One year ago, the National Institute of Standards and Technology (NIST) published its long-anticipated Post-Quantum Cryptography (PQC) standards, marking a pivotal moment for the future of cybersecurity. It wasn’t just a technical milestone — it was a global wake-up call: the quantum era is coming, and the cryptographic foundations that underpin our digital infrastructure must evolve.
For decades, algorithms like RSA and ECC have been the backbone of encryption. But with the advent of quantum computing, their vulnerabilities are now a matter of when not if. NIST’s release of the PQC standards formalized what experts have warned about for years: we need to act now to ensure long-term data security.
The 2035 mandate: a global target for PQC migration
Since NIST’s announcement, governments and standards bodies worldwide have begun to align around a shared target: complete migration to post-quantum cryptography by 2035. This timeline has been echoed by the UK’s National Cyber Security Centre (NCSC) and other influential organisations, providing industries with a much-needed deadline to drive action and investment.
2035 might sound distant, but when you consider the size and complexity of modern digital supply chains — spanning hardware, software, cloud services, and IoT — the scale of this transformation becomes clear. Cryptographic transitions are not “lift and shift” projects; they require careful, phased strategies that touch every layer of the ecosystem.
Early movers setting the pace
Encouragingly, certain sectors have already begun to rise to the challenge. Semiconductor and microprocessor vendors in particular, have made notable strides in embedding PQC into their architectures. These early adopters understand both the urgency and the competitive advantage that comes with moving first.
For them, PQC is not just a compliance exercise — it’s a strategic differentiator. By integrating quantum-safe cryptography into chips and embedded systems now, they are not only safeguarding their own technology stacks but also positioning themselves as the benchmark for downstream supply chain partners.
The post-quantum transition is already underway
For those who still think of quantum threats as a distant or theoretical issue, it’s time to recalibrate. Elements of our cybersecurity infrastructure are already PQC-enabled:
Encrypted messaging apps such as Signal and iMessage
Mainstream web browsers such as Chrome
Video conferencing platforms such as Zoom
As these platforms update their cryptographic foundations, interoperability becomes critical. Enterprises, service providers, and suppliers who haven’t begun their PQC transition risk being left behind – facing rising costs and integration hurdles in future procurement processes.
One year on: the only choice is to start
The message, one year after NIST’s announcement, is clear:
“The PQC transition has started — and the only choice is to start immediately. The longer organizations delay, the higher the cost and risk of being left exposed.”
— Ali El Kaafarani, CEO, PQShield
Waiting until 2035 to act is not a strategy. The digital supply chain is vast and interconnected, and true crypto agility will require coordinated efforts across sectors and geographies. Those who lead the way will shape the standards, set the pace, and gain a strategic edge in a quantum-secure future.
Are you ready to begin your PQC journey?
At PQShield, we’re helping organizations take the first steps toward a quantum-safe future with scalable, standards-aligned cryptographic solutions. The transition is here — let’s get started. Contact us if we can help guide you on your PQC journey.