Are You On Pace?

Global PQC deadlines are set. CNSA 2.0 compliance starts in 2027. Full migration required by 2035. The timeline below tells you when. pqprobe tells you if you're getting better or worse.

2025
PCI DSS 4.0
Crypto inventory mandatory
April
United States
CNSA 1.0 compliance or waiver required
December
European Union
Complete cryptographic inventory
December
2027
United States
All new NSS acquisitions must be CNSA 2.0 compliant
January
2030
United States
All NSS software/firmware using PQC signatures
Australia
Classical public-key crypto eliminated
European Union
Critical infrastructure fully PQC compliant
December
πŸ‡©πŸ‡ͺ Germany
Classical encryption deprecated for high-sensitivity (standalone)
December
2031
πŸ‡©πŸ‡ͺ Germany
Classical encryption deprecated for general use (standalone)
December
2034
G7 Financial
Financial sector fully PQC compliant
2035
United States
Pure PQC (no hybrid) for National Security Systems
United Kingdom
Full PQC migration complete
πŸ‡©πŸ‡ͺ Germany
Classical signatures deprecated (standalone)
European Union
All remaining systems migrated
Canada
Non-classified IT complete
πŸ‡°πŸ‡· South Korea
Full PQC transition
The deadlines above are fixed. The frameworks below spell out the details. pqprobe tracks whether you're improving, degrading, or stable over time—so you know if you're on pace.

United States (NSA CNSA 2.0)

Deadline Requirement
Aug 2024 NIST releases final PQC standards (ML-KEM, ML-DSA, SLH-DSA)
Dec 2025 NSS must meet CNSA 1.0 or obtain waiver
Jan 2027 All new NSS acquisitions must be CNSA 2.0 compliant
Jan 2030 All NSS software/firmware using PQC signatures; TLS 1.3 required
2033 Final mandatory compliance for most system types
2035 Pure PQC (no hybrid) required for National Security Systems
Targeting CNSA 2.0 compliance? Track your trajectory →

European Union

Deadline Requirement
Dec 2025 Complete cryptographic inventory of all vulnerable systems
2026-2027 Run hybrid pilot deployments (e.g., X25519 + ML-KEM)
Dec 2030 Critical infrastructure fully PQC compliant
2035 All remaining systems migrated
Need to demonstrate progress to regulators? See your trend data →

G7 Financial Sector

Phase Timeline Activity
Awareness 2025-2027 Quantum threat awareness, critical system mapping
Inventory 2025-2028 Full systems inventory with third-party dependencies
Migration Start 2026-2029 Begin migration for all systems
Critical Systems 2030-2032 Complete critical system migration
Full Compliance 2034 All financial sector PQC compliant
Board asking about quantum readiness? Get trajectory reports →

National Timelines

Country Agency Key Deadline Requirement
πŸ‡¬πŸ‡§ UK NCSC 2028-2031 Prioritize & pilot critical systems
πŸ‡¬πŸ‡§ UK NCSC 2035 Full migration complete
πŸ‡©πŸ‡ͺ Germany BSI 2030 Classical encryption deprecated for high-sensitivity (standalone)
πŸ‡©πŸ‡ͺ Germany BSI 2031 Classical encryption deprecated for general use (standalone)
πŸ‡©πŸ‡ͺ Germany BSI 2035 Classical signatures deprecated (standalone)
πŸ‡¦πŸ‡Ί Australia ASD 2030 Eliminate classical public-key crypto
πŸ‡¨πŸ‡¦ Canada CCCS 2035 Complete PQC transition for non-classified IT
πŸ‡―πŸ‡΅ Japan CRYPTREC 2035 Full PQC transition (aligning with US/EU)
πŸ‡°πŸ‡· South Korea KISA/NIS 2035 Complete PQC transition (includes KpqC domestic algorithms)

Regulatory Mandates (Already In Effect)

Regulation Effective PQC-Relevant Requirement
PCI DSS 4.0 Apr 2025 Annual crypto inventory + cipher review (Req 12.3.3)
πŸ‡ͺπŸ‡Ί NIS2 Directive Oct 2024 Mandatory encryption for 15+ critical sectors
πŸ‡ͺπŸ‡Ί DORA Jan 2025 "Robust cryptographic controls" for financial entities
πŸ‡ΊπŸ‡Έ OMB M-23-02 2023 Federal agencies must inventory crypto systems

National Agency Algorithm Recommendations

Agency Digital Signatures Key Encapsulation
πŸ‡ΊπŸ‡Έ NIST ML-DSA, SLH-DSA ML-KEM (HQC coming)
πŸ‡ΊπŸ‡Έ NSA ML-DSA, SLH-DSA, LMS ML-KEM
πŸ‡©πŸ‡ͺ BSI SLH-DSA, ML-DSA L3/L5, LMS/XMSS ML-KEM
πŸ‡«πŸ‡· ANSSI ML-DSA, FN-DSA L3/L5, SLH-DSA ML-KEM
πŸ‡¬πŸ‡§ NCSC ML-DSA-65, SLH-DSA, LMS/XMSS ML-KEM
πŸ‡―πŸ‡΅ CRYPTREC ML-DSA, SLH-DSA ML-KEM
πŸ‡°πŸ‡· KISA ML-DSA, SLH-DSA + KpqC (domestic) ML-KEM + KpqC (domestic)

Official Sources