Este artigo está disponível apenas em inglês no momento.
Post-Quantum Cryptography: The Enterprise Migration Guide for 2026-2030
NIST finalised post-quantum cryptography standards in August 2024. Regulators are issuing migration guidance. Adversaries are collecting encrypted data now to decrypt later. This is the practical enterprise migration guide — what to prioritise, how long it takes, and what the regulatory timeline looks like.
Key Takeaways
NIST's post-quantum cryptography standards (FIPS 203, 204, 205) were finalised in August 2024 — the technical migration target is now defined and organisations can begin systematic planning.
The 'harvest now, decrypt later' threat is not theoretical — intelligence agencies and sophisticated threat actors are actively collecting encrypted data today for future quantum decryption. Data that must remain confidential beyond 2030-2035 should be considered at risk under current encryption.
The migration is complex and multi-layered: TLS/HTTPS certificates, VPN infrastructure, code signing, PKI, SSH keys, hardware security modules, and encrypted data stores all need assessment and potentially migration.
APRA, the FCA, the NSA/CISA, and multiple other regulators have issued quantum-resistant cryptography guidance — financial services, critical infrastructure, and national security sectors face the most pressing regulatory expectations.
The practical migration sequence: inventory (what cryptography do you use and where), prioritise (which systems hold data with long sensitivity requirements), pilot (test post-quantum algorithms in low-risk systems), and migrate (systematic replacement starting with highest-risk systems).
"Apenas para fins informativos. Este artigo não constitui aconselhamento jurídico, regulatório, financeiro ou profissional. Consulte um especialista qualificado para orientação específica."
Why the migration cannot wait for quantum computers to arrive
The most common misconception about post-quantum cryptography migration is that it can wait until quantum computers capable of breaking current encryption actually exist. This misconception ignores the harvest now, decrypt later threat that makes the migration urgent regardless of quantum hardware timelines.
Sophisticated adversaries — including state-level threat actors — are collecting encrypted data today with the specific intent of decrypting it when capable quantum computers become available. This is not speculative: intelligence assessments from multiple governments have identified this threat as active and ongoing. For data that must remain confidential for ten or more years — financial records, health data, legal communications, state secrets, intellectual property — the protection of current encryption may be inadequate today, because the data will still exist when quantum decryption becomes possible.
NIST's post-quantum cryptography standards
NIST finalised three post-quantum cryptographic algorithms in August 2024: FIPS 203 (Module-Lattice-Based Key-Encapsulation Mechanism, or ML-KEM, based on the CRYSTALS-Kyber algorithm), FIPS 204 (Module-Lattice-Based Digital Signature Algorithm, or ML-DSA, based on CRYSTALS-Dilithium), and FIPS 205 (Stateless Hash-Based Digital Signature Scheme, or SLH-DSA, based on SPHINCS+). These standards provide the cryptographic foundations for quantum-resistant systems and are the basis for all serious migration planning.
The algorithms have different characteristics that make them appropriate for different use cases. ML-KEM is designed for key encapsulation — protecting symmetric keys in communication protocols like TLS. ML-DSA is designed for digital signatures where performance is important. SLH-DSA is designed for applications where the signature scheme needs to be based only on well-understood hash function security assumptions. Understanding which algorithm is appropriate for which use case requires cryptographic expertise — most enterprises will need external support for the technical assessment.
The enterprise cryptographic inventory
The first step in post-quantum migration is a comprehensive cryptographic inventory — mapping every use of public-key cryptography in your organisation's systems. This is harder than it sounds. Cryptography is embedded throughout enterprise technology infrastructure in ways that are often not visible to IT management: TLS/HTTPS on web servers and APIs, VPN tunnel encryption, email signing and encryption, code signing for software updates, SSH keys for server access, PKI certificates for internal authentication, hardware security modules, encrypted database fields, and encrypted backup systems. Each of these represents a migration requirement, and each has different migration complexity, different vendor dependencies, and different urgency based on the sensitivity and retention requirements of the data it protects.
The inventory output should classify each cryptographic use by: the algorithm in use, the data it protects, the sensitivity and retention requirement of that data, the vendor dependency for migration, and the estimated migration complexity and cost. This classification drives the prioritisation of the migration programme.
Regulatory expectations and timelines
Financial services regulators in major jurisdictions have begun issuing quantum-resistant cryptography guidance that signals future mandatory requirements. APRA has included quantum risk in its CPS 234 and CPS 230 discussions. The FCA in the UK has flagged quantum risk in operational resilience requirements. The NSA's CNSA 2.0 guidance establishes specific migration timelines for US national security systems. The pattern across these regulatory signals: voluntary guidance now, mandatory requirements by 2028-2030 for critical systems in regulated sectors.