Crypto‑Agility Explained Preparing Cryptography for the Quantum Era

Crypto agility is one of those terms that sounds like it belongs in a technical architecture discussion rather than a boardroom.

But as the quantum threat moves from theoretical to operational, and as regulators begin requiring demonstrable cryptographic resilience, it has become one of the most strategically important concepts in post-quantum security planning.

The core idea is straightforward: a crypto-agile organisation can update, replace, or swap cryptographic algorithms quickly and safely, without redesigning the systems that depend on them.

In practice, very few organisations have built this capability. And that gap, more than anything else, is what makes post-quantum cryptography (PQC) migration so operationally complex.

This article explains what cryptographic agility means in practice, why so much existing infrastructure lacks it, and what security leaders need to do to build it – before the quantum deadline arrives.

For a broader introduction to the post-quantum landscape, see our Post-Quantum Cryptography guide.

Why cryptography must evolve faster than threats

Cryptographic standards have always had a shelf life. MD5 was once considered secure. SHA-1 is now deprecated. DES gave way to 3DES, then to AES.

The difference today is the pace and scale of what is coming.

The UK’s NCSC has set phased migration deadlines at 2028, 2031 and 2035. NIST published its first post-quantum standards – ML-KEM, ML-DSA and SLH-DSA – in August 2024. DORA, in force since January 2025, explicitly requires financial entities to demonstrate the ability to update cryptographic technology as cryptanalysis evolves.

These are not distant obligations. They are current operational requirements.

But the threat horizon is also shortening in ways that make waiting dangerous.

“Harvest now, decrypt later” attacks – where adversaries collect encrypted data today with the intention of decrypting it once quantum computers become capable – mean that data protected by current algorithms is already at risk.

Any information that must remain confidential for the next decade or more carries exposure right now: harvest now, decrypt later attacks are not waiting for the arrival of quantum computers.

For a deeper look at this threat and its implications, see our article on harvest now, decrypt later attacks.

Against this background, the ability to change cryptographic algorithms quickly is not a nice-to-have. It is a fundamental requirement of any credible PQC transition strategy.

An organisation that has not built crypto agility into its infrastructure will find that migration is not a straightforward swap – it is a system-by-system reconstruction exercise, carried out under time pressure, with regulatory scrutiny increasing throughout.

Why most infrastructure is not crypto-agile

To understand why crypto-agile infrastructure is rare, it helps to understand how cryptography has historically been implemented.

In most organisations, cryptographic algorithms are not treated as a configurable parameter. They are baked into systems at build time, embedded in libraries that were chosen years or decades ago, hardcoded into application logic, or inherited through third-party software with no upgrade path.

The team that originally selected an algorithm is often long gone. The documentation that would explain what depends on it has either never existed or been lost.

This is not negligence. It reflects how cryptography has always been treated: as infrastructure that, once deployed, does not need to be touched.

Until now, that assumption was largely correct. The algorithms in widespread use have been stable for long enough that treating them as permanent fixtures carried little obvious risk.

The quantum threat breaks that assumption.

And it exposes a structural problem that has been building quietly for years: most organisations have accumulated what practitioners are beginning to call “cryptographic debt” – a sprawling, undocumented estate of algorithms, certificates, keys and cryptographic libraries that no single team fully understands, and that was never designed to be changed at scale.

The result is that when an organisation tries to begin PQC migration, it faces a dependency problem as much as a technical one.

Replacing an algorithm affects every system, application and integration that depends on it. Without a complete map of those dependencies, migration cannot be safely sequenced.

Without safe sequencing, well-intentioned migrations cause outages.

How rigid encryption slows PQC migration

The relationship between cryptographic rigidity and migration speed is direct.

Organisations with hardcoded or undocumented cryptographic implementations face significantly longer migration timelines, higher costs and greater risk of disruption than those that have built flexibility into their cryptographic architecture.

This is not theoretical.

The challenge of cryptographic lifecycle management has become one of the most pressing operational problems facing security teams preparing for PQC, as it involves managing the full lifespan of keys, certificates, algorithms and protocols.

Several specific patterns make migration slower and riskier.

Hardcoded algorithm choices.

When an algorithm is specified directly in code rather than through a configuration layer, changing it requires locating every instance, testing each one independently and coordinating changes across teams and release cycles. In large estates, this can involve hundreds of separate interventions.

Third-party and supply chain dependencies.

Cryptographic choices made by SaaS vendors, APIs and managed service providers sit outside direct control. Where those vendors have not published PQC roadmaps, organisations face an information gap that can only be resolved through direct engagement, which itself takes time.

Shared cryptographic libraries with no version control.

Many organisations rely on shared libraries that are used by dozens of different applications. Updating one to a post-quantum algorithm can break others that depend on specific protocol behaviours. Without dependency mapping, the blast radius of a library update is unknowable in advance.

Legacy systems that cannot be updated remotely.

Hardware Security Modules (HSMs), IoT devices, embedded systems, and certain legacy applications cannot receive software updates in the way that modern cloud workloads can. Some will require physical replacement. These systems need to be identified early in any encryption migration strategy, because their lead times are measured in years, not sprints.

Each of these patterns reflects the same underlying problem: cryptography was not designed to be changed. Building crypto agility means redesigning the relationship between cryptographic choices and the systems that depend on them, so that the next algorithm change, whenever it comes, is a configuration update rather than a migration programme.

Building crypto‑agility across modern infrastructure

Cryptographic agility is not a product that can be purchased and deployed. It is a design principle that needs to be built into systems, processes, and governance. And it starts with visibility.

Before any organisation can build a crypto-agile infrastructure, it needs a comprehensive, continuously updated picture of its cryptographic estate: which algorithms are in use, where they live, what key lengths are deployed, which certificates are approaching expiry, and, critically, what depends on what. This is the domain of cryptographic asset discovery, which we explore in depth in our companion article on why PQC migration starts with visibility.

Without that foundation, crypto agility is an architectural aspiration rather than an operational reality. The dependency map is what makes safe, sequenced migration possible. An organisation cannot know which systems can be updated by vendor patch, which require custom development, and which require physical replacement, until it knows exactly what cryptographic assets it holds and how they are connected.

With that foundation in place, building crypto agility involves several structural changes:

Externalise cryptographic configuration.

Where possible, algorithm choices should be driven by configuration rather than hardcoded into application logic. This makes future changes faster and reduces the risk of missed instances during migration.

Adopt hybrid cryptography as a transitional mechanism.

Running classical and post-quantum algorithms in parallel allows organisations to introduce quantum-resistant cryptography without immediately decommissioning existing systems. This is particularly important for environments where full migration cannot be completed in a single change window.

Establish cryptographic lifecycle management as a formal discipline.

Certificates expire. Standards evolve. Vulnerabilities emerge. Treating cryptography as a managed asset, with clear ownership, renewal processes, and update triggers, is what separates organisations that can respond quickly to cryptographic change from those that cannot.

Plan for hardware constraints explicitly.

HSMs and embedded devices require separate migration planning and longer lead times. Identifying them early, and understanding their update limitations, prevents them from becoming blockers in a migration programme that is otherwise ready to proceed.

Engage third-party vendors early.

SaaS providers, API integrators and managed service providers all make cryptographic choices that affect your exposure. Establishing visibility into third-party cryptographic posture, and building quantum readiness requirements into procurement and vendor management processes, is an increasingly important element of any credible PQC transition strategy.

Operationalising crypto‑agility

Understanding what crypto agility requires is one thing. Building it at scale, across a complex and distributed estate, under regulatory pressure and with finite security team capacity, is another. This is where the gap between strategy and execution most often appears.

The organisations that succeed in building crypto-agile infrastructure tend to share a few operational characteristics. They have established continuous cryptographic visibility – not a point-in-time audit, but a live, maintained picture of the cryptographic estate that updates as new certificates are issued, new applications are deployed, and new third-party services are onboarded. They have mapped cryptographic dependencies so that migration can be sequenced without creating outages. And they have connected that visibility directly to a risk-prioritised migration plan, so that effort is focused where exposure is greatest first.

This is precisely the operational challenge that the Venari Adaptive Cryptographic Intelligence Platform is designed to address. It provides continuous cryptographic visibility across the networked enterprise estate; mapping algorithms, certificates, keys, and dependencies in real time, translating that visibility into a risk-prioritised, NCSC-aligned migration plan.

The NCSC’s Phase 1 deadline – cryptographic inventory and migration planning complete – is 2028. For organisations that have not yet begun, that timeline is already tighter than it appears. Large, distributed estates with hardware constraints, supply chain dependencies and legacy systems cannot be inventoried and migrated in months. The lead time for building genuine crypto agility is measured in years.

Organisations in regulated sectors face additional urgency. DORA’s Article 6 is explicit: firms must be able to “update or change cryptographic technology based on developments in cryptanalysis.” The NCSC’s guidance reinforces the same principle. Demonstrating that capability to regulators requires more than a policy statement, it requires the operational infrastructure to back it up.

Automation is no longer optional in this environment. Certificate lifespans are already shrinking – the CA/Browser Forum has proposed reducing TLS certificate validity to 47 days by 2029, down from 398 days today. Manual renewal and tracking processes that are already stretched will become completely unsustainable at that cadence, before the added complexity of PQC algorithm management is factored in. Crypto agility, in practice, requires automated lifecycle management: continuous discovery, automated renewal, and policy-driven controls that remove human latency from cryptographic operations.

It is also worth being explicit about what this means organisationally. PQC migration is not an IT project with a delivery date. It is a long-term governance and resilience capability that requires board-level ownership, cross-functional coordination across security, infrastructure, procurement and legal, and sustained investment over multiple years. The organisations that treat it as a technical workstream, delegated entirely to the security team, will find that the governance and vendor management dimensions slow them down as much as the technical ones.

The bottom line

Crypto agility is not the end goal of post-quantum migration. It is the capability that makes migration possible, and that ensures an organisation can respond quickly when the next cryptographic standard evolves, as it inevitably will.

Building it requires starting with visibility: understanding exactly what cryptography exists across the estate, where it lives, and what depends on it. Without that foundation, the structural changes that enable crypto-agile infrastructure cannot be safely designed or executed.

The organisations that navigate the quantum transition most successfully will not necessarily be those with the largest budgets. They will be the ones that establish the foundations: visibility, dependency mapping and lifecycle management, early enough to act with confidence when the deadlines arrive.

The deadlines are set. The standards are published. The only variable is how much lead time your organisation gives itself.

Common questions

What is crypto agility and why does it matter for post-quantum security?

Crypto agility is the ability to update, replace, or swap cryptographic algorithms (quickly and safely) without having to rebuild the systems that depend on them. In practice, it means treating cryptographic choices as a configurable layer of infrastructure rather than a fixed, permanent one.

It matters for post-quantum security because the transition away from current algorithms is not a one-time event. NIST published its first post-quantum standards in 2024, but standards will continue to evolve as cryptanalysis advances. An organisation that builds crypto agility now is not just preparing for the quantum threat, it is building the capability to respond to the next cryptographic change, and the one after that, without a major reconstruction exercise each time.

How is crypto agility different from just updating certificates?

Certificate renewal is one small part of cryptographic lifecycle management, but it is not the same as crypto agility. A certificate rotation replaces a credential; it does not change the underlying algorithm or key structure. Crypto agility goes much deeper. It means being able to change the algorithm itself, across every system and application that uses it, without causing outages or missed instances.

The distinction matters because post-quantum migration requires algorithm replacement, not just certificate refresh. RSA and elliptic curve cryptography need to be replaced with quantum-resistant alternatives such as ML-KEM and ML-DSA. That is a fundamentally different operation from renewing a TLS certificate, and it requires a complete picture of cryptographic dependencies before it can be done safely.

Where should an organisation start if it has no cryptographic visibility?

The starting point is cryptographic asset discovery: building a comprehensive, dependency-aware inventory of every algorithm, certificate, key, and cryptographic library in use across the estate. Without that foundation, it is not possible to know what needs to change, in what order, or what will break if you change it.

A structured PQC readiness assessment is usually the most practical first step. It surfaces the gaps, provides the baseline cryptographic inventory, and produces a risk-prioritised migration roadmap aligned to the NCSC’s phased deadlines. Organisations that attempt to begin migration before completing this step tend to encounter avoidable outages and discover mid-programme that their estate is significantly more complex than anticipated.

How long does it take to build crypto-agile infrastructure?

There is no single answer, because it depends heavily on the size and complexity of the estate, the proportion of legacy and hardware systems in scope, and the extent of third-party and supply chain dependencies. For large, distributed organisations, particularly those in financial services, critical infrastructure, or highly regulated sectors, building genuine crypto agility is a multi-year programme, not a project measured in sprints.

This is one of the most important reasons to start now. The NCSC’s Phase 1 deadline (cryptographic inventory and migration planning complete) is 2028. For organisations with significant hardware constraints, undocumented cryptographic estates, or extensive third-party dependencies, 2028 is already closer than it looks. The lead time required to build crypto-agile infrastructure is precisely why waiting for a clearer quantum threat picture is among the highest-risk positions an organisation can take.

Can cryptographic lifecycle management be handled manually?

Increasingly, no. Certificate lifespans are already shrinking. The direction of travel on certificate lifespans is clear: shorter, and getting shorter still. Manual processes that are already stretched will not scale to meet that trajectory, let alone absorb the additional demands of PQC migration on top.

Crypto agility in practice requires automated lifecycle management: continuous discovery of cryptographic assets, automated certificate renewal, and policy-driven controls that flag expiring or non-compliant cryptography without depending on human intervention. Organisations that rely on spreadsheets and manual audits for cryptographic inventory will find that those processes cannot keep pace with either the shrinking certificate window or the migration demands of a PQC transition.

For a complete introduction to post-quantum cryptography, the NCSC’s migration roadmap and what UK organisations need to do now, visit our Post-Quantum Cryptography guide.

Ready to transform your security approach?

PQC Explained: Read Our Guide Get a Quote Get Assessed

You Can’t Migrate What You Can’t See: PQC Discovery

Cryptographic Asset Discovery: Why PQC Migration Starts with Visibility Before any building contractor can safely remove asbestos, they need a full survey of where…