It’s fair to say that microcontrollers rarely make headlines. But the cryptographic decisions baked into their design today might determine which devices stay secure in a post-quantum world tomorrow, and which become quiet liabilities.
That’s because many of today’s devices and components have long-term lifecycles. Microcontrollers with a shelf life of 15-20 years are likely to be in use well beyond the advent of quantum computing – leaving systems, controls, networks and critical infrastructure at significant risk without post-quantum protective measures. In addition, it’s already possible for attackers to steal encrypted data today with a view to decrypt it retroactively when the technology becomes available. With ‘harvest-now-decrypt-later’ attacks already taking place, the threat could not be more prescient.
The quantum deadline is a key driver for cryptographic modernization. But it’s also led to significant regulatory and compliance mandates, as governments, industry and national infrastructure aim to update and standardize the systems that keep us safe. It’s a fascinating shift towards a proactive integration of PQC (post-quantum cryptography) in the world’s supply chain.
For example, CISA (the US Cybersecurity & Infrastructure Agency) mandates a clear transition to quantum-resistant algorithms in alliance with CNSA 2.0, by a finalized date of 2035. Proactively achieving compliance with CNSA 2.0 is a strong driver, as it de-risks a manufacturer’s ability to sell into high-value government, defense and critical infrastructure markets in the future. In other words, PQC compliance is a gateway to the supply chain not just of tomorrow but of today.
Meanwhile in Europe, regulations such as the EU Quantum Act (expected for adoption in 2026) and the EU Co-ordinated roadmap, push for resilience in EU Member States for high-risk use cases by the early 2030s with a full quantum deadline of 2035. Legacy cryptography such as RSA and ECC is rapidly being phased out in preference of NIST-standardized PQC algorithms, even if the transition passes through a hybrid phase of traditional and post-quantum working in tandem.
It’s a similar story in the rest of the world. The UK’s NCSC (National Centre for Cybersecurity) has published a detailed roadmap and next steps in preparing for post-quantum cryptography, leading to high-priority migration activity for critical systems until 2031, and Australia, Canada, South Korea and Japan all have official guidance for PQC transition until 2035, when many of the international timelines coalesce.
These regulatory pressures open up a remarkable opportunity. PQC is now a strategic necessity for the supply chain, mandated by government as well as industry, and when it comes to microcontrollers, there’s an astonishing potential market ahead. The ARC Advisory Group estimates over 47 million automation products with OPC connectivity are installed globally, with numbers in the low hundreds of millions of units when it comes to PLCs and Distributed Control Systems. What’s more, the broader ecosystem of industrial endpoints such as intelligent sensors, actuators and drives likely extends to the billions. The broader IACS (Industrial Automated Control Systems) market is expected to exceed $395bn by 2029 with a favourable tailwind for new technologies such as post-quantum cryptography.
PQShield is specifically focused on implementations of PQC. We’ve spent years building IP that’s flexible, powerful and secure, powered by the very latest NIST-standardized algorithms. PQMicroLib, our FIPS 140-3-ready ultra-small cryptographic library is a powerful tool for embedded devices, running the very latest post-quantum technology in as little as 13KB, ideal for systems with low footprint and low memory. When it comes to microcontrollers and industrial systems, we’re at the cutting edge, deploying state-of-the-art side-channel countermeasures in software, ensuring physical protection of cryptographic secrets. Whether you want to avoid rip and replace, or build greenfield devices with the latest protections, we’ve built solutions like PQMicroLib that will help modernize your cryptography.
As the threat landscape evolves, the security pressure will certainly be followed by further regulations, and it will become an increasing necessity to ensure compliance with PQC mandates around the world. We know that that’s a great driver for change, with the supply chain standardizing to compliance requirements during PQC transition. That’s why, at PQShield, we’re committed to moving in alignment with the regulatory situation, and help keep the world safe from the threats of tomorrow, today.