India Finalizes Quantum-Safe Roadmap: CII Migration by 2029, Testing Labs by 2026

15 May 2026 – India’s Department of Science and Technology (DST) has published the final version of its national quantum-safe migration report under the National Quantum Mission (NQM). Titled Quantum-Safe Ecosystem in India: Roadmap to Quantum Resiliency, the 140-page document represents the post-consultation evolution of the draft roadmap I covered in February, incorporating feedback from government, industry, academia, and the public comment period that closed on 19 February 2026.

Produced by a Task Force chaired by Dr. Rajkumar Upadhyay (CEO, C-DOT) and co-chaired by Prof. Manindra Agrawal (Director, IIT Kanpur), the report integrates the work of two sub-groups: one on testing and certification led by the Telecommunication Engineering Centre (TEC), and one on migration strategy led by the Data Security Council of India (DSCI).

The core timelines from the draft are unchanged. Critical Information Infrastructure (CII: defense, power, telecom, transport, BFSI) follows an accelerated three-milestone track: foundations by December 2027, high-priority migration by December 2028, full PQC adoption by December 2029. Regular enterprises follow a 2028/2030/2033 schedule.

What changed in the final version is significant in three areas.

First, the Task Force has added Preferential Market Access provisions. Under India’s Atmanirbhar Bharat (self-reliance) policy, both public and private organizations are now directed to give preference to indigenously developed quantum-safe products and solutions, subject to technical suitability and interoperability. The framing is careful (it conditions the preference on meeting standards), but the intent is clear: India wants a domestic quantum-safe supply chain.

Second, the final report includes a much more detailed testing and certification framework in Annexure B. The four assurance levels (L1 through L4) are now specified with granular test cases: Known Answer Tests, fuzz testing with minimum 80% branch coverage and 24-hour minimum duration, side-channel resistance with TVLA pass criteria of t-value < 4.5, DPA/SPA/fault injection for hardware, and nation-state attack simulation at L4. Certificate validity periods are risk-aligned: three years for L1 up to ten years for L4, with mandatory surveillance and re-assessment triggers. An interim approval mechanism is also formalized. Existing product approvals continue during the estimated 12–18 months needed to stand up the new certification infrastructure, preventing a gap where early adopters would be penalized.

Third, Sub-Group II’s report in Annexure C has been expanded into a standalone strategic roadmap with detailed milestone activities, a dedicated crypto-agility section, a PQC-versus-QKD comparison that cites NCSC, ACSC, BSI, Google, and Cloudflare guidance, sector-specific technology considerations for CII (covering latency sensitivity, handshake frequency, hardware constraints, and vendor dependence), and a comprehensive international comparison covering twelve countries. This annexure alone runs to roughly 30 pages and is positioned as the first in a planned series. Follow-up documents on crypto-agility frameworks, quantum risk assessment methodologies, and operational playbooks are promised.

The report also directs the NQM’s Quantum Communication Thematic Hub to identify sector-specific post-quantum migration products in a time-bound manner, promote adoption of existing indigenous quantum-safe solutions, conduct gap analysis, and fund R&D to bridge capability shortfalls. Vendors face a concrete near-term obligation: CBOM (Cryptographic Bill of Materials) submissions become mandatory starting FY 2027–28.

India additionally plans to prepare a national list of cryptography-dependent product categories, modeled on CISA’s January 2026 product category advisory, with two India-specific additions: mobile phones (given their central role in India’s digital ecosystem) and automated cryptographic discovery and inventory solutions. This is framed as a future compliance requirement for vendors.

My Analysis

I covered the draft version of this report in depth in my February analysis. My core assessment hasn’t changed: India’s roadmap is one of the more serious “whole-of-ecosystem” approaches globally, and the direction of travel is right. But the final version sharpens both the strengths and the tensions I flagged three months ago.

What the Final Version Gets Right

The certification framework in its final form is the most technically detailed national PQC assurance scheme I’ve seen published. The US has FIPS 140-3 and CMVP, but those were designed for classical cryptography and are still being extended for PQC. India is building a PQC-native certification architecture from scratch, with test cases that go beyond algorithm correctness into system-level security: CI/CD integration testing, supply chain verification down to the semiconductor level at L4, and crypto-agility validation at L3. The fuzz testing minimums (80% branch coverage, 24-hour duration, with critical findings requiring remediation before deployment) and the side-channel test specifications (10,000 minimum power traces, TVLA t-value < 4.5, equipment calibration certificates required) set a measurable bar rather than leaving “security testing” as an undefined aspiration.

Crypto-agility treatment has also improved. The final report makes a point I’ve been emphasizing through the PQC Migration Framework: the transition to PQC is not a one-time event but the beginning of recurring cryptographic transitions. The crypto-agility section explicitly states that current PQC algorithms may need replacement or revision, that data lifetimes exceed algorithm lifetimes, and that organizations must embed adaptability into governance, architecture, procurement, and operations. This is exactly the right framing, and it positions India well for the reality that ML-KEM and ML-DSA are likely not the last algorithms these organizations will need to deploy.

The PQC-versus-QKD comparison is well balanced. The final version cites assessments from NCSC, ACSC, BSI, Google, and Cloudflare cautioning against enterprise QKD deployment, while positioning QKD as a complementary technology for specific high-assurance use cases under India’s inter-city backbone vision. That dual-track approach is a political compromise (NQM has significant QKD investments to justify), but the final report is honest about the constraints: dedicated optical channels, distance limitations without specialized repeaters, vendor dependencies, and the fact that QKD addresses only key distribution, not authentication or encryption. The operative sentence is clear: “For most organisations, including CII and defence, algorithmic approach offers the broadest, immediate and pragmatic route.”

Credit where it’s due: the report acknowledges its own constraints. It flags that hardware OEMs operating in India are reluctant to share design documentation needed for full CMVP validation, that PQC testing labs don’t yet exist in the country, and that the workforce with PQC-specific skills is limited. That candor is more useful than the confident assertions many national roadmaps offer without acknowledging the gap between strategy and current capability.

Where the Concerns Persist

My biggest concern from February remains: the CII full-migration deadline of December 2029 is three and a half years away, and the report’s own evidence suggests it is not achievable at the stated funding level.

Consider what has to happen: operationalize Tier-1 and Tier-2 certification labs by December 2026 (seven months from now), complete cryptographic inventories across defense, power, telecom, and BFSI by December 2027, migrate high-priority systems by December 2028, and achieve full PQC adoption by December 2029. The NQM’s total budget is ₹6,003.65 crore (~$700M) through 2031, covering all quantum technology objectives (computing, sensing, communications, and security), not PQC migration alone. The US estimates $7.1 billion for federal PQC migration with a 2035 deadline. India’s timeline is six years more aggressive for CII, with roughly a tenth of the funding. That arithmetic has not improved since February.

The advisory-versus-binding question also persists. The report continues to state that it “does not constitute a legal or regulatory mandate” and that enforcement depends on sectoral regulators. Three months after the draft, I see no evidence that RBI, TRAI, CERC, SEBI, or other regulators have issued binding directives referencing this roadmap. Without that step, the timeline remains aspirational for private-sector CII operators. As I noted in February, the US approach used presidential directives (NSM-10), binding OMB memoranda, and NSA requirements for defense contractors. India’s roadmap needs a comparable enforcement mechanism.

The Q-FUD Problem in the Recommendations

The recommendations section opens with citations that concern me. It quotes IonQ CEO Peter Chapman’s January 2026 Davos statement that Q-Day may arrive within three years, a Google comparison of quantum computing to AI “five years before its disruptive acceleration,” and a Bain study claiming 70% of executives expect quantum-enabled cyberattacks within five years.

Chapman is the CEO of a publicly traded quantum computing company making a marketing statement at Davos. The Google comparison is unfalsifiable and proves nothing about cryptographic timelines. The Bain survey measures executive sentiment, not engineering reality. Using these as the urgency anchor for national policy is exactly the kind of vendor-driven Q-FUD that weakens otherwise credible documents. India’s roadmap doesn’t need these citations. Regulatory deadlines are already set by peer nations, and the migration timelines are inherently long. Those arguments are sufficient and self-standing. Anchoring urgency to vendor predictions invites the same skepticism from technically literate readers that the report otherwise works hard to avoid.

A related claim in the Sub-Group II report states that “most estimates point to a 2028–2032 horizon for practical quantum attacks.” This is not sourced. A 2028 window implies a CRQC could arrive in under two years, which is not supported by the state of quantum hardware.

The irony is that the report doesn’t need to inflate the threat. The case for acting now is strong on its own merits: migration timelines are long, HNDL is real, and ecosystem deadlines from the US, EU, UK, Australia, and Canada create external pressure regardless of when a CRQC actually arrives.

Trust Now, Forge Later Still Missing

My February analysis flagged that the draft did not address Trust Now, Forge Later (TNFL), the integrity and authentication analog of HNDL. The final version includes TNFL in its glossary and mentions it alongside HNDL in the executive summary, which is an improvement. But the operational implications are still not developed: there is no specific guidance on prioritizing PQC-ready PKI, code-signing infrastructure, or device identity as first-class migration targets. For CII sectors like power and defense where OT equipment lifecycles stretch decades and firmware trust chains are existential, this gap matters.

Indigenous Algorithms: Right Instinct, Real Risks

The L4 certification level includes “customized implementation of verified indigenous algorithm” and the report emphasizes developing Indian PQC algorithms for critical and strategic sectors. The instinct toward cryptographic sovereignty is sound (I explore this at length in my forthcoming book Quantum Sovereignty), but indigenous PQC algorithms carry a specific risk that the report acknowledges only in passing: they lack the years of international cryptanalytic scrutiny that NIST-standardized algorithms have undergone. The report does require formal verification by a cryptographers’ community and validation by designated labs post-standardization. Whether that process can deliver sufficient confidence before deployment in sovereign-grade systems is the open question. Interoperability with global standards adds a further constraint, and a critical one for India’s telecom and financial sectors, which operate in tightly interconnected international ecosystems.

Bottom Line

India has finalized the most technically detailed national PQC certification framework published to date and maintained the most aggressive CII migration timeline of any major economy. The certification architecture (four assurance levels, specific test case requirements, tiered laboratory structure) gives India something most national roadmaps lack: a measurable standard against which quantum-safe products can be validated on domestic soil. The additions around Preferential Market Access, CBOM mandates, and the CISA-inspired product category list move the roadmap from strategic intent toward procurement reality.

The fundamental execution challenge remains. The gap between the ambition of a 2029 CII deadline and the current state of India’s PQC testing infrastructure, workforce capacity, and available funding is wide. Closing it will require the kind of sustained, cross-ministerial coordination that government roadmaps promise but rarely deliver. It will also require binding regulatory mandates from sectoral regulators that, three months after the draft, have not yet materialized.

For CISOs and security leaders at Indian CII operators, the message is the same as it was in February but sharper: the timeline is fixed, the certification framework is real, and CBOM mandates are coming. Whether or not you believe a CRQC arrives by 2029, the procurement and compliance requirements in this document will arrive well before that. Start now.