The European Payments Council (EPC) is the primary decision-making body for the European banking industry regarding payments. It carries significant weight when setting the rules by which money is moved digitally, and as a result their voice matters when it comes to transaction security.
The EPC’s 2026 Guidelines on Cryptographic Algorithms Usage and Key Management is a technical manual, offering formal recommendations for payment service providers on the selection of cryptography, particularly with the need for cryptographic agility and secure key lifecycles. It’s a fascinating deep-dive, focusing in Chapter 4 on the quantum threat, and the eventuality of cryptographically relevant quantum computing (CRQC). In summary:
- Progress in CRQC is advancing significantly
- Standardized PQC algorithms are required
- HNDL (Harvest Now Decrypt Later) is a real threat
- Cryptographic agility is now an essential requirement
The EPC advocates a three-phase approach:
- Establish a comprehensive cryptographic inventory
- Assess and progressively ensure crypto agility by design
- Adopt a risk-based approach towards replacing cryptography primitives
It’s particularly interesting to note the focus on security by design. Because the cost and difficulty of replacing algorithms or changing key sizes can be significant, the EPC emphasizes that building agility into a system from the start is an undeniable benefit when a transition becomes necessary.
This clarity resounds with our approach at PQShield. We’ve developed IP with cryptographic agility at its heart, particularly when it comes to the difficult question of future-proofing systems that need to be in place for the next 10-20 years.
And in the finance sector, the stakes could not be higher. These guidelines are likely to impact security policies, facilitate greater interoperability, and promote future-readiness. The EPC are urging organizations to review current cryptographic strategies and are clearly pushing towards flexible, future-proof solutions such as those offered by PQShield, ahead of the quantum threat.
- Read the full report from the EPC here
- Find out more about PQShield’s PQC solutions
Author: Matthew Stubbs is a content engineer and technical author, with a background in optical physics and engineering. With a range of experience in many industries and technologies, Matt writes about cybersecurity, science and cryptography updates, managing PQShield’s content and providing technical insight to the latest developments.