With its new roadmap, the EU is initiating a strategic shift toward quantum-resistant cryptography. Organizations must prepare their IT security architectures in time. This means implementing concrete measures within clearly defined deadlines, doing so under significant pressure to act.

Content

Quantum Computing: A Threat with Lead Time The Roadmap: Three Phases, One Objective Risks Are Shifting – Responsibility Is Not Achieving PQC Readiness with essendi: From Inventory to Implementation Act – Don’t Wait

Quantum Computing: A Threat with Lead Time

Modern encryption methods such as RSA or ECC are based on mathematical problems that are difficult to solve for classical computers. Quantum computers, however, may one day crack these problems efficiently. This is no longer a theoretical concern. The threat is real. Attackers are already archiving encrypted data today in order to decrypt it later using quantum computers (“store now, decrypt later”).

To counter this development, the European Commission published a roadmap for the transition to post-quantum cryptography (PQC) in April 2024. The objective: a coordinated migration to quantum-secure cryptographic methods by 2035 at the latest. The Commission is pursuing this through measurable milestones and binding short-term directives.

The Roadmap: Three Phases, One Objective

The PQC roadmap outlines the migration path in three key phases:

By the end of 2026 – Establishing the foundation:

  • Identify relevant stakeholders (e.g. CISO, CIO, Head of IT Security)
  • Create a comprehensive inventory of cryptographic assets
    → Here, essendi cd supports the process with automated crypto discovery and risk assessment.
  • Analyze system dependencies and include supply chain considerations
  • Classify systems and data by quantum risk level
  • Launch pilot projects for highly sensitive use cases

By the end of 2030 – Migration of critical systems:

  • Fully migrate high-risk systems to post-quantum cryptography
  • Introduce hybrid approaches (traditional + PQC) wherever feasible
  • Ensure all software and firmware updates are protected with quantum-secure signatures
    → A key use case for essendi xc, enabling agile certificate management and PQC integration.

By the end of 2035 – Full implementation where feasible:

  • Complete the migration of medium- and low-risk systems
  • Ensure update capability and cryptographic agility across all relevant environments

Risks Are Shifting – Responsibility Is Not

Technical and organizational requirements are increasing significantly. At the same time, regulatory pressure is mounting: the NIS2 and DORA regulations already require companies to secure their systems using state-of-the-art cryptography. In addition, the Cyber Resilience Act, starting in 2027, will impose far-reaching requirements on product security.
Responsibility does not rest solely with IT departments. According to EU regulations, executive management shares clear accountability – including personal liability in the event of non-compliance. Early preparation is therefore not optional, but mandatory.

Achieving PQC Readiness with essendi: From Inventory to Implementation

The transition to post-quantum cryptography requires more than technical expertise – it demands full transparency and control. This is where essendi’s solutions come into play:

  • essendi cd delivers a comprehensive view of all cryptographic assets in the organization – including vulnerability analysis and risk classification.
  • essendi xc ensures flexible, auditable, and future-proof certificate management – ready for hybrid and post-quantum-ready infrastructures.

Both systems integrate seamlessly into existing IT environments and provide the foundation for a sustainable PQC strategy.

Act – Don’t Wait

Introducing post-quantum cryptography is more than an IT project. It represents a strategic overhaul of the digital security architecture. The EU roadmap makes the direction clear. Companies that start preparing now gain not only time and compliance assurance – they also safeguard their digital sovereignty.

CTA: Planning the next steps in your PQC strategy? We support you with the right technology, proven expertise, and practical insight. Get in touch with us.

Roadmap at a Glance

By 2026: Crypto inventory (CBOM, essendi cd), risk classification, pilot projects
By 2030: High-risk systems migrated, PQC-secured updates, cryptographic agility prepared (essendi xc)
By 2035: Migration of medium- and low-risk systems completed, update mechanisms made PQC-capable

Technical foundation: NIST PQC standards + EU timeline

Phase essendi Solution Objective Benefit
Advisory Support essendi PQC Consulting Analyze the situation, develop an appropriate strategy Targeted and results-oriented approach
Inventory essendi cd Record all cryptographic assets Complete crypto inventory (CBOM)
Analyze & Prioritize essendi cd Assess risks, identify dependencies Risk classification, identification of legacy cryptography
Initiate PQC Migration essendi xc Launch pilot projects, implement hybrid algorithms, issue new certificates Agile management, hybrid PKI, PQC-compatible certificates
Secure Operations & Updates essendi xc Enable PQC-secure updates, establish crypto-agile processes PQC-compliant signing processes, lifecycle management

Subscribe to the free essendi it newsletter.

SIGN UP NOW AND STAY INFORMED.