Deep Dive Series

Global PQC Migration Timelines

The question I hear most often is “when do we need to migrate to post-quantum cryptography?” The honest answer is that it depends on who’s asking — and where they operate. There is no single global PQC deadline. There are dozens of them, set by different governments, regulators, and standard-setting bodies, on different timelines, with different algorithm requirements, and with different positions on whether hybrid cryptography is mandatory, optional, or discouraged. Australia wants classical asymmetric crypto eliminated by 2030. Germany’s BSI says 2030 for critical infrastructure, 2032 for everyone else. The UK says 2035. CNSA 2.0 has six sub-deadlines between 2025 and 2035. And these timelines don’t just differ on dates — they diverge on fundamental implementation questions.

This Deep Dive series maps the full landscape of PQC migration deadlines across 15+ jurisdictions, traces the points of convergence and conflict between them, and provides the cross-cutting analysis that individual country articles cannot: which deadlines actually bind, where the compliance gaps are for multinationals, and what the 2026–2030 squeeze means for organizations that haven’t started. The capstone article provides the strategic synthesis; the thematic pieces address the hardest cross-jurisdictional questions; and the jurisdiction articles go deep on each country’s specific requirements.

Interactive Tool

Global PQC Migration Timeline →

All 60+ deadlines from this Deep Dive, mapped on an interactive filterable timeline. Filter by region, sector, or milestone type. Every entry links back to the analysis on PostQuantum.com.

Analysis

Capstone

The Global PQC Migration Clock

The strategic synthesis: what patterns emerge across 15+ jurisdictions, where the timelines converge and diverge, and what the global picture means for organizations planning their migration.

The Hybrid Question: Why the World Can’t Agree on How to Deploy PQC

BSI and ANSSI mandate hybrid. Australia discourages it. CNSA 2.0 pushes toward pure PQC. What does a multinational actually implement to satisfy all of them?

The 2026–2030 Squeeze: 14 Deadlines in 48 Months

From the FIPS 140-2 sunset in September 2026 to Australia’s full classical crypto disallowance in 2030, the next four years contain the highest concentration of PQC deadlines in history. A chronological walkthrough.

Who Actually Enforces PQC Deadlines?

Most PQC deadlines are “authoritative guidance,” not binding regulation with penalties. This article maps the enforcement spectrum from strong suggestion to market access loss, and helps calibrate which deadlines are truly immovable.

Related Analysis

Forget Q-Day Predictions — Regulators, Insurers, Investors, Clients Are Your New Quantum Clock

The argument that underpins this entire Deep Dive: the reason to act is not Q-Day predictions, it’s ecosystem-driven deadlines.

PQC Standards Fragmentation: What Multinationals Must Plan For

The challenge of operating across jurisdictions with diverging PQC requirements.

Sovereignty in the PQC Era

Why countries are making different algorithm and deployment choices, and what that means for the global migration.

NIS2, DORA, and the EU PQC Roadmap

How EU regulatory frameworks interact with PQC migration requirements.

Enterprise PQC Migration: 5–15+ Year Timelines Study

The migration timeline estimates that make many of these deadlines look uncomfortably tight.