Both the European Union (EU) Member States, supported by the Commission, and the Government of Canada have released coordinated roadmaps outlining their strategies for the transition to Post-Quantum Cryptography (PQC). These initiatives collectively aim to fortify digital infrastructures against the cryptographic threats posed by future quantum computers. The urgency stems from the potential for quantum computing to render current asymmetric cryptographic methods vulnerable, necessitating a proactive and coordinated global shift in cybersecurity paradigms.
The EU’s roadmap, developed by the NIS Cooperation Group in response to a Commission Recommendation from April 2024, mandates that all Member States begin their transition to PQC by the end of 2026. Furthermore, the protection of critical infrastructures within the EU is targeted for PQC transition no later than the end of 2030. This strategy emphasizes encryption methods based on complex mathematical problems designed to be resistant even to quantum computers, ensuring robust security for the EU’s digital infrastructure and supporting its technological sovereignty.
Concurrently, the Government of Canada, through its Cyber Centre, has issued its own roadmap for the migration of non-classified IT systems to PQC within federal departments and agencies. Key milestones include the development of initial departmental PQC migration plans by April 2026, the completion of high-priority systems migration by the end of 2031, and the full completion of remaining systems migration by the end of 2035. This Canadian approach outlines three execution phases: Preparation (including roles, financial planning, and procurement policies), Identification (cryptographic discovery to inventory vulnerable systems), and Transition (planning and executing system upgrades, replacements, tunneling, or isolation).
These parallel and coordinated efforts highlight a global recognition of the fundamental architectural shift required in cybersecurity to secure data and critical infrastructure. The roadmaps from both the EU and Canada underscore the importance of early planning, adoption of standardized PQC algorithms, and leveraging existing IT lifecycles to manage the significant undertaking. These government-led initiatives aim to ensure long-term data confidentiality and authenticity, preparing their respective digital landscapes for the quantum era and strengthening national cyber resilience.
Read the EU’s roadmap announcement here and the detailed roadmap document here. Access the Government of Canada’s Cyber Centre roadmap here.
June 30, 2025
