Post-quantum migration deadlines · Free
The first binding deadlines have already passed
Every dated post-quantum mandate from 20 jurisdictions, each traced to its primary source. Click a bubble to read the rule, see who it binds, and open the source.
Scroll to zoom · click any bubble for the rule and its source
Where you stand
You have the deadlines. The next question is whether your systems are ready.
Of these 77 deadlines, 29 are binding and 17 are already in force. A date on a map does not tell you what it costs you. The free Post-Quantum Readiness Assessment maps where your own cryptography is exposed and what has to move first, in about ten minutes, with no registration.
Post-Quantum Readiness Assessment
A date on a map does not tell you what it costs you.
24 questions across six dimensions. Maps where your own cryptography is exposed against the deadlines already in law, in about ten minutes. We send you a PDF. No registration, no sales call.
PQC Intelligence
Fourteen migrations. Most of them slightly wrong.
Cloudflare, SWIFT, Google, AWS went first. We read every post-mortem they published, and documented the 28 failure modes they'd rather you didn't notice. Read it before you draft your own plan.
Quantum Threat Scenarios
The machine that breaks your crypto hasn't been built. Probably.
Pick an algorithm. Pick a scenario. See the year it breaks. Four hardware timelines, grounded in published benchmarks rather than vibes. You leave with a number you can put in a memo.
All 77 deadlines as a table, with every source link
| Deadline | Jurisdiction | Body | Mandate | Enforceability | What it requires | Primary source |
|---|---|---|---|---|---|---|
| May 20222022-05-04 | United States | White House | NSM-10 | Binding requirement | National Security Memorandum directing federal PQC migration | bidenwhitehouse.archives.gov → |
| Nov 20222022-11-18 | United States | OMB | M-23-02 | Binding requirement | Agencies must inventory cryptographic systems, report to CISA/OMB. Superseded by M-26-15 in June 2026 · corrected | whitehouse.gov → |
| 20232023-01-01 | International | BIS | Quantum-Readiness | Official guidance (advisory) | BIS and FSB warn of systemic quantum risk; readiness roadmap | bis.org → |
| 20242024-01-01 | Global | Browsers | PQC in TLS | De facto standard | Chrome and Firefox ship hybrid PQC key exchange (X25519+ML-KEM) | security.googleblog.com → |
| Feb 20242024-02-20 | Singapore | MAS | Quantum Risk Advisory | Official guidance (advisory) | MAS advises financial institutions on quantum risks · corrected | mas.gov.sg → |
| Apr 20242024-04-01 | European Union | Commission | PQC Recommendation | Official guidance (advisory) | EC recommends coordinated PQC implementation roadmaps | eur-lex.europa.eu → |
| Aug 20242024-08-13 | United States | NIST | FIPS 203/204/205 | Technical standard | ML-KEM, ML-DSA, SLH-DSA finalized. The first PQC standards. | nist.gov → |
| 20252025-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | Software/firmware signing & web/cloud: prefer CNSA 2.0 | media.defense.gov → · opens for people |
| 20252025-01-01 | European Union | ETSI | TS 103 744 | Technical standard | Hybrid classical+PQC key exchange standard | etsi.org → |
| 20252025-01-01 | Canada | Treasury Board | PQC SPIN | Binding requirement | Dated, auditable PQC migration requirements in procurement | canada.ca → |
| 20252025-01-01 | Canada | CCCS | ITSM.00.501 | Binding requirement | PQC procurement playbook with contract language. | cyber.gc.ca → |
| 20252025-01-01 | South Korea | NIS/NSR | KpqC Winners | Technical standard | 4 domestic PQC algorithms selected (HAETAE, AIMer, SMAUG-T, NTRU+) | kpqc.or.kr → |
| 20252025-01-01 | South Korea | MSIT | PQC Master Plan | Official guidance (advisory) | Pilot migrations in finance and telecommunications | quantumcomputingreport.com → |
| Jan 20252025-01-07 | Israel | Bank of Israel | Directive 202501 | Binding requirement | Banks must submit board-approved quantum preparedness plans · corrected | boi.org.il → |
| Jan 20252025-01-17 | European Union | EU | DORA | Binding requirement | ICT risk management for EU financial entities takes effect | eur-lex.europa.eu → |
| Mar 20252025-03-11 | United States | NIST | HQC Selection | Technical standard | HQC selected as backup KEM (code-based, different math family). Standard expected around 2027. | nist.gov → |
| Mandatory Enforcement2025-03-31 | Global (Industry) | PCI Security Standards Council | PCI DSS v4.0 / v4.0.1 - Requirement 4.2.1 | Binding requirement | Certificate/key inventory and crypto-agility controls (Req 4.2.1) become mandatory for all entities that store, process or transmit payment card data worldwide | blog.pcisecuritystandards.org → |
| Apr 20252025-04-08 | Global | OpenSSL | OpenSSL 3.5 | De facto standard | PQC on by default: ML-KEM, ML-DSA, SLH-DSA; hybrid TLS. | openssl-library.org → |
| Sep 20252025-09-18 | United States | NIST | SP 800-227 | Official guidance (advisory) | Key-Encapsulation Mechanism recommendations published · corrected | csrc.nist.gov → |
| Sep 20252025-09-25 | International | FS-ISAC | PQC Migration | Official guidance (advisory) | Industry-led PQC migration roadmap for financial services · corrected | fsisac.com → |
| Oct 20252025-10-22 | Singapore | CSA | Quantum-Safe Handbook | Official guidance (advisory) | Handbook and readiness index published · corrected | csa.gov.sg → |
| Oct 20252025-10-29 | Malaysia | NACSA | PQC Readiness Roadmap | Official guidance (advisory) | National roadmap launched; 2025–2030 migration plan; sandbox | nst.com.my → |
| Nov 20252025-11-20 | United States | DoW | DoW CIO Memo | Binding requirement | Defense components must identify, inventory, and report all cryptographic usage; PSK phase-out by end-2030 | dowcio.war.gov → |
| 20262026-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | Networking equipment: prefer CNSA 2.0 | media.defense.gov → · opens for people |
| 20262026-01-01 | United States | CISA | Product Advisory | Official guidance (advisory) | Product categories expected to support PQC identified | cisa.gov → |
| 20262026-01-01 | Japan | CRYPTREC/METI | PQC Guidelines | Official guidance (advisory) | Planning into early execution; higher-risk environment upgrades | cryptrec.go.jp → |
| 20262026-01-01 | UAE | Cybersecurity Council | National Encryption Policy | Binding requirement | Binding migration plans; automated crypto inventory; crypto-agility | wam.ae → |
| Jan 20262026-01-13 | G7 | Cyber Expert Group | PQC Roadmap | Official guidance (advisory) | 6-phase PQC roadmap for financial sector | home.treasury.gov → |
| Jan 20262026-01-20 | European Union | Commission | NIS2 PQC (Proposed) | Official guidance (advisory) | PQC requirements proposed for NIS2 implementing acts · corrected | digital-strategy.ec.europa.eu → |
| Feb 20262026-02-03 | Hong Kong | HKMA | Quantum Preparedness Index | Official guidance (advisory) | Quantum preparedness assessment index for financial institutions · corrected | hkma.gov.hk → |
| Apr 20262026-04-01 | Canada | CCCS | ITSM.40.001 | Binding requirement | Departmental migration plans due; annual reporting begins | cyber.gc.ca → |
| Jun 20262026-06-12 | United States | White House | NSPM-12 | Binding requirement | NSS cybersecurity governance overhauled; CNSS gets binding directive authority; NSA designated National Manager | whitehouse.gov → |
| Jun 20262026-06-22 | United States | White House | EO 14412 | Binding requirement | Key establishment by Dec 31 2030; signatures by Dec 31 2031 for HVAs/high-impact systems. FAR contractor compliance by 2030. CBOM guidance within 270 days | federalregister.gov → |
| Jun 20262026-06-22 | United States | White House | EO 14413 | Binding requirement | QC-ADDS science-grade quantum computer; 3 quantum sensor projects by Sep 2028; supply-chain analysis; NQIAC reconstituted | federalregister.gov → |
| Jun 20262026-06-23 | United States | DoW CIO | DoW PQC Strategy | Binding requirement | All DoW systems: support PQC by Dec 31 2030; use PQC by Dec 31 2031. NSS under CNSA 2.0. Two tracks: HA-ECU and Commercial | dowcio.war.gov → |
| Jun 20262026-06-24 | United States | OMB | M-26-15 | Binding requirement | Five-phase PQC migration (2026–2035). Agency plans due Oct 2026. Crypto-agility mandated. Supersedes M-23-02 | whitehouse.gov → |
| Sep 20262026-09-21 | United States | NIST | FIPS 140-2 Sunset | Binding requirement | All FIPS 140-2 certificates moved to Historical; FIPS 140-3 required | csrc.nist.gov → |
| Late 20262026-12-01 | United States | NIST | FN-DSA (FIPS 206) | Technical standard | FN-DSA (Falcon) standard expected. Compact signatures. | csrc.nist.gov → |
| End 20262026-12-31 | European Union | NIS Coop. Group | Coordinated Roadmap | Official guidance (advisory) | Phase 1: National strategies, crypto inventories, pilots | digital-strategy.ec.europa.eu → |
| End 20262026-12-31 | Australia | ASD | ISM PQC Guidance | Official guidance (advisory) | Refined transition plan developed | cyber.gov.au → · opens for people |
| 20272027-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | ALL new NSS acquisitions must be CNSA 2.0 compliant | media.defense.gov → · opens for people |
| 20272027-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | Operating systems: prefer CNSA 2.0 | media.defense.gov → · opens for people |
| 20272027-01-01 | European Union | EU | Cyber Resilience Act | Binding requirement | Products must support cryptographic updates (crypto-agility law) | digital-strategy.ec.europa.eu → |
| Milestone 1 - Build Foundations (CII)2027-12-31 | India | NQM Task Force | Quantum-Safe Ecosystem Roadmap (DST Report) | Official guidance (advisory) | Critical Information Infrastructure (CII) entities complete foundational PQC governance, crypto-asset inventory and risk assessment | dst.gov.in → |
| Short-term phase2027-12-31 | Taiwan | FSC (Financial Supervisory Commission) | PQC Migration Reference Guide for the Financial Industry | Official guidance (advisory) | Financial institutions establish governance frameworks, inventory methodologies, cryptographic asset inventories (CBOM) and foundational crypto-agility capabilities | fsc.gov.tw → |
| Certification cutoff (Visas de sécurité)2027-12-31 | France | ANSSI | PQC Certification Requirement (2026 update) | Binding requirement | ANSSI will stop issuing security certifications ('visas de sécurité') for products that lack quantum-resistant encryption, starting in 2027 | cyber.gouv.fr → |
| End 20282028-12-31 | United Kingdom | NCSC | PQC Migration Timelines | Official guidance (advisory) | Phase 1: Discovery complete. Full inventory and strategy defined. | ncsc.gov.uk → |
| End 20282028-12-31 | Australia | ASD | ISM PQC Guidance | Official guidance (advisory) | Critical systems transition begins (pure PQC, no hybrid) | cyber.gov.au → · opens for people |
| Milestone 1 - Build Foundations (Enterprises)2028-12-31 | India | NQM Task Force | Quantum-Safe Ecosystem Roadmap (DST Report) | Official guidance (advisory) | Non-CII enterprises complete foundational PQC governance and crypto-asset inventory | dst.gov.in → |
| Milestone 2 - Migrate High-Priority Systems (CII)2028-12-31 | India | NQM Task Force | Quantum-Safe Ecosystem Roadmap (DST Report) | Official guidance (advisory) | CII entities convert PQC pilots into funded migration programs with KPIs for high-priority systems | dst.gov.in → |
| 20292029-01-01 | United States | Internal Target | Vendor target | Full PQC migration including authentication | blog.google → | |
| 20292029-01-01 | United States | Cloudflare | PQC Target | Vendor target | Full post-quantum security including authentication | blog.cloudflare.com → |
| Milestone 3 - Full PQC Adoption (CII)2029-12-31 | India | NQM Task Force | Quantum-Safe Ecosystem Roadmap (DST Report) | Official guidance (advisory) | CII entities complete full adoption of PQC across systems | dst.gov.in → |
| Medium-term phase2029-12-31 | Taiwan | FSC (Financial Supervisory Commission) | PQC Migration Reference Guide for the Financial Industry | Official guidance (advisory) | Financial institutions advance pilot testing, infrastructure upgrades, and joint testing mechanisms | fsc.gov.tw → |
| 20302030-01-01 | United States | NIST | IR 8547 | Official guidance (advisory) | 112-bit-strength quantum-vulnerable algorithms deprecated (RSA-2048, DH-2048, P-224). | nvlpubs.nist.gov → |
| 20302030-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | Networking & firmware: exclusively CNSA 2.0 | media.defense.gov → · opens for people |
| 20302030-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | Constrained devices, large PKI: prefer CNSA 2.0 | media.defense.gov → · opens for people |
| 20302030-01-01 | Germany | BSI | TR-02102-1 | Official guidance (advisory) | Full PQC migration for KRITIS entities (hybrid mandatory) | bsi.bund.de → |
| 20302030-01-01 | France | ANSSI | PQC Position Paper | Official guidance (advisory) | Hybrid PQC mandatory for KEMs and signatures (EU-aligned) | cyber.gouv.fr → |
| Jan 20302030-01-02 | United States | White House | EO 14306 | Binding requirement | TLS 1.3 (or successor) required across all federal systems | whitehouse.gov → |
| End 20302030-12-31 | European Union | NIS Coop. Group | Coordinated Roadmap | Official guidance (advisory) | Phase 2: CII and high-risk use cases migrated to PQC | digital-strategy.ec.europa.eu → |
| End 20302030-12-31 | Australia | ASD | ISM PQC Guidance | Official guidance (advisory) | Cease use of traditional asymmetric cryptography entirely | cyber.gov.au → · opens for people |
| Milestone 2 - Migrate High-Priority Systems (Enterprises)2030-12-31 | India | NQM Task Force | Quantum-Safe Ecosystem Roadmap (DST Report) | Official guidance (advisory) | Enterprises convert PQC pilots into funded migration programs with KPIs for high-priority systems | dst.gov.in → |
| Recommended full procurement transition2030-12-31 | France | ANSSI | PQC Certification Requirement (2026 update) | Official guidance (advisory) | ANSSI recommends that all new government and business purchases of security products be quantum-safe by 2030 | cyber.gouv.fr → |
| End 20312031-12-31 | United Kingdom | NCSC | PQC Migration Timelines | Official guidance (advisory) | Phase 2: High-priority migration complete | ncsc.gov.uk → |
| End 20312031-12-31 | Canada | CCCS | ITSM.40.001 | Binding requirement | High-priority system migration complete | cyber.gc.ca → |
| 20322032-01-01 | Germany | BSI | TR-02102-1 | Official guidance (advisory) | Full PQC migration for all remaining organizations | bsi.bund.de → |
| 20332033-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | Web, cloud, OS, niche, legacy: exclusively CNSA 2.0 or replaced | media.defense.gov → · opens for people |
| Milestone 3 - Full PQC Adoption (Enterprises)2033-12-31 | India | NQM Task Force | Quantum-Safe Ecosystem Roadmap (DST Report) | Official guidance (advisory) | Enterprises complete full adoption of PQC across systems | dst.gov.in → |
| 20352035-01-01 | United States | NIST | IR 8547 | Official guidance (advisory) | ALL quantum-vulnerable public-key algorithms disallowed | nvlpubs.nist.gov → |
| 20352035-01-01 | United States | NSA | CNSA 2.0 | Binding requirement | All US national security systems fully quantum-resistant | media.defense.gov → · opens for people |
| 20352035-01-01 | Japan | NCO | Interim Report | Official guidance (advisory) | Government agencies must complete PQC transition | cyber.go.jp → |
| 20352035-01-01 | South Korea | MSIT | PQC Master Plan | Official guidance (advisory) | Full PQC rollout across government and industry | quantumcomputingreport.com → |
| End 20352035-12-31 | United Kingdom | NCSC | PQC Migration Timelines | Official guidance (advisory) | Phase 3: Full PQC transition complete | ncsc.gov.uk → |
| End 20352035-12-31 | European Union | NIS Coop. Group | Coordinated Roadmap | Official guidance (advisory) | Phase 3: Full PQC transition across public sector | digital-strategy.ec.europa.eu → |
| End 20352035-12-31 | Canada | CCCS | ITSM.40.001 | Binding requirement | Full PQC migration complete | cyber.gc.ca → |
| Medium-to-long-term phase2035-12-31 | Taiwan | FSC (Financial Supervisory Commission) | PQC Migration Reference Guide for the Financial Industry | Official guidance (advisory) | Financial institutions prioritize migration of high-risk and critical systems, and progressively expand migration scenarios | fsc.gov.tw → |
Missing a dated mandate? Tell us.