hybrid key exchange.

Execute phased PQC rollout

• Prioritize PQC migration of cryptographic assets. For example:
  • Phase 1: high-priority assets such as those protecting national security or critical infrastructure
  • Phase 2: medium-priority assets such as internal applications
  • Phase 3: remaining systems and archival data
• Use your cryptographic security platform to track progress, along with compliance with government regulations.

Stay agile

• Train developers and security teams on PQC algorithms, key management, and migration pitfalls.
• Continuously monitor PQC algorithm vulnerabilities from NIST and other cryptographic think tanks.
• Use red teaming to simulate quantum breach scenarios and test incident response against HNDL attacks.
• Plan for PQC algorithm agility by building systems that can relatively easily swap cryptographic primitives.
• Commit to ongoing quantum resistance training and awareness across the organization.

The quantum threat to digital security is here. With governments and enterprises around the world already adopting PQC, don’t leave your organization unnecessarily exposed and a relatively easy target for cybercriminals. Benchmark your PQC adoption progress with this self-assessment readiness test and explore our post-quantum cryptography solutions.