National Cyber Security publishes timelines for migration to post-quantum cryptography
The UK's National Cyber Security Centre (NCSC) has introduced a comprehensive roadmap for transitioning to post-quantum cryptography (PQC), establishing key milestones for organisations to evaluate risks, develop strategies, and complete the shift by 2035. This initiative aims to address the emerging threat of quantum computers, which have the potential to compromise current encryption standards.
The national migration to post-quantum cryptography (PQC), mitigating the threat from future quantum computers, is a mass technology change that will take a number of years.
The NCSC recognises the need both to offer guidance on some of the early-stage migration activities, and to set some indicative timelines that UK industry, government and regulators can follow. In this guidance, the NCSC sets out some key target dates for migration activities.
techUK has previously called for the NCSC to accelerate the publication of guidance on how all organisations should prepare for the quantum transition. Following this guidance, we now further encourage the NCSC to engage with industry and industry bodies to raise awareness of this guidance.
As techUK’s own industry perspective on quantum resilience states, the quantum and cryptography communities have been preparing for the quantum threat through defining and standardising quantum-resistant solutions. These may consist of implementing updated cryptographic approaches, while quantum based approaches are also being developed. This paper reflects previous best practice from the NCSC, and techUK welcomes the updated guidance.
The guidance:
-
outlines the essential steps for migrating to PQC
-
explains how preparatory work may differ across various sectors
-
provides recommendations on timelines for key activities throughout the extended transition to PQC
What does this mean for industry?
The NCSC acknowledges the importance of providing guidance on initial migration steps while establishing indicative timelines for UK industry, government, and regulators to follow. In the recently published guidance, the NCSC outlines crucial target dates for migration activities.
-
By 2028:
-
Organisations should definite their migration goals
-
Carry out a full discovery exercise (assessing your estate to understand which services and infrastructure that depend on cryptography need to be upgraded to PQC)
-
Build an initial plan for migration
-
By 2031:
-
Carry out your early, highest-priority PQC migration activities
-
Refine your plan so that you have a thorough roadmap for completing migration
-
By 2035:
-
Complete migration to PQC of all your systems, services and products
NCSC states a limited number of less commonly used technologies may face greater challenges in migrating by 2035. While some sectors may be more affected than others, all organisations should aim to meet these key deadlines.
You can read the full guidance on NCSC’s website.
Contact the team
Laura Foster
Laura Foster
Laura is techUK’s Associate Director for Technology and Innovation.
She supports the application and expansion of emerging technologies, including Quantum Computing, High-Performance Computing, AR/VR/XR and Edge technologies, across the UK. As part of this, she works alongside techUK members and UK Government to champion long-term and sustainable innovation policy that will ensure the UK is a pioneer in science and technology
Before joining techUK, Laura worked internationally as a conference researcher and producer covering enterprise adoption of emerging technologies. This included being part of the strategic team at London Tech Week.
Laura has a degree in History (BA Hons) from Durham University, focussing on regional social history. Outside of work she loves reading, travelling and supporting rugby team St. Helens, where she is from.
- Email:
- [email protected]
- LinkedIn:
- www.linkedin.com/in/lauraalicefoster