What CISOs Are Actually Doing About Post-Quantum Cryptography
The data you need to start your PQC migration conversation with your board, today.
Without this, you would be reading 200+ vendor whitepapers, 40+ academic papers, and 17 regulatory documents across 8 industries. We read them. 14 publicly documented migration projects distilled into one navigable page. 115+ verified sources.
This is the only cross-industry PQC migration database with verified sources. Vendor whitepapers sell products, not truth. Analyst reports cost $5,000+ and cover one sector. Academic papers assume you read LaTeX. This database covers 14 organizations across 8 industries, every number sourced, failures included. Vendor-neutral.
Four things broken about PQC migration right now
No FIPS 140-3 PQC hardware security module exists on Earth. Every regulated organization is blocked on production deployment.
Verified April 2026Five cost figures exist globally, all publicly funded. No Fortune 500 company has disclosed what PQC migration costs. Budget conversations are based on guesses.
EU mandates hybrid PQC (classical + quantum-safe). US prefers pure PQ. Multinational organizations cannot satisfy both with a single deployment strategy.
Of 14 documented cases, only 2 had internal PQC capability (Cloudflare, Signal). The rest relied on vendors or academic partnerships. PQC engineers do not exist at scale.
How to use this page
Filter by sector below. Each card is a real PQC migration project.
Full details: timeline, cost, algorithms, X+Y vs Z timing score, maturity, failure modes, sources.
Use the patterns and then take the PQC assessment to measure your own readiness across the same 6 dimensions.
The crypto-procrastination problem
Business executives are structurally incentivized to underestimate security risk. When the cost of addressing a risk is visible and immediate, but the cost of the risk materializing is probabilistic and deferred, organizations systematically choose deferral. OPM (20M records), Japan Pension Service (1.25M records), and Fukushima all followed this pattern.
PQC migration has exactly this structure. Of 14 documented cases, 10 are still in progress and 1 is still in planning. Only Signal deployed in months. Every other organization measured timelines in years.
When your board asks "what did we do about quantum risk?", the minimum defensible answer is a cryptographic inventory and a sourced risk assessment. This page gives you the evidence. The PQC assessment gives you the score.
Source: Zenitani, in Takagi et al. (2026), Mathematical Foundations for Post-Quantum Cryptography, Springer, pp. 420-440. Verified April 2026
X = data shelf life (how long your data must stay secret). Y = migration time (years to deploy PQC). Z = threat horizon (years until a cryptographically-relevant quantum computer, estimated ~12 years mid-range per GRI surveys, range 9-20+). If X + Y > Z, you should have started already.
Every case in this database has X+Y > Z. Calculate yours: Calculate your X+Y vs Z timing test
Case Studies
Click any case to see full details. Filter by industry. Data as of April 2026
Where the field actually is
Overall PQC maturity scores across all 14 publicly documented cases (1-5 scale). The pattern is the insight.
10 of 14 cases score 3/5 ("Structured"). Only Cloudflare and Signal reach 5/5. The assessment uses these same 6 dimensions to score your organization.
See where you fall on this chartBuild vs buy
The 14 cases split into distinct capability models. Your staffing decision should match.
Cloudflare and Signal. Both control the full stack. Both deployed in months, not years. Requires deep cryptographic engineering talent already on staff.
Workforce: dedicated crypto engineers. Cloudflare built CIRCL (Go crypto library). Signal designed PQXDH protocol in-house.
USAF (QuSecure), BdF+MAS (CryptoNext), Estonia (Cybernetica), Vodafone (IBM/SandboxAQ), SWIFT (planning). Procurement-driven. Speed depends on vendor maturity.
Workforce: project managers + vendor oversight. PQC expertise outsourced. Risk: single-vendor dependency (Estonia, USAF).
BIS Leap, Mastercard, Germany ID, Hydro-Quebec, PQC4MED, Ethereum, PQ-NEXT. Multi-partner, often publicly funded. Slower but builds ecosystem knowledge.
Workforce: mixed academic + industry teams. PQC4MED's consortium model led to Infineon's TEGRION chip (R&D-to-product pipeline).
Crypto-agility is the real requirement
PQC migration is not a one-time algorithm swap. It is a permanent operational capability. ML-KEM (FIPS 203) and ML-DSA (FIPS 204) are the current NIST standards. SLH-DSA (FIPS 205) provides hash-based signature diversity. HQC-KEM (planned as FIPS 207, expected 2027) offers a backup KEM if lattice assumptions break. Organizations that build crypto-agility now can swap algorithms without re-architecting.
11 of 14 organizations named specific NIST algorithms. All converged on ML-KEM and ML-DSA. PQC4MED designed for crypto-agility before NIST finalized, which proved correct. Verified April 2026
Cross-Case Patterns
From 14 publicly documented organizations. Last verified April 2026
EU mandates hybrid. US prefers pure PQ.
Multinational organizations face a compliance conflict that adds implementation cost.
| Authority | Approach | Rationale |
|---|---|---|
| BSI (Germany) | Hybrid mandatory | If PQC algorithm fails, classical layer survives |
| ANSSI (France) | Hybrid mandatory | Joint statement with BSI + 20 EU states |
| CNSA 2.0 (US NSA) | Pure PQ preferred | Simplicity. Trusts NIST algorithm selection. |
| NCSC (UK) | Pure PQ preferred | Aligned with US approach |
Hybrid satisfies both EU and US requirements but adds implementation complexity. The long-term EU position envisions running two PQC schemes simultaneously. Verified April 2026
Zero FIPS 140-3 PQC HSMs exist
As of April 2026, no hardware security module on Earth has a FIPS 140-3 CMVP certificate listing PQC algorithms. Verified April 2026
| Vendor | PQC Status | FIPS 140-3 PQC? |
|---|---|---|
| AWS CloudHSM / KMS | ML-KEM in TLS | No |
| Google Cloud KMS | ML-KEM, ML-DSA, SLH-DSA | No |
| Thales Luna | PQC outside FIPS boundary | No |
| Entrust nShield | PQC outside FIPS boundary | No |
First certificates expected late 2026 to early 2027. Waiting compresses your implementation timeline into the same window as everyone else.
PQC intelligence flows through institutional networks
Organizations outside these networks are making PQC decisions without the most current intelligence.
Connects 5 of 14 cases. BdF carries knowledge in, SWIFT carries findings to 11,000+ institutions.
50+ companies, 20+ operators. 7 published documents. Liaison to 3GPP, IETF, ETSI, ITU.
Top-down: federal law to CNSA 2.0 milestones to Pentagon CIO memo. 47+ collaborators.
Vertically integrated supply chain. Infineon: R&D (PQC4MED) to production (TEGRION EAL6).
Why the threat is already active
Harvest Now, Decrypt Later (HNDL) is not a theoretical concern. It is an economic decision.
A state-level adversary captures encrypted traffic now, stores it cheaply, and waits. Cloud storage costs continue to drop. The cost of harvesting is negligible compared to the value of the data. Financial transactions, healthcare records, M&A communications, classified government data, and long-lived authentication credentials are all targets.
The adversary does not need a quantum computer today. They need a storage budget and patience. The decryption payoff is measured in billions. The harvest cost is measured in terabytes.
The threat is not "quantum computers will break our crypto someday." The threat is "our data is being harvested today and we cannot detect it."
Quantum Threat Monitor
When will quantum computers threaten your cryptographic systems? Scenario analysis grounded in published hardware benchmarks.
What PQC Migration Actually Costs
Five data points exist globally. All publicly funded. Zero private-sector disclosures. Verified April 2026
| Organization | Amount | Scope | Cost/scope |
|---|---|---|---|
| US Air Force | $3.9M | PQC encryption on B-52 fleet | Single platform overlay |
| PQ-NEXT EU | EUR 6.0M | 19-partner, 4-sector PQC pilots | ~EUR 316K/partner |
| Hydro-Quebec | CAD ~2M | PQC for smart grid OT/SCADA | Two-phase R&D |
| Ethereum | $2.0M | PQC research prizes | Research incentive only |
| PQC4MED | EUR 690K | Medical device PQC R&D (36 months) | ~EUR 19K/month |
For full enterprise migration: USD 300-500M over 10+ years for one large telco. Discovery alone: $2-5M involving 120,000+ discrete tasks (PostQuantum.com, based on 10 years of engagements). US federal estimate: $7.1B for civilian agencies, 2025-2035 (OMB/ONCD). None of the five project costs above represent a complete enterprise-wide migration.
Deadlines Already Set
Assumed threat horizon: ~12 years (mid-range GRI estimate). If your migration takes 5+ years, the 2030 deadlines are already tight. Last verified April 2026
Failure Modes
28 documented failure modes across 14 publicly documented cases. Click to expand.
Which of these failure modes affect your organization? The PQC assessment evaluates your exposure across all six dimensions, including ecosystem dependencies and technical readiness.
Assess your exposure (5 min)Most organizations will not complete PQC migration this year. That is not the goal. The realistic target for 2026 is: inventory + assessment + vendor engagement. Of 14 documented cases, only Signal and Cloudflare achieved full deployment, and both control the entire stack. The other 12 are still working through discovery, testing, and certification. Start with what is achievable: know what you have, know where you stand, and know who you depend on.
Where do I start?
24 questions across 6 dimensions. Includes an interactive X+Y vs Z timing calculator, sector benchmarks, and a 30/60/90-day roadmap. No account needed for the quick score. Start now →
Discover which systems use which algorithms, which certificates expire when, which data has long shelf life. Discovery costs $2-5M for large enterprises (PostQuantum.com estimate). Without it, every subsequent decision is a guess.
Vendor dependency is the #1 failure mode (14/14 cases). Ask your HSM vendor, cloud provider, and infrastructure vendors for their PQC timeline and FIPS certification status.
Start with ML-KEM (FIPS 203) + ML-DSA (FIPS 204). Plan for SLH-DSA and HQC. PQC4MED's crypto-agile approach proved correct when algorithms changed.
If you only do one thing: take the PQC assessment. It takes 5 minutes, produces an immediate score, and tells you where your gaps are. You can forward the results to your board.
What this page does not tell you
- Your cryptographic inventory. We know what 14 organizations use. We don't know what you use. The assessment helps here.
- Your vendor's actual roadmap. We track which vendors appear in cases. We don't have your vendor's internal timeline.
- Your data classification. X (data-shelf-life input) depends on your data's shelf life, which only you know.
- Your budget constraints. Five cost data points exist. None map to your organization size or sector mix.
- 14 cases, not 14,000. These are publicly documented projects. Many organizations are migrating privately and haven't disclosed.
- Public-sector bias. All cost data comes from publicly funded projects. Private-sector economics may differ.
- Point-in-time data. This database reflects April 2026. HSM certifications, regulatory changes, and vendor roadmaps will evolve.
- No China/Russia cases. PQC migration in these countries is documented in Chinese/Russian sources not covered here.
Methodology
115+ verified entries across 14 publicly documented cases. Primary sources: BIS reports, NIST publications, CORDIS EU database, official press releases, SEC filings, SBIR contracts. Secondary: industry analysis, academic papers (Takagi et al. 2026, Springer). Every claim has a named source with URL and date.
Verified: Multiple independent sources confirm. Reported: A named organization said it publicly. Estimated: Derived from available data with stated assumptions. "Unknown" means nobody knows, not that we didn't look.
If you're a security engineer, architect, or risk manager, forward this page to whoever needs to start the PQC conversation at your organization. The URL is shareable.
We add new cases and update existing data as organizations publish. No spam, no sales sequences. Just PQC intelligence.
Ready to measure your PQC readiness?
The assessment uses the same 6 dimensions as these case studies. Quick score in 3 minutes. Full assessment in 15. Sector benchmarks and a 30/60/90 roadmap included.
PQC Migration Intelligence Database v1.0, April 2026. Built by DeployQuantum. Vendor-neutral. Every claim sourced. 14 publicly documented cases.