Post-quantum migration deadlines · Free

The first binding deadlines have already passed

Every dated post-quantum mandate from 20 jurisdictions, each traced to its primary source. Click a bubble to read the rule, see who it binds, and open the source.

77deadlines
20jurisdictions
29binding
17already in force
Colour = the region that set the rule. United States 27 Europe 16 South & SE Asia 9 East Asia 9 International 6 Canada 5 Oceania 3 Middle East 2
Skip the visualization, jump to the deadline table

Scroll to zoom · click any bubble for the rule and its source

Size = how binding a deadline is (mandatory largest). A deadline has no size of its own.

Where you stand

You have the deadlines. The next question is whether your systems are ready.

Of these 77 deadlines, 29 are binding and 17 are already in force. A date on a map does not tell you what it costs you. The free Post-Quantum Readiness Assessment maps where your own cryptography is exposed and what has to move first, in about ten minutes, with no registration.

Three more ways to go deeper
50primary government and standards sources, one behind every deadline
8corrections shown in the open, never quietly changed
0invented numbers, bubble size shows enforceability, nothing is fabricated
All 77 deadlines as a table, with every source link
DeadlineJurisdictionBodyMandateEnforceabilityWhat it requiresPrimary source
May 20222022-05-04 United StatesWhite HouseNSM-10 Binding requirement National Security Memorandum directing federal PQC migration bidenwhitehouse.archives.gov →
Nov 20222022-11-18 United StatesOMBM-23-02 Binding requirement Agencies must inventory cryptographic systems, report to CISA/OMB. Superseded by M-26-15 in June 2026 · corrected whitehouse.gov →
20232023-01-01 InternationalBISQuantum-Readiness Official guidance (advisory) BIS and FSB warn of systemic quantum risk; readiness roadmap bis.org →
20242024-01-01 GlobalBrowsersPQC in TLS De facto standard Chrome and Firefox ship hybrid PQC key exchange (X25519+ML-KEM) security.googleblog.com →
Feb 20242024-02-20 SingaporeMASQuantum Risk Advisory Official guidance (advisory) MAS advises financial institutions on quantum risks · corrected mas.gov.sg →
Apr 20242024-04-01 European UnionCommissionPQC Recommendation Official guidance (advisory) EC recommends coordinated PQC implementation roadmaps eur-lex.europa.eu →
Aug 20242024-08-13 United StatesNISTFIPS 203/204/205 Technical standard ML-KEM, ML-DSA, SLH-DSA finalized. The first PQC standards. nist.gov →
20252025-01-01 United StatesNSACNSA 2.0 Binding requirement Software/firmware signing & web/cloud: prefer CNSA 2.0 media.defense.gov → · opens for people
20252025-01-01 European UnionETSITS 103 744 Technical standard Hybrid classical+PQC key exchange standard etsi.org →
20252025-01-01 CanadaTreasury BoardPQC SPIN Binding requirement Dated, auditable PQC migration requirements in procurement canada.ca →
20252025-01-01 CanadaCCCSITSM.00.501 Binding requirement PQC procurement playbook with contract language. cyber.gc.ca →
20252025-01-01 South KoreaNIS/NSRKpqC Winners Technical standard 4 domestic PQC algorithms selected (HAETAE, AIMer, SMAUG-T, NTRU+) kpqc.or.kr →
20252025-01-01 South KoreaMSITPQC Master Plan Official guidance (advisory) Pilot migrations in finance and telecommunications quantumcomputingreport.com →
Jan 20252025-01-07 IsraelBank of IsraelDirective 202501 Binding requirement Banks must submit board-approved quantum preparedness plans · corrected boi.org.il →
Jan 20252025-01-17 European UnionEUDORA Binding requirement ICT risk management for EU financial entities takes effect eur-lex.europa.eu →
Mar 20252025-03-11 United StatesNISTHQC Selection Technical standard HQC selected as backup KEM (code-based, different math family). Standard expected around 2027. nist.gov →
Mandatory Enforcement2025-03-31 Global (Industry)PCI Security Standards CouncilPCI DSS v4.0 / v4.0.1 - Requirement 4.2.1 Binding requirement Certificate/key inventory and crypto-agility controls (Req 4.2.1) become mandatory for all entities that store, process or transmit payment card data worldwide blog.pcisecuritystandards.org →
Apr 20252025-04-08 GlobalOpenSSLOpenSSL 3.5 De facto standard PQC on by default: ML-KEM, ML-DSA, SLH-DSA; hybrid TLS. openssl-library.org →
Sep 20252025-09-18 United StatesNISTSP 800-227 Official guidance (advisory) Key-Encapsulation Mechanism recommendations published · corrected csrc.nist.gov →
Sep 20252025-09-25 InternationalFS-ISACPQC Migration Official guidance (advisory) Industry-led PQC migration roadmap for financial services · corrected fsisac.com →
Oct 20252025-10-22 SingaporeCSAQuantum-Safe Handbook Official guidance (advisory) Handbook and readiness index published · corrected csa.gov.sg →
Oct 20252025-10-29 MalaysiaNACSAPQC Readiness Roadmap Official guidance (advisory) National roadmap launched; 2025–2030 migration plan; sandbox nst.com.my →
Nov 20252025-11-20 United StatesDoWDoW CIO Memo Binding requirement Defense components must identify, inventory, and report all cryptographic usage; PSK phase-out by end-2030 dowcio.war.gov →
20262026-01-01 United StatesNSACNSA 2.0 Binding requirement Networking equipment: prefer CNSA 2.0 media.defense.gov → · opens for people
20262026-01-01 United StatesCISAProduct Advisory Official guidance (advisory) Product categories expected to support PQC identified cisa.gov →
20262026-01-01 JapanCRYPTREC/METIPQC Guidelines Official guidance (advisory) Planning into early execution; higher-risk environment upgrades cryptrec.go.jp →
20262026-01-01 UAECybersecurity CouncilNational Encryption Policy Binding requirement Binding migration plans; automated crypto inventory; crypto-agility wam.ae →
Jan 20262026-01-13 G7Cyber Expert GroupPQC Roadmap Official guidance (advisory) 6-phase PQC roadmap for financial sector home.treasury.gov →
Jan 20262026-01-20 European UnionCommissionNIS2 PQC (Proposed) Official guidance (advisory) PQC requirements proposed for NIS2 implementing acts · corrected digital-strategy.ec.europa.eu →
Feb 20262026-02-03 Hong KongHKMAQuantum Preparedness Index Official guidance (advisory) Quantum preparedness assessment index for financial institutions · corrected hkma.gov.hk →
Apr 20262026-04-01 CanadaCCCSITSM.40.001 Binding requirement Departmental migration plans due; annual reporting begins cyber.gc.ca →
Jun 20262026-06-12 United StatesWhite HouseNSPM-12 Binding requirement NSS cybersecurity governance overhauled; CNSS gets binding directive authority; NSA designated National Manager whitehouse.gov →
Jun 20262026-06-22 United StatesWhite HouseEO 14412 Binding requirement Key establishment by Dec 31 2030; signatures by Dec 31 2031 for HVAs/high-impact systems. FAR contractor compliance by 2030. CBOM guidance within 270 days federalregister.gov →
Jun 20262026-06-22 United StatesWhite HouseEO 14413 Binding requirement QC-ADDS science-grade quantum computer; 3 quantum sensor projects by Sep 2028; supply-chain analysis; NQIAC reconstituted federalregister.gov →
Jun 20262026-06-23 United StatesDoW CIODoW PQC Strategy Binding requirement All DoW systems: support PQC by Dec 31 2030; use PQC by Dec 31 2031. NSS under CNSA 2.0. Two tracks: HA-ECU and Commercial dowcio.war.gov →
Jun 20262026-06-24 United StatesOMBM-26-15 Binding requirement Five-phase PQC migration (2026–2035). Agency plans due Oct 2026. Crypto-agility mandated. Supersedes M-23-02 whitehouse.gov →
Sep 20262026-09-21 United StatesNISTFIPS 140-2 Sunset Binding requirement All FIPS 140-2 certificates moved to Historical; FIPS 140-3 required csrc.nist.gov →
Late 20262026-12-01 United StatesNISTFN-DSA (FIPS 206) Technical standard FN-DSA (Falcon) standard expected. Compact signatures. csrc.nist.gov →
End 20262026-12-31 European UnionNIS Coop. GroupCoordinated Roadmap Official guidance (advisory) Phase 1: National strategies, crypto inventories, pilots digital-strategy.ec.europa.eu →
End 20262026-12-31 AustraliaASDISM PQC Guidance Official guidance (advisory) Refined transition plan developed cyber.gov.au → · opens for people
20272027-01-01 United StatesNSACNSA 2.0 Binding requirement ALL new NSS acquisitions must be CNSA 2.0 compliant media.defense.gov → · opens for people
20272027-01-01 United StatesNSACNSA 2.0 Binding requirement Operating systems: prefer CNSA 2.0 media.defense.gov → · opens for people
20272027-01-01 European UnionEUCyber Resilience Act Binding requirement Products must support cryptographic updates (crypto-agility law) digital-strategy.ec.europa.eu →
Milestone 1 - Build Foundations (CII)2027-12-31 IndiaNQM Task ForceQuantum-Safe Ecosystem Roadmap (DST Report) Official guidance (advisory) Critical Information Infrastructure (CII) entities complete foundational PQC governance, crypto-asset inventory and risk assessment dst.gov.in →
Short-term phase2027-12-31 TaiwanFSC (Financial Supervisory Commission)PQC Migration Reference Guide for the Financial Industry Official guidance (advisory) Financial institutions establish governance frameworks, inventory methodologies, cryptographic asset inventories (CBOM) and foundational crypto-agility capabilities fsc.gov.tw →
Certification cutoff (Visas de sécurité)2027-12-31 FranceANSSIPQC Certification Requirement (2026 update) Binding requirement ANSSI will stop issuing security certifications ('visas de sécurité') for products that lack quantum-resistant encryption, starting in 2027 cyber.gouv.fr →
End 20282028-12-31 United KingdomNCSCPQC Migration Timelines Official guidance (advisory) Phase 1: Discovery complete. Full inventory and strategy defined. ncsc.gov.uk →
End 20282028-12-31 AustraliaASDISM PQC Guidance Official guidance (advisory) Critical systems transition begins (pure PQC, no hybrid) cyber.gov.au → · opens for people
Milestone 1 - Build Foundations (Enterprises)2028-12-31 IndiaNQM Task ForceQuantum-Safe Ecosystem Roadmap (DST Report) Official guidance (advisory) Non-CII enterprises complete foundational PQC governance and crypto-asset inventory dst.gov.in →
Milestone 2 - Migrate High-Priority Systems (CII)2028-12-31 IndiaNQM Task ForceQuantum-Safe Ecosystem Roadmap (DST Report) Official guidance (advisory) CII entities convert PQC pilots into funded migration programs with KPIs for high-priority systems dst.gov.in →
20292029-01-01 United StatesGoogleInternal Target Vendor target Full PQC migration including authentication blog.google →
20292029-01-01 United StatesCloudflarePQC Target Vendor target Full post-quantum security including authentication blog.cloudflare.com →
Milestone 3 - Full PQC Adoption (CII)2029-12-31 IndiaNQM Task ForceQuantum-Safe Ecosystem Roadmap (DST Report) Official guidance (advisory) CII entities complete full adoption of PQC across systems dst.gov.in →
Medium-term phase2029-12-31 TaiwanFSC (Financial Supervisory Commission)PQC Migration Reference Guide for the Financial Industry Official guidance (advisory) Financial institutions advance pilot testing, infrastructure upgrades, and joint testing mechanisms fsc.gov.tw →
20302030-01-01 United StatesNISTIR 8547 Official guidance (advisory) 112-bit-strength quantum-vulnerable algorithms deprecated (RSA-2048, DH-2048, P-224). nvlpubs.nist.gov →
20302030-01-01 United StatesNSACNSA 2.0 Binding requirement Networking & firmware: exclusively CNSA 2.0 media.defense.gov → · opens for people
20302030-01-01 United StatesNSACNSA 2.0 Binding requirement Constrained devices, large PKI: prefer CNSA 2.0 media.defense.gov → · opens for people
20302030-01-01 GermanyBSITR-02102-1 Official guidance (advisory) Full PQC migration for KRITIS entities (hybrid mandatory) bsi.bund.de →
20302030-01-01 FranceANSSIPQC Position Paper Official guidance (advisory) Hybrid PQC mandatory for KEMs and signatures (EU-aligned) cyber.gouv.fr →
Jan 20302030-01-02 United StatesWhite HouseEO 14306 Binding requirement TLS 1.3 (or successor) required across all federal systems whitehouse.gov →
End 20302030-12-31 European UnionNIS Coop. GroupCoordinated Roadmap Official guidance (advisory) Phase 2: CII and high-risk use cases migrated to PQC digital-strategy.ec.europa.eu →
End 20302030-12-31 AustraliaASDISM PQC Guidance Official guidance (advisory) Cease use of traditional asymmetric cryptography entirely cyber.gov.au → · opens for people
Milestone 2 - Migrate High-Priority Systems (Enterprises)2030-12-31 IndiaNQM Task ForceQuantum-Safe Ecosystem Roadmap (DST Report) Official guidance (advisory) Enterprises convert PQC pilots into funded migration programs with KPIs for high-priority systems dst.gov.in →
Recommended full procurement transition2030-12-31 FranceANSSIPQC Certification Requirement (2026 update) Official guidance (advisory) ANSSI recommends that all new government and business purchases of security products be quantum-safe by 2030 cyber.gouv.fr →
End 20312031-12-31 United KingdomNCSCPQC Migration Timelines Official guidance (advisory) Phase 2: High-priority migration complete ncsc.gov.uk →
End 20312031-12-31 CanadaCCCSITSM.40.001 Binding requirement High-priority system migration complete cyber.gc.ca →
20322032-01-01 GermanyBSITR-02102-1 Official guidance (advisory) Full PQC migration for all remaining organizations bsi.bund.de →
20332033-01-01 United StatesNSACNSA 2.0 Binding requirement Web, cloud, OS, niche, legacy: exclusively CNSA 2.0 or replaced media.defense.gov → · opens for people
Milestone 3 - Full PQC Adoption (Enterprises)2033-12-31 IndiaNQM Task ForceQuantum-Safe Ecosystem Roadmap (DST Report) Official guidance (advisory) Enterprises complete full adoption of PQC across systems dst.gov.in →
20352035-01-01 United StatesNISTIR 8547 Official guidance (advisory) ALL quantum-vulnerable public-key algorithms disallowed nvlpubs.nist.gov →
20352035-01-01 United StatesNSACNSA 2.0 Binding requirement All US national security systems fully quantum-resistant media.defense.gov → · opens for people
20352035-01-01 JapanNCOInterim Report Official guidance (advisory) Government agencies must complete PQC transition cyber.go.jp →
20352035-01-01 South KoreaMSITPQC Master Plan Official guidance (advisory) Full PQC rollout across government and industry quantumcomputingreport.com →
End 20352035-12-31 United KingdomNCSCPQC Migration Timelines Official guidance (advisory) Phase 3: Full PQC transition complete ncsc.gov.uk →
End 20352035-12-31 European UnionNIS Coop. GroupCoordinated Roadmap Official guidance (advisory) Phase 3: Full PQC transition across public sector digital-strategy.ec.europa.eu →
End 20352035-12-31 CanadaCCCSITSM.40.001 Binding requirement Full PQC migration complete cyber.gc.ca →
Medium-to-long-term phase2035-12-31 TaiwanFSC (Financial Supervisory Commission)PQC Migration Reference Guide for the Financial Industry Official guidance (advisory) Financial institutions prioritize migration of high-risk and critical systems, and progressively expand migration scenarios fsc.gov.tw →

Missing a dated mandate? Tell us.