The Future of Security: Why Post-Quantum Cryptography Matters
Key Takeaways
- Timeline: NCSC phased roadmap (2028, 2031, 2035 deadlines) for complete Post-Quantum Cryptography (PQC) migration
- For: CISOs, IT Directors, Security Architects, Risk Officers, Board Members across UK/EU sectors
- Key Threat: “Harvest now, decrypt later” attacks happening today – adversaries collecting encrypted data for future quantum decryption
- Regulatory Context: DORA (January 2025), GDPR Article 32, NIS2, PCI DSS v4.0 converging on quantum-safe cryptography requirements
- Key Actions: Cryptographic inventory, hybrid deployment, crypto-agility, NCSC-aligned roadmap
Reading Time: 12 minutes
Why Post-Quantum Cryptography Matters Now
In an age where digital security supports everything from money transfers to national defence, quantum computing increasingly threatens traditional cryptography. As a result, post-quantum cryptography (PQC), also known as quantum-resistant cryptography, is becoming essential.
PQC uses algorithms that resist attacks from both classical and quantum computers. Unlike current standards, which rely on mathematical problems such as integer factorisation or discrete logarithms – problems that quantum computers can solve exponentially faster – quantum-resistant encryption leverages alternative hard problems, such as lattice-based or hash-based signatures.
The Quantum Threat: From Theory to Urgency
The urgency for PQC stems from the rapid progress in quantum technology. Companies like IBM, Google and IonQ are scaling up quantum processors. As a result, some systems now exceed 100 qubits. In practice, the goal is to build fault-tolerant quantum computers within the next decade.
This shift is not hypothetical; rather, it represents a ticking clock, where every day brings us closer to an unknown deadline. The question is no longer if quantum computers will break modern encryption — it is when. Consequently, for UK and European organisations, post-quantum cryptography (PQC) has transitioned from theoretical concern to operational imperative.
In March 2025, the UK’s National Cyber Security Centre (NCSC) released comprehensive guidance. Specifically, it outlines a three-phase timeline to support migration to quantum-resistant encryption by 2035.
Meanwhile, adversaries are already executing “harvest now, decrypt later” attacks – collecting encrypted data today with the intention of decrypting it once quantum capability becomes available.
As a result, organisations face a paradox under GDPR’s accountability principle. You may be compliant today; however, you could become non-compliant in the future if stored data is later decrypted.
What is Post-Quantum Cryptography?
Post-quantum cryptography refers to cryptographic algorithms designed to withstand attacks from both classical and quantum computers. Unlike quantum key distribution (QKD), PQC algorithms run on existing classical computers – making them practical for widespread deployment.
Why Current Encryption Will Fail in a Quantum World
Modern cybersecurity relies on asymmetric cryptography – particularly RSA and ECC (Elliptic Curve Cryptography). These algorithms are secure today because they rely on mathematical problems that classical computers find intractable.
However, quantum computers can use Shor’s algorithm to solve these problems significantly faster. In practical terms, this means RSA-2048 encryption could be broken in hours, whereas classical computers would take billions of years to achieve the same result.
The NIST PQC Standards
In August 2024, NIST published its first three post-quantum cryptographic standards:
– FIPS 203 (ML-KEM) – Lattice-based algorithm for general encryption and key establishment
– FIPS 204 (ML-DSA) – Lattice-based digital signature algorithm
– FIPS 205 (SLH-DSA) – Hash-based signature algorithm providing cryptographic diversity
The UK’s NCSC and ENISA have endorsed alignment with NIST’s standards whilst emphasising cryptographic agility – the ability to swap algorithms rapidly if vulnerabilities emerge.
Key Exchange and Post-Quantum Cryptography Explained
Many current internet security protocols rely on public-key cryptography for key exchange, allowing two systems to establish secure communication channels. Quantum computers threaten widely used key exchange methods such as RSA and Elliptic Curve Diffie-Hellman, which is why NIST’s new PQC standards introduce quantum-safe alternatives like ML-KEM.
For financial services organisations, explore our two-part guide: Understanding Quantum Threats to Financial Services and Implementing PQC in Financial Services.
Blockchain and Distributed Ledgers
Blockchain systems present complex PQC challenges. Most cryptocurrencies rely on elliptic curve cryptography for digital signatures – precisely the systems most vulnerable to quantum attack.
- For blockchain organisations: Securing Blockchain in a Quantum World: What UK/EU Innovators Should Prepare For
The Quantum Risk Landscape for UK Organisations
The Quantum Arms Race
Global investment in quantum computing is accelerating dramatically in 2026. In recent months, we’ve witnessed breakthroughs in quantum error correction. Google’s Willow processor achieved “below-threshold” error correction – a milestone addressing fundamental barriers to practical quantum computing. IBM, Pasqal and other players are targeting thousand-qubit systems, with several projecting million-qubit systems by 2030.
The UK’s National Quantum Strategy has allocated £2.5 billion over ten years. China has made quantum computing a strategic priority with substantial state investment. In May 2025, the US CISA urged federal agencies to require post-quantum cryptography in new contracts, warning that adversaries could “harvest” data now and decrypt it later.
“Harvest Now, Decrypt Later” as Data Sovereignty Threat
State-sponsored actors are already harvesting encrypted communications today, anticipating future quantum decryption. Consequently, this represents a significant data sovereignty risk for UK organisations.
In particular, it affects sensitive business communications, M&A negotiations, intellectual property, and GDPR-protected personal data. Moreover, certain data types – such as health records – may remain sensitive for decades, further increasing long-term exposure.
Understand how harvest now, decrypt later attacks work
The UK and EU Strategy for Post-Quantum Cryptography
A National Priority for Cybersecurity
The UK and EU are taking a proactive and structured approach to post-quantum cryptography as part of their broader cybersecurity and resilience strategies. In particular, the UK’s National Cyber Security Centre (NCSC) has positioned the transition to quantum-resistant cryptography as a national priority, recognising both the scale of the risk and the time required to respond effectively.
The NCSC Migration Roadmap (2025–2035)
In March 2025, the NCSC published detailed guidance outlining a three-phase migration roadmap, with key milestones set for 2028, 2031 and 2035.
Importantly, this roadmap is not simply advisory; it provides a clear framework for organisations to begin planning and executing their transition in a controlled and measurable way.
As a result, organisations operating in the UK and across Europe are expected to start preparing now, rather than waiting for quantum capabilities to fully materialise.
Regulatory Requirements: GDPR, DORA, NIS2 and PQC
At the same time, the regulatory landscape is evolving to reinforce this direction. The Digital Operational Resilience Act (DORA), which came into force in January 2025, requires financial entities to demonstrate cryptographic resilience and the ability to adapt to emerging threats.
Specifically, Articles 6 and 7 mandate robust encryption policies and cryptographic key lifecycle management, while also emphasising the need for crypto agility.
Similarly, GDPR’s Article 32 requires organisations to implement security measures appropriate to the risk. Consequently, as quantum threats become more tangible, failing to adopt quantum-resistant cryptography could be interpreted as a failure to meet regulatory obligations — particularly for data with long-term sensitivity.
In addition, NIS2 extends these expectations across critical infrastructure sectors, reinforcing the need for forward-looking cryptographic strategies.
From Guidance to Action
Taken together, these developments signal a clear shift: post-quantum cryptography is no longer a theoretical consideration but a regulatory and operational requirement.
Therefore, organisations must begin by understanding their current cryptographic exposure, aligning with the NCSC’s roadmap, and developing a structured migration strategy that supports long-term resilience.
The NCSC has established a migration roadmap
Post-Quantum Cryptography Migration Roadmap
The NCSC has explicitly warned that organisations must assume sensitive encrypted data is already being collected and will eventually be decrypted.
Phase 1: Cryptographic Asset Discovery
Identify all cryptographic assets, map dependencies, catalogue algorithms in use, and build a complete inventory across systems, applications, and third-party services.
Phase 2: Risk Assessment and Prioritisation
Assess exposure to quantum risk, prioritise high-value and long-lived data, and identify critical systems requiring early migration.
Phase 3: Hybrid Cryptography Deployment
Introduce quantum-resistant cryptography alongside existing algorithms, enable hybrid key exchange, and begin phased implementation across priority systems.
Phase 4: Full PQC Transition
Replace legacy cryptographic algorithms, standardise on NIST-approved PQC methods, and achieve full quantum-safe encryption across the environment.
- For official NCSC timelines and guidance read: NCSC Guidance on PQC: What UK/EU Organisations Need to Know Now
Why Post-Quantum Cryptography Matters for UK Organisations
“Quantum computing is set to revolutionise technology, but it also poses significant risks to current encryption methods. Our new guidance on post-quantum cryptography offers a clear roadmap for organisations to protect their data. It helps keep today’s confidential information secure for years to come, even as future threats emerge. As quantum technology advances, upgrading our collective security is not just important – it’s essential.”
NCSC CTO Ollie Whitehouse
Critical Risk Sectors
Financial Services
Banks and payment processors face immediate PQC requirements under DORA. Harvest now, decrypt later attacks threaten payment systems, customer data (GDPR exposure), and blockchain-based tokenisation.
Critical Infrastructure
Energy grids, telecommunications, and transport systems rely on encrypted industrial control systems with decades-long operational lifespans, making delayed cryptographic discovery and migration an existential systemic risk.
Healthcare
Patient records and genetic data require protection extending across lifetimes, making post-quantum cryptography essential to prevent future decryption and irreversible privacy loss at population scale.
Government & Defence
Classified communications assume sophisticated adversaries with potential quantum capability, requiring mandated post-quantum cryptography adoption to meet national security and regulatory assurance standards.
The Regulatory and Business Case for Post-Quantum Cryptography
Early PQC adoption signals forward-looking security to regulators and customers. With DORA in force and NCSC’s roadmap providing clear timelines (2028, 2031, 2035), organisations cannot claim ignorance. Consequences of inaction could include GDPR fines of up to 4% of global turnover. It could also lead to DORA enforcement and personal liability of up to €1M for leaders. Other risks include shareholder litigation and reputational damage.
Detailed guidance for finance sector: Quantum Threats to UK/EU Financial Services and Implementing PQC in Financial Services
The Transition Challenge: From Classical to Quantum-Safe
What is “the Cryptographic Inventory Problem?
Modern enterprises operate thousands of systems with embedded cryptography. For example, a typical large UK financial institution may have over 50,000 TLS/SSL certificates.
- More than 10,000 applications with cryptographic libraries.
- 500+ HSMs.
- Hundreds of third-party APIs may be in use. Many may have no complete inventory.
However, the challenge extends far beyond inventory. PQC algorithms such as CRYSTALS-Kyber may require keys up to 10 times larger than RSA. As a result, this creates significant bandwidth and storage demands, particularly in constrained environments such as IoT and mobile networks.
More
Furthermore, performance remains a key consideration. Lattice-based schemes can be slower for key generation and encryption, while hash-based signatures offer strong security but produce larger signatures. Consequently, this can limit their suitability for high-throughput environments such as blockchain or real-time communications.
Moreover, the human element cannot be overlooked. Cryptographers and developers need retraining as PQC introduces new paradigms. Side-channel resistance must be reevaluated, as quantum adversaries could exploit timing or power analysis in novel ways.
Crypto Agility: A Critical Requirement for PQC Transition
Rapidly swapping algorithms without redesigning systems is essential. DORA explicitly requires this, with Article 6 mandating provisions to “update or change cryptographic technology based on developments in cryptanalysis.” Agile architecture requires algorithm independence, configuration-driven cryptography, hybrid capability, and continuous monitoring.
During transition (likely through 2030 and beyond) most organisations will adopt hybrid cryptography, running classical and quantum-resistant algorithms together. This provides backwards compatibility, defence in depth, and regulatory confidence.
Venari Perspective
Beyond Protection – Toward Quantum Perspective
Traditional cybersecurity operates on protection: build walls, detect threats, respond. Post-quantum cryptography demands a different approach, one rooted in perspective and continuous adaptation.
Venari’s philosophy: you cannot protect what you cannot see. Our Adaptive Cryptographic Intelligence Platform leverages Agentic AI to provide three core capabilities: Cryptographic Discovery (continuously mapping cryptographic assets), Cryptographic Transition (AI-powered migration guidance) and Cryptographic Assurance (continuous, defensible proof of posture).
The Future of Post-Quantum Cryptography in the UK/EU: Learn from our experts:
Building Your PQC Roadmap: A Strategic Framework
Successful PQC transition requires structured methodology. Based on NCSC guidance and NIST frameworks, we recommend a six-phase approach:
Phase 1: Discover
Objective: Achieve comprehensive cryptographic visibility.
Deploy automated discovery to identify cryptographic assets, map dependencies, catalogue third-party cryptography, and document legacy systems.
- Detailed guidance: NCSC Guidance on Post-Quantum Cryptography
Phase 2: Assess
Objective: Prioritise based on risk and regulatory exposure.
Classify data by sensitivity, calculate “cryptographic shelf life,” assess regulatory exposure under GDPR/DORA/NIS2, identify “harvest now, decrypt later” vulnerable systems.
-
- Regulatory requirements: PQC and Regulatory Compliance: GDPR, DORA, NIS2
Phase 3: Prioritise
Objective: Focus on high-impact sectors and systems.
Target high-sensitivity long-duration data, externally facing systems, regulatory-critical systems, and legacy systems with longest migration timelines.
Sector Focus: Financial services face shortest PQC timelines under DORA. Payment systems, customer data, and blockchain applications require immediate attention.
-
- Financial sector guidance: Quantum Threats to UK/EU Financial Services | Implementing PQC in Financial Services
Phase 4: Innovate
Objective: Address emerging domains.
Assess blockchain quantum vulnerability, evaluate tokenised asset exposure, plan quantum-resistant smart contract architectures. Blockchain’s immutability makes it particularly vulnerable – historical transactions remain permanently compromised once quantum computers break ECDSA signatures.
- Blockchain-specific guidance: Securing Blockchain in a Quantum World
Phase 5: Implement
Objective: Execute structured adoption.
Adopt NIST-standardised algorithms (FIPS 203, 204, 205), implement hybrid cryptography, update PKI infrastructure, migrate application-layer cryptography, establish governance, deploy continuous monitoring.
PQC Migration Timeline: Critical Dates 2024-2035
Milestone
NIST PQC Standards Published
DORA Enforcement Begins
NCSC Roadmap Released
Phase 1 Deadline (NCSC)
Phase 2 Deadline (NCSC)
Phase 3 Deadline (NCSC)
Target Date
Aug 2024
Jan 2025
Mar 2025
2028
2031
2035
Description
NIST FIPS 203, 204, 205 released
Cryptographic agility required
Three-phase timeline published
Inventory and planning complete
High-priority systems migrated
Complete PQC migration
Phase 6: Evolve
Objective: Build adaptive cryptographic capability.
Implement algorithm-agnostic frameworks, deploy continuous monitoring, establish crypto-agility governance, participate in information-sharing, plan for post-PQC evolution. Emerging technologies like zero-knowledge proofs and secure multiparty computation require quantum-resistant foundations.
- Emerging cryptographic technologies: Beyond PQC: Zero-Knowledge Proofs and Advanced Techniques
The Business Case for Post-Quantum Cryptography
From Risk to Opportunity
Quantifying the Risk: GDPR fines can reach €20M or 4% of global turnover (potentially £1B+ for major institutions). The UK average data breach cost reached £3.58M in 2024, according to IBM’s Cost of a Data Breach Report – quantum-enabled breaches could far exceed this. Major cybersecurity breaches average 5-8% market capitalisation loss. Emergency cryptographic migration following quantum breakthrough would be chaotic and potentially impossible for legacy systems.
The Upside of Early Adoption: Quantum readiness signals forward-looking risk management to regulators, creates competitive differentiation (“we protect your data against tomorrow’s threats”), enables supply chain leadership, facilitates emerging technologies like tokenisation, and demonstrates operational resilience to investors increasingly focused on cyber-ES
Conclusion: Preparing for a Quantum-Safe Future
The transition to post-quantum cryptography represents one of the most significant security transformations in digital history. However, for most organisations, this transition will take several years and will require a structured transformation programme rather than a simple technology upgrade.
In practice, it involves discovering cryptographic assets, prioritising high-risk systems, and gradually adopting quantum-safe algorithms alongside existing encryption.
At the same time, the quantum threat is both real and increasingly urgent. In response, the NCSC published its March 2025 roadmap, setting key milestones for 2028, 2031 and 2035. Meanwhile, the Digital Operational Resilience Act (DORA) has been in force since January 2025. Validated PQC implementations are now entering the market. As a result, organisations now have both the urgency and the tools required to act. Importantly, the NCSC’s Phase 1 deadline is 2028, which is just two years away. This means cryptographic inventory and migration planning must start immediately.
Guidence
Three Imperatives for UK/EU Leaders
Venari delivers continuous cryptographic visibility with AI-driven posture updates – replacing static audits with live, defensible assurance.
Understand Your Cryptographic Reality
Deploy tools providing continuous visibility into cryptographic assets, dependencies, and vulnerabilities.
Build Cryptographic Agility Now
The ability to swap algorithms rapidly is now a DORA requirement and fundamental security cap
Embrace Collaboration
Engage with industry working groups, regulatory bodies, academic researchers, and technology partners.
Explore Our Complete PQC Guide Series
NCSC Guidance on PQC – What UK/EU Organisations Need to Know
Official NCSC and ENISA guidance, regulatory timelines (2028, 2031, 2035), and compliance expectations for UK/EU organisations
Read Guide
PQC and Regulatory Compliance – GDPR, DORA and Beyond
How GDPR, DORA, NIS2, and UK-specific regulations intersect with post-quantum cryptography requirements
Read Guide
Quantum Threats to UK/EU Financial Services: Why Banks and Insurers Must Act Now
Why banks and insurers must act now on harvest now, decrypt later attacks, payment system risks, and DORA compliance
Read Guide
Harvest Now Decrypt Later: Why Quantum Risk Is Already Here
HNDL risks for encrypted data and long-term confidentiality. Essential guidance for security leaders
Read Guide
A Practical Roadmap to Quantum-Safe Cryptography for UK/EU Enterprises
Step-by-step implementation guidance, 5-step methodology, testing frameworks, and tactical migration strategies for UK/EU enterprises
Read Guide
Beyond PQC – Zero-Knowledge Proofs, Secure Multiparty Computation, and Innovation
Zero-knowledge proofs, secure multiparty computation, and cryptographic innovation in the quantum era
Read Guide
Expert Perspectives: The Future of PQC in the UK/EU
Insights from Venari's advisory board, UK/EU national security experts, and industry thought leaders
Read Guide
Securing Blockchain in a Quantum World – What UK/EU Innovators Should Prepare For
PQC challenges for blockchain, cryptocurrency, and tokenised asset systems. Essential guidance for UK/EU innovators
Read Guide
Quantum Risk for Boards: A Guide for CISOs
When you need the board to grasp the real threat of quantum computing to your organization’s security, this guide gives you the key points to gain their buy-in.
Read GuidePost-Quantum Cryptography
Your Questions Answered
What is post-quantum cryptography?
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers. Unlike current encryption methods (RSA, ECC) that quantum computers can break, PQC algorithms are based on mathematical problems that remain difficult even for quantum systems.
When will quantum computers break current encryption?
Experts estimate that cryptographically relevant quantum computers (CRQCs) capable of breaking RSA-2048 encryption may emerge within 5-15 years. However, “harvest now, decrypt later” attacks mean organisations must act immediately to protect data with long confidentiality requirements.
Is post-quantum cryptography required by UK regulations?
Whilst not yet explicitly mandated, several UK and EU regulations increasingly treat quantum preparedness as part of risk management obligations. DORA requires cryptographic agility for financial entities. GDPR’s accountability principle may require quantum-safe protection for long-sensitivity data. The NCSC has issued clear guidance recommending immediate PQC planning.
What are NIST's PQC standards?
In August 2024, NIST published three post-quantum cryptographic standards: FIPS 203 (ML-KEM) for encryption, FIPS 204 (ML-DSA) for digital signatures, and FIPS 205 (SLH-DSA) for hash-based signatures. These standards form the foundation for global PQC migration.
How long does PQC migration take?
PQC migration timelines vary significantly based on organisational complexity. Simple systems might migrate in months, whilst complex estates with legacy systems, extensive dependencies, and regulatory requirements may require 3-5 years or longer. The NCSC recommends beginning planning immediately.
What is cryptographic agility?
Cryptographic agility is the ability to rapidly swap cryptographic algorithms without redesigning systems. It’s essential for PQC readiness because it enables organisations to respond quickly if vulnerabilities are discovered in PQC algorithms or if standards evolve.
Should we use hybrid cryptography?
Yes, the NCSC and NIST both recommend hybrid approaches during PQC transition. Hybrid cryptography combines classical and quantum-resistant algorithms, providing backwards compatibility whilst building quantum resilience. This approach is considered best practice during the transition period.
How does PQC affect blockchain systems?
Blockchain and distributed ledger technologies face unique PQC challenges. Most cryptocurrencies rely on elliptic curve cryptography for digital signatures – precisely the systems most vulnerable to quantum attack. Blockchain systems require careful PQC planning due to immutable transaction histories.
What is "harvest now, decrypt later"?
“Harvest now, decrypt later” refers to adversaries collecting encrypted data today with the intention of decrypting it once quantum computers become available. This threat is particularly serious for data with long-term confidentiality requirements, as encryption that’s secure today may be vulnerable in 5-15 years.
How can Venari help with PQC readiness?
Venari’s Adaptive Cryptographic Intelligence Platform provides enterprise-wide visibility into cryptographic assets, guided migration with AI-powered intelligence, and continuous assurance of cryptographic posture. We help organisations understand what they need to protect, prioritise migration efforts, and prove compliance to regulators.
About Venari Security
Venari is the leading provider of Adaptive Cryptographic Intelligence for enterprise organisations. Our AI-powered platform delivers live visibility, guided migration, and continuous assurance – turning cryptographic complexity into business clarity. Trusted by financial institutions, critical infrastructure operators, and government agencies across the UK and Europe.
Venari helps organisations manage the move to post-quantum security. This lets them make the transition with confidence.