Post-Quantum Cryptography: How Global Guidance is Taking Shape
TL;DR
Most major economies now agree on post quantum cryptography timelines. High priority systems should migrate by 2030 or 2031, with full migration by 2035 as highlighted by Zygmunt Łoziński of IBM Research via LinkedIn. These are policy targets, not predictions of when Q Day will occur. NIST approved algorithms are the common reference point, with the first three standards CRYSTALS Kyber (FIPS 203), CRYSTALS Dilithium (FIPS 204), and SPHINCS+ (FIPS 205) finalised in August 2024 and a fourth on the way. Many countries are now shifting from preparation to operational adoption.
With the first three standards now finalised, vendors can start operationalising support, and organisations can move from pure preparation into early testing. The preparatory work, often tedious inventory and dependency mapping, will still help avoid last minute fire drills as migration plans move into production. If Q Day happens quietly in a confidential vacuum, the wider world may not realise it for some time, making early action the safer course.
“While the algorithms are available, organizations are still working on transitioning to them, with some agencies lagging behind in their adoption plans. It is here already. Organisations should be in Preparation stage or Discovery according to the latest NZISM V3.9.”
— John Martin, Security Architect, Auckland
Aotearoa New Zealand’s PQC Position
Source: NZISM Version 3.9, April 2025 (full document)
Section 2.4 “Preparation for Post-Quantum Cryptography” sets out the following recommendations for agencies:
Monitor developments in post-quantum cryptography and follow updates from the GCSB.
Maintain an inventory of sensitive and critical datasets with long confidentiality requirements.
Maintain an inventory of systems using public-key cryptography and identify those vulnerable to quantum attack.
Prioritise systems for migration based on asset value, sensitivity, dependencies, and data longevity.
Develop a migration plan so that systems can transition once approved PQC algorithms are available.
While no PQC algorithms are yet approved for NZISM use, the GCSB will adopt standards once they are published. Section 17.1 “Cryptographic Fundamentals” notes that widely used public-key algorithms will be broken by quantum computing, and its references draw heavily from US NIST standards and DHS/NSA resources.
New Zealand has not set a migration deadline. This places it in the same position as many other jurisdictions whose timing is linked to NIST’s publication schedule, although Canada, the EU, and Australia have already stated target years for completing migration.
Emerging International Consensus
If you are aware of official PQC policy documents or roadmaps from any of the countries above that I have not linked, please contact me and I will update this article.
United States:
NIST finalised its selection of three primary post quantum algorithms in August 2024: ML KEM for key establishment, and ML DSA and SLH DSA for digital signatures. These selections are part of NIST’s Post Quantum Cryptography Standards programme, which also involves producing final Federal Information Processing Standards (FIPS) documents. NIST finalised its first three PQC standards in August 2024: CRYSTALS Kyber (FIPS 203) for key establishment, CRYSTALS Dilithium (FIPS 204) for digital signatures, and SPHINCS+ (FIPS 205) for digital signatures. A fourth, FALCON, is expected soon. These now have full parameter sets, implementation guidance, and are available for immediate use.
With the first three PQC algorithms now finalised by NIST (FIPS 203, 204, and 205) in August 2024, countries including New Zealand can begin formally incorporating them into approved algorithm lists. Some are still in the process of updating national manuals and procurement standards to reflect these new FIPS publications. Link to NIST PQC standards
European Union:
European Commission’s Recommendation on a Coordinated Implementation Roadmap for the Transition to Post Quantum Cryptography, published 11 April 2024: strategies by 2026, high risk migrations by 2030, full migration by 2035. Link to recommendation
Germany:
As part of the EU, Germany follows the EU roadmap and additionally recognises non NIST algorithms such as FrodoKEM and Classic McEliece in national guidance. I could not find a standalone German PQC policy document.
Israel:
I could not find an official public PQC roadmap. Based on sector reporting, the financial sector is likely to follow NIST approved algorithms for interoperability.
Canada:
Government of Canada’s PQC Migration Roadmap (ITSM.40.001), published 23 June 2025: departmental plans by April 2026, high priority systems by end 2031, and full migration by end 2035. Link to roadmap
China:
I could not find publicly released PQC standards or migration timelines. PQC development is reportedly underway under the International Commercial Cryptography Service (ICCS) initiative, but details appear to remain internal.
Australia:
Australian Signals Directorate’s Information Security Manual (ISM) includes updated cryptography guidance, signalling the phase out of legacy algorithms in high assurance systems by 2030, with PQC adoption to follow NIST standards. Link to ISM guidance
United Kingdom:
UK NCSC’s PQC migration timelines, published March 2025: discovery and planning by 2028, high priority migration by 2031, and full migration by 2035. Link to migration timelines
| Theme | What this looks like in practice | Representative examples |
|---|---|---|
| Common timelines | High priority migrations by about 2030 or 2031, full migration by 2035 | EU roadmap 2030 and 2035. Canada 2031 and 2035. UK 2031 and 2035 |
| NIST as default | Most guidance points to NIST approved algorithms to maximise interoperability | USA NIST selections anchor others. EU, UK, Canada, Australia reference NIST |
| Plan now | Inventory cryptography and data, assess lifespan risk, design migration plans | Canada roadmap tasks. EU national strategies. NZISM Section 2.4 preparation |
| Keep NIST compatible options | Even with sovereign research, maintain a NIST compatible path for cross border systems | Germany accepts alternatives yet still interoperates. Some regional pilots in Asia include NIST-compatible options |
| Dimension | Variation | Illustrative jurisdictions |
|---|---|---|
| Formality of deadlines | Some publish target years. Others stay preparatory without dates | Canada, EU, UK, Australia publish dates. New Zealand focuses on preparation |
| Algorithm set | Most default to NIST. Some also recognise alternative non NIST options | Germany includes FrodoKEM and Classic McEliece alongside NIST |
| Transition approach | Different stances on hybrid schemes that mix classical and post quantum algorithms | EU tolerant of hybrids. Australia and others are more cautious in certain contexts |
| Transparency and publication | Clear public roadmaps in some places. Limited public timelines elsewhere | Canada and EU are explicit. China’s timelines were not located in public sources |
Closing thoughts
The majority of the global consensus is anchored to NIST’s PQC standards, which now include three finalised algorithms and a fourth in progress. Governments that have been in preparation phases are expected to accelerate formal adoption and procurement requirements in their next policy updates.
For organisations in New Zealand, and elsewhere, this is the window to prepare. The international timelines are to complete high priority migrations by 2030 or 2031 and full migration by 2035, which offers a general idea of what to expect. Even without an official New Zealand deadline, boards and CISOs can start building PQC migration into future budgets, asset lifecycles, and roadmaps. With NIST’s standards in place, those plans can begin shifting from preparatory to operational now, without starting from scratch.
If Q Day happens quietly in a confidential vacuum, the wider world may not know for some time. That uncertainty reinforces the case for acting early rather than waiting for a public announcement that might come too late.
What can be done now
-
Identify cryptography in use
Use your vulnerability management platform, OpenSSLs_client, Nmap NSE scripts, or commercial crypto inventory tools to detect protocols and key sizes across servers, applications, APIs, and backups. -
Mark long‑life data
Review retention policies and obligations. Flag datasets such as health, legal, and financial records that must stay confidential beyond 2030, and tag them in your data catalogue for prioritisation. -
Prioritise by replacement difficulty
Describe upgrade complexity per system. For example, updating TLS on a vendor‑supported web server is straightforward. An ERP with annual releases will be slower. A legacy control system with no active vendor may need custom engineering and extended testing.
What to do after NIST finalises standards
-
Ask vendors for PQC timelines
Send RFI or RFP questions to critical suppliers. Request dates for support of NIST approved algorithms, their stance on hybrids, and confirmation they will align to final FIPS parameters. Track responses in your vendor risk register. -
Budget for staged migration
Add line items over the next three to five years for software upgrades, HSM refresh, cloud tier changes, and project staffing. Align spend to the 2030 or 2031 and 2035 milestones. -
Run pilot integrations
Stand up a test environment and implement ML KEM, ML DSA, and SLH DSA from supported libraries. Measure handshake latency, CPU load, certificate handling, and compatibility. Use results to refine your migration plan.
Get in touch