BSI President Claudia Plattner said it plainly in November: "We must assume that by 2030, quantum computers will be capable of breaking today's cryptographic algorithms." Not "might be capable." Not "could potentially pose a risk." Must assume.
That quote appeared in a joint announcement from Bundesdruckerei, Giesecke+Devrient, the BSI, and Infineon. They've built a working demonstrator that integrates post-quantum cryptography into Germany's national ID card chip. Hybrid classical-plus-PQC signatures now, full PQC later. It's one of the first functional implementations of PQC in a national identity document anywhere in the world.
The coverage was extensive. Help Net Security, Technology Magazine, Quantum Zeitgeist, SecurityBrief, Euro Security—all ran the story. Every one of them reprinted the same three quotes from the same three executives. None of them asked the obvious follow-up question.
The Chip Is Not the System
Germany's eID card has carried an integrated online identification function since 2010. Citizens use it to authenticate against government and private-sector services. The card is valid for ten years, which is what makes PQC urgent: cards issued today need to survive until 2035.
Bundesdruckerei hardened the chip. That's the demonstrator. What the press coverage doesn't examine is everything above the chip.
When a citizen authenticates with their eID, the card doesn't operate in isolation. It participates in a cryptographic protocol with a verification backend. That backend validates signatures, negotiates key exchange, checks revocation status. Every one of those operations depends on classical cryptographic primitives—the same ones Plattner says will be breakable by 2030.
A quantum-secure chip talking to a quantum-vulnerable verification service is a quantum-vulnerable system.
The EUDI Wallet Deadline
This gets more concrete fast. Under eIDAS 2.0, every EU member state must offer citizens a European Digital Identity Wallet by the end of 2026. That's not a planning horizon. That's a shipping deadline.
The EUDI Wallet is a mobile application that stores, manages, and presents digital credentials—identity documents, professional certificates, attestations of attributes. The ecosystem it operates in is built on digital signatures for credential issuance and presentation, key agreement for secure channels, and trust chain validation against member-state trust registries. All of this runs on cryptography that is, today, quantum-vulnerable.
A 2024 paper in Computer Law & Security Review makes this point explicitly: the EUDI Wallet prototypes use electronic signatures and authentication that will need to be replaced by post-quantum resistant cryptography. The authors argue the wallet could actually be the ideal vehicle for introducing hybrid PQC at scale—but only if the cryptographic foundations are addressed before deployment, not after.
The gap is straightforward. Bundesdruckerei is PQC-hardening the document layer. The EU is mandating a credential verification layer that ships end of 2026. Nobody is publicly addressing the PQC readiness of the middleware between them.
Where the Crypto Actually Lives
Digital identity verification involves more cryptographic surfaces than most migration plans account for. Consider the chain:
A credential issuer signs an attestation with a digital signature. The wallet stores it. A relying party requests verification. The wallet presents the credential over a secure channel. The relying party validates the signature against the issuer's public key, resolved through trusted lists published by member states.
Signatures. Key agreement. Trust list validation. Revocation checks. Each of these is a distinct cryptographic operation, and each is a distinct migration target. The signature algorithm on the chip is one link in a chain where every other link is still classical.
The EUDI architecture compounds this. The system is designed so that every participant—issuers, holders, verifiers—independently implements cryptographic operations against a shared PKI trust framework. A PQC migration has to reach all of them, or the chain breaks at the weakest link.
The organizations building this identity verification infrastructure—the wallet providers, the trust registry operators, the credential verification services—are the ones who need to be planning their PQC migration now. Not when the chip is ready. Not when the standards are final. Now, because they're shipping by end of 2026.
What BSI's Timeline Actually Means
Plattner's 2030 statement isn't a forecast. It's an operational planning assumption from the head of Germany's federal cybersecurity authority. It aligns with Australia's decision to ban RSA, DH, and ECC in high-assurance systems by 2030—five years ahead of comparable US timelines. These are organizations with intelligence visibility that commercial vendors don't have. When they set deadlines, those deadlines reflect threat assessments that aren't public.
The Bundesdruckerei demonstrator proves Germany is taking this seriously at the hardware level. But hardware is the easiest layer to control. A chip is a single artifact, produced by a small number of manufacturers, with a well-defined cryptographic boundary. The identity ecosystem above it—the wallets, the verification services, the credential exchange protocols, the trust registries—is distributed, heterogeneous, and largely unaudited for PQC readiness.
Some of that infrastructure could theoretically support PQC. Germany's PID implementation, for instance, will anchor wallet credentials in a cloud HSM—hardware that is technically capable of running post-quantum algorithms. But the current specifications consider crypto agility without mandating PQC anywhere. The infrastructure may be upgradeable. Nothing yet requires that it upgrades.
That's the part nobody is writing about.
Measuring the Gap
If you operate identity verification infrastructure in the EU, three questions matter right now.
First: what cryptographic primitives are your credential signing and verification operations actually using? Not what your library supports. What your production systems negotiate.
Second: can your systems negotiate hybrid classical-plus-PQC schemes? The Bundesdruckerei demonstrator uses a hybrid approach specifically because the transition can't be instantaneous. Your middleware needs to support the same model.
Third: are you getting better or worse? A point-in-time audit tells you where you stand today. It doesn't tell you whether last month's deployment regressed your PQC readiness, or whether your dependency updates moved you forward. Migration is a trajectory, not a snapshot.
The German government just demonstrated that the document layer can be hardened. The question for everyone building on top of it is whether they'll be ready when those documents start arriving.
pqprobe tracks post-quantum cryptographic migration over time—across network protocols, code dependencies, configurations, and endpoints. If you're building identity infrastructure that needs to survive past 2030, the time to start measuring is before you ship.