Industry News

Quantum-Readiness Roadmap: BIS Calls Finance to Prepare for the Post-Quantum Era

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email July 7, 2025
12 minutes read
BIS Quantum Readiness Paper

On July 7, 2025 the Bank for International Settlements (BIS) – often called the “central bank of central banks” – published a major paper titled “Quantum-readiness for the financial system: a roadmap.” The paper provides a comprehensive framework to help the global financial sector transition to quantum-safe cryptography.

The BIS is a 95-year-old institution in Basel, Switzerland that serves as a forum and bank for central banks around the world. It facilitates cooperation on financial stability issues. The BIS rarely sounds the alarm on technology issues so explicitly, so when it speaks, it carries weight. A BIS roadmap on quantum security effectively sets a global agenda – it’s a nudge (or shove) for national authorities to start coordinating on quantum-safe encryption standards, regulations, and investments in upgrading technology. BIS’s involvement also signals that quantum cyber risk is not just an IT problem, but a systemic financial stability concern. To highlight that, the paper was released by the BIS’s Monetary and Economic Department.

Crucially, BIS stresses that the danger may come sooner than the arrival of a large quantum computer. Adversaries can “harvest now, decrypt later” (HNDL) – intercept and store encrypted data today, then decrypt it once they have a CRQC. Sensitive financial data (payments, customer info, trades) long-lived enough to be still valuable in 5–10+ years is at risk. The BIS’s message: the financial system must act now to safeguard data well before a future “Q-Day” when quantum decryption becomes possible. Waiting until such a machine is built will be too late, since any data stolen in the interim could be retroactively decrypted. As the paper puts it, “the time to act is now.”

Key components of the BIS roadmap

The 31-page paper lays out both the threat assessment and a “roadmap” of actions for financial institutions and regulators. It emphasizes a few overarching points up front:

  • Start the transition now: Don’t wait for proof that a quantum computer exists. Building quantum resilience will take years, so preparatory work must begin immediately. Broad awareness across executive suites and regulators is the first critical foundation.
  • Inventory and governance: Firms should catalogue all their cryptographic systems (where and how encryption is used) as a basis for migration planning. The paper calls this cryptographic inventory “a critical foundation” – you can’t fix what you don’t know you have. Strong governance structures (e.g. a lead executive for quantum readiness) are recommended to oversee the transition.
  • Not a simple swap: Don’t regard this change as “just swap algorithms and done.” The BIS cautions that migrating to post-quantum algorithms is far more complex than past crypto upgrades. The paper explicitly warns it is not a “flip the switch” moment but a painstaking overhaul that will span an extended period.
  • Cryptographic agility & defense in depth: Because future threats are uncertain, BIS advises building crypto agility – the ability to swap out cryptographic algorithms on the fly as threats evolve. Systems should be designed to be flexible, supporting multiple algorithms or easy upgrades. It also suggests defense in depth: layering multiple encryption methods (including symmetric, classical, and quantum-safe) such that no single failure exposes data. This could mean, for example, using hybrid encryption (combining classical RSA/ECC with a post-quantum scheme simultaneously) during the transition period. In fact, the BIS authors note that many national security agencies recommend hybrid approaches as an interim safeguard.
  • Post-Quantum Cryptography (PQC) as the near-term solution: The roadmap identifies post-quantum cryptography – new algorithms (lattice-based, etc) designed to resist quantum attacks – as the most viable path to protect the financial system in the near term. BIS points out that standards bodies like NIST have already standardized several PQC algorithms. These can be implemented in software relatively easily (at least compared to other options). A graph in the paper shows QKD and PQC as parallel tracks, but BIS clearly states QKD is still experimental and infrastructure-heavy, so “the approach available in the near term is PQC.” The paper echoes the skepticism of many experts about QKD’s practicality: several national cybersecurity agencies (UK NCSC, US NSA, etc) have argued QKD faces serious deployment challenges and that standardized PQC is the preferred mitigation for now. In short, BIS’s roadmap steers the industry toward rapid adoption of PQC algorithms (once vetted and standardized), while keeping an eye on QKD as a longer-term possibility (for niche uses or future consideration when it matures).
  • Phased and hybrid migration: The BIS roadmap suggests a phased migration strategy with possible hybrid cryptography in the interim. For instance, during an initial phase, institutions might deploy hybrid TLS handshakes that use both a classical algorithm (like RSA/ECDH) and a PQC algorithm together – so an attacker would need to break both. This reduces risk if early PQC algorithms later prove weak. Over time, once PQC is proven, the legacy crypto can be dropped. The paper highlights projects like the BIS Innovation Hub’s Project Leap, which already tested such hybrid post-quantum solutions in cross-border transactions to prove their feasibility. BIS is effectively urging firms to practice with PQC now, possibly in parallel (think “dual encrypt” important data), rather than waiting to do a big-bang cutover.
  • Timelines & guidance for institutions: While BIS stops short of declaring a hard deadline, it does weave in timeline guidance. It notes, for example, that NIST and the U.S. government plan to deprecate RSA by 2030 and fully prohibit its use by 2035 in sensitive systems. That gives a rough clock for the private sector as well. The BIS roadmap’s Section 3 lays out a structured program for both regulators and individual institutions. Graph 6 presents a systemic roadmap from a central bank/supervisor’s perspective. It outlines three major phases:
    1. Engagement & Awareness: In this first phase, authorities should engage all stakeholders across the financial system. This means raising awareness among financial firms and even the public about the quantum threat and the need to act. It also involves conducting system-wide risk assessments – regulators and banks collaboratively evaluating which parts of the financial sector are most at risk. An outcome of this phase is to set high-level priorities: which systems/data must be protected first, and what requirements (like crypto agility) should be built in.
    2. Planning & Coordination: The next phase is to translate those priorities into concrete migration plans with aligned timelines and technical choices. BIS urges central banks and industry groups to coordinate on setting target dates (e.g. by when to stop issuing any new RSA certificates), choosing which PQC algorithms to adopt, and ensuring interoperability across borders. A key point is that financial systems are globally interconnected – no bank is an island. Thus, major milestones (like deprecating old algorithms or requiring PQC for cross-border transactions) need to be agreed internationally to avoid weak links. The BIS roadmap calls for cooperation with standards bodies (ISO, IETF, etc.) and forums like the G7 and G20 to harmonize these plans. Essentially, this is where detailed project planning happens: inventorying systems, testing PQC in labs, training staff, updating procurement policies so new systems are “quantum-ready,” and so on.
    3. Execution & Oversight: Finally, the phase of executing the migration and ongoing monitoring. Central banks and regulators are expected to track progress in the industry, ensure institutions meet interim targets, and share best practices. The roadmap even suggests conducting system-wide stress tests or penetration tests during and after the transition – for example, red-teaming a post-quantum payment network to ensure the new algorithms don’t introduce unforeseen vulnerabilities. The end goal is a financial system that has quantum-safe encryption everywhere needed and an embedded culture of crypto agility (continually updating crypto as needed). The paper notes that quantum-readiness should become a part of normal cyber risk management going forward, with regular reviews as the technology landscape evolves.
  • For individual institutions (banks, FMIs, fintechs), the BIS roadmap offers a similar three-step journey, broken down as Step 1: Awareness, Step 2: Planning, Step 3: Execution. For example:
    1. Awareness involves assigning an executive sponsor for the PQ effort, forming a cross-department team, and starting internal education programs on quantum risks. It also crucially includes kicking off that cryptographic inventory and deciding on a preliminary strategy (e.g. whether to adopt a hybrid crypto approach first or jump straight to PQC in some areas).
    2. Planning has firms developing detailed migration roadmaps: identifying which applications and devices use vulnerable cryptography, prioritizing them by sensitivity and data lifespan, and mapping out how to remediate or replace each one. BIS even provides a table of all the layers of technology that might need upgrades – from hardware security modules and network routers (which need firmware supporting PQC) to software, protocols, and vendor products that will have to be made quantum-safe. This underscores the enormity of the task: every layer of the IT stack may be touched.
    3. Execution is where organizations start implementing: deploying PQC algorithms (perhaps in pilot projects first), phasing out legacy crypto according to the plan, and testing everything for performance and security impacts. The BIS guidance here aligns with what forward-looking CISOs have been saying – treat this like a major digital transformation project, not just a patch. As the BIS concludes, this challenging transition is also an opportunity to upgrade and build more resilient systems with security-by-design and strong cryptography practices.

Notably, the roadmap does not impose hard dates for completion, but the sense of urgency is clear in the language (“imminent threat…requires urgent action…long-term sensitive data must be protected well before quantum computers reach maturity”). BIS is effectively giving a gentle but firm push: start now, figure out your plan in the next year or two, and try to get critical systems quantum-safe by the early 2030s at the latest. It’s encouraging central banks to lead by example and possibly coordinate mandates in their jurisdictions to ensure the private sector follows through.

In summary, the BIS quantum-readiness roadmap lays out why the financial system can’t afford to wait (quantum threats are coming, data is already at risk) and what needs to be done (inventory, plan, migrate with PQC, stay agile) to preserve trust in financial data and transactions. It’s both a call to action and a playbook – one that spans technical, governance, and international coordination aspects. The mere publication of this paper is newsworthy in itself: it’s effectively the BIS sounding a coordinated starter’s pistol for the global race to post-quantum security in finance.

Analysis

The BIS roadmap is a welcome and significant step – it elevates the conversation on quantum threats from niche IT departments to the level of central banks and global policy. But how realistic are its timelines and assumptions? Does it go far enough, fast enough?

Are the BIS timelines realistic or too conservative?

BIS deliberately avoids pinpointing an exact “Q-Day” in the roadmap, acknowledging uncertainty, but it leans on consensus surveys that place the likely advent of a CRQC sometime in the 2030s. This is broadly in line with many projections, but it’s worth noting that some leading experts now argue 2030 is not just possible but plausible for RSA-2048 to be broken. BIS’s language urges urgency, but one could argue it could have been even more explicit. That said, the roadmap does cite the “harvest now, decrypt later” threat repeatedly, which inherently means the countdown is already ticking. On balance, BIS’s timeline assumptions aren’t overly optimistic – they reflect mainstream expert views – but they err slightly on the side of caution (perhaps so as not to be dismissed as alarmist). Given recent quantum tech news, there’s a case to treat the BIS’s 10-year scenario as the pessimistic upper bound, not the baseline.

Assessing the roadmap’s realism

The BIS acknowledges that migrating to PQC will be a massive, multi-year undertaking fraught with challenges. This aligns with what industry practitioners have been saying. Both BIS and other experts emphasize that this is not a simple software patch: many legacy systems (think older ATM networks, payment terminals, IoT sensors in banks, etc.) might not even support the bigger keys and heavier computation of PQC without hardware upgrades. So the BIS’s call for detailed planning and inventory is absolutely spot on. Where the realism might falter is in whether firms will actually follow through at the needed pace without mandates. The roadmap relies on persuasion and coordination. BIS can shine a spotlight and even facilitate collaboration (eg. via G7 working groups), but it has no regulatory teeth to force banks to invest in this now. And historically, banks tend to be reactive – especially if the risk feels abstract. BIS’s roadmap alone, while directionally excellent, may not overcome that inertia. In my view, it’s a bit idealistic in assuming institutions will self-motivate just because it’s logical to do so. The next step likely needs to be regulators turning this roadmap into requirements (e.g. requiring banks to report quantum readiness progress, set target dates for migration, etc.). BIS does gently hint that central banks and supervisors should monitor and ensure progress – the question is whether they will actually do so with urgency.

Post-quantum cryptography, agility, and the speed of migration

On the technical approach, BIS’s advocacy of PQC, crypto agility, and even hybrid encryption mirrors best practices and the advice of leading experts. There is widespread agreement that deploying NIST’s post-quantum algorithms (like CRYSTALS-Kyber, Dilithium, etc.) is the primary defense for the foreseeable future. BIS reinforces that and even cites UK and NSA endorsements of PQC over alternatives. This is good – it helps eliminate any remaining dithering in the industry over “maybe we should wait for quantum computers and rely on quantum key distribution or exotic physics.” No – the answer is implement PQC now. BIS also emphasizes cryptographic agility, which cannot be overstated. Given that the first-generation PQC algorithms are new, it’s possible that weaknesses will be found in some (remember, these algorithms haven’t faced decades of scrutiny like RSA has). If one of them gets broken or significantly weakened, we will need to swap it out quickly. Agility is the safety net. I was pleased to see BIS mention that explicitly. Some organizations resist building agility because it adds complexity, but BIS making it a key principle sends the right signal.

Will the BIS roadmap foster fast enough migration to beat the quantum deadline?

This comes down to execution. The roadmap supports a phased approach that, if followed diligently, could see initial steps done in 2025-26 (awareness, inventory), planning in 2026-28, and major migrations in late 2020s. That would position critical systems to meet a 2030 deadline. But without hard dates, there’s a risk of slippage. One potential critique of the BIS stance is a lack of explicit mandates or accountability. It recommends that central banks “obtain engagement” and later “monitor progress”, but what if some banks don’t engage? The paper doesn’t detail consequences. It relies on the enlightened self-interest of financial institutions and the oversight of national authorities. In practice, some firms will procrastinate absent regulation – especially smaller banks that don’t think they’re targets, or those struggling with other priorities. For comparison, the Canada roadmap built in annual progress reporting requirements to enforce momentum. The BIS could have suggested something like that globally (e.g. recommending that supervisors require annual quantum-readiness reports from systemically important banks). That level of specificity might be beyond its purview, but its absence is felt.

There’s also an angle of conservatism vs. bold action. BIS is perhaps conservative in not explicitly calling for “rip and replace by 2030” or mandating any interim controls like banning new usage of RSA beyond a certain date. For instance, one idea floated by some experts is to declare that any new system implemented after 2025 must be crypto-agile and PQC-ready. A regulator could enforce that (so you don’t keep digging the hole deeper by deploying more quantum-vulnerable tech in 2026, 2027, etc.). BIS hints at this – it mentions updating procurement policies to require PQC-ready tech – but stops short of saying regulators should ban non-quantum-safe solutions in new deployments. A bolder posture could accelerate the transition, albeit at a cost. BIS tends to be consensus-driven, so it couches things in recommendations rather than hard lines. The downside is some may see that as ambiguity or lack of decisiveness. The upside is BIS is bringing everyone to the table, even those who might be scared by too-stringent mandates.

Conclusion

On the whole, though, the BIS roadmap is more aligned with the “urgent migration” camp than not. It validates the concerns raised by many in the security community and by forward-looking agencies. It explicitly states quantum is an “imminent threat” to the financial system requiring urgent action, and that vulnerable crypto must be replaced well before a CRQC arrives. It doesn’t mince words that doing nothing is not an option. In that sense, BIS is using its gravitas to jolt a conservative industry into motion – and that is commendable, if not absolutely necessary.

Where BIS could push harder is on coordinating a faster global response. Perhaps a follow-up could be a set of targets endorsed by the global Financial Stability Board or G7: for example, a global agreement that by 2030, all systemically important financial institutions will support PQC in their communications. This would mirror what the EU is doing internally, but at a worldwide scale (including regions that might be slower to act). Without such coordination, there’s a scenario where, say, the EU and Canada are largely quantum-safe by 2031, but other markets lag, creating weak links. The BIS roadmap does emphasize avoiding weak links and the need for global alignment – a point that can’t be stressed enough. If even a few major countries’ financial systems remain quantum-vulnerable, attackers will find and exploit those gaps to tunnel into global networks. The BIS’s role could be crucial in preventing that fragmentation by continuously convening and pressuring its members to move in lockstep.

In conclusion, the BIS’s “Quantum-readiness” paper is a timely and largely well-calibrated roadmap. It strikes a balance between raising alarm (in polite central bank language) and offering a pragmatic action plan. The fact that it exists shows the issue has broken through to the highest levels of finance – no longer the domain of just IT geeks and cryptographers. The roadmap’s content aligns strongly with what experts have been advocating: inventory your crypto, upgrade to PQC ASAP, use hybrid/envelope approaches in the meantime, build crypto agility, and don’t underestimate the effort involved.

Photo of Marin Ivezic Marin Ivezic Follow on X Send an email July 7, 2025
12 minutes read
Photo of Marin Ivezic

Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven professional services firm dedicated to helping organizations unlock the transformative power of quantum technologies. Alongside leading its specialized service, Secure Quantum (SecureQuantum.com)—focused on quantum resilience and post-quantum cryptography—I also invest in cutting-edge quantum ventures through Quantum.Partners. Currently, I’m completing a PhD in Quantum Computing and authoring an upcoming book “Practical Quantum Resistance” (QuantumResistance.com) while regularly sharing news and insights on quantum computing and quantum security at PostQuantum.com. I’m primarily a cybersecurity and tech risk expert with more than three decades of experience, particularly in critical infrastructure cyber protection. That focus drew me into quantum computing in the early 2000s, and I’ve been captivated by its opportunities and risks ever since. So my experience in quantum tech stretches back decades, having previously founded Boston Photonics and PQ Defense where I engaged in quantum-related R&D well before the field’s mainstream emergence. Today, with quantum computing finally on the horizon, I’ve returned to a 100% focus on quantum technology and its associated risks—drawing on my quantum and AI background, decades of cybersecurity expertise, and experience overseeing major technology transformations—all to help organizations and nations safeguard themselves against quantum threats and capitalize on quantum-driven opportunities.
© Copyright 2025 Marin Ivezic, All Rights Reserved
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Bluesky
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap