India’s Task Force Releases Quantum‑Safe Roadmap with 2027–2029 Migration Timeline for CII

5 Feb 2026 – India’s Department of Science and Technology (DST) published the ‘Implementation of Quantum Safe Ecosystem in India – Report of the Task Force.’ The report lays out a strategic roadmap for transitioning India’s digital infrastructure to quantum-resistant security. The Task Force was chaired by Dr. Rajkumar Upadhyay (CEO of C-DOT) and convened experts from government, industry, academia, and R&D labs to address the looming threat that advances in quantum computing pose to current encryption.

The report’s goal is to ensure the security, resilience, and continuity of India’s information and communication ecosystems in the face of “Q-Day” – the day when quantum computers can break today’s cryptography.

Key takeaways:

1. India proposes explicit PQC migration milestones (CII – Critical Information Infrastructure – by 2029; broader adoption by 2033).
2. The report emphasizes crypto-agility and procurement requirements, not just algorithms.
3. India is pushing early on testing/certification labs and a domestic assurance framework.

The report is open for public comment until 19 February 2026. If you’re a vendor, CISO, regulator, researcher, or critical infrastructure operator, this is a rare window to shape a national roadmap before it hardens into procurement language. Comments go to Dr. Joynarayan Mukherjee at DST (details here). Applied Quantum will be submitting a formal response – I’d encourage others to do the same.

The Task Force was established as part of India’s National Quantum Mission (NQM) to strengthen national capabilities in quantum technologies and guide the adoption of quantum-safe cryptographic solutions. Specifically, it was tasked with formulating phased migration guidelines, recommending standards for post-quantum cryptography (PQC) adoption, and planning for a national testing and certification infrastructure.

The NQM, approved by cabinet in April 2023, carries a budget of ₹6,003.65 crore (~$700M USD) through 2031 – a serious commitment, though still a fraction of the estimated $7.1 billion the U.S. expects to spend on federal PQC migration alone over 2025-2035. This creates a strategy-funding mismatch: India’s roadmap is strictly more aggressive than the U.S. timeline, yet its allocated capital is an order of magnitude lower. (To make it worse: NQM funding spans the entire quantum mission (computing, comms, sensing, materials) – it is not a PQC‑migration‑only budget.)

To tackle these broad objectives, the Task Force split into two sub-groups: one led by the Telecommunication Engineering Centre (TEC) focusing on standards, testing, and certification of quantum-safe products, and another led by the Data Security Council of India (DSCI) focusing on quantum resiliency, crypto-agility, and PQC migration. The two sub-groups’ findings – one addressing technical frameworks for PQC and quantum key distribution (QKD) and the other addressing migration strategies and policies – were integrated into this unified report.

The report’s premise is straightforward: India must prepare its digital ecosystem now for the post-quantum era, to avoid “irreversible compromise of sensitive data” and emergency scrambling later on. The Preface notes that India’s digital economy and governance rely heavily on cryptography, and proactive steps are needed to maintain trust and security as quantum attacks become an imminent reality.

Timeline

A centerpiece of the report is a proposed timeline for migrating to quantum-safe cryptography, with different deadlines for critical infrastructure and everyone else.

The Task Force calls for an aggressive but phased transition. For Critical Information Infrastructure (CII) sectors – such as defense, power, and telecom – the “Foundations” of PQC adoption should be in place by 2027, followed by high-priority systems migrated by the end of 2028, and full quantum-safe implementation by 2029.

For other government and private enterprises, the roadmap is slightly more extended: Foundations by 2028, high-priority migrations by 2030, and complete adoption by 2033. In practical terms, this means government networks and critical services would begin piloting PQC and hybrid solutions immediately, aiming to be mostly quantum-safe in the next 3–5 years, while the wider economy follows on a longer runway through 2033.

The report stresses an “assume breach” mindset given the risk of “harvest now, decrypt later” (HNDL) attacks, where adversaries steal encrypted data today to decrypt once quantum attacks become feasible.

A related (and often under-discussed) post-quantum risk is what I call Trust Now, Forge Later (TNFL): the idea that signatures, device identities, and update mechanisms we trust today can be forged later once quantum attacks break RSA/ECC-based signing keys. HNDL is about confidentiality; TNFL is about integrity and authenticity – and in many OT environments, that difference is existential.

In line with that urgency, the near-term (by 2027–2028) action items include launching pilot projects using PQC or hybrid cryptography in high-priority systems (e.g. banking and government services) and disseminating sector-specific guidance via regulators like the central bank (RBI) and telecom authority. The Task Force also recommends engaging other ministries and regulators now so that each critical sector can issue its own detailed migration mandates aligned with the national timeline. By setting these phased milestones, India joins the set of countries that have published explicit PQC migration timelines.

Task Force Structure

The Task Force’s two sub-groups had distinct but complementary roles. Sub-Group 1 (led by TEC) produced a “Draft Framework for Testing and Certification of PQC-based Products and Solutions.” This framework takes a risk-based, measurement-driven approach to validate and certify products that implement post-quantum cryptography across various sectors. It is intended as a common reference for regulators, industry and certification bodies. Notably, the framework itself is not a mandate – rather, it provides a baseline that different sector regulators (in finance, telecom, energy, etc.) can use to set their own enforceable rules, including sector-specific timelines and compliance mechanisms for adopting PQC. In other words, the Task Force isn’t directly imposing law, but equipping regulators with the toolkit to do so.

Sub-Group 2 (led by DSCI), on the other hand, focused on broader strategy: it addressed crypto-agility (the ability to swap cryptographic algorithms easily), PQC migration planning, and integration of quantum key distribution (QKD) networks. This subgroup’s contributions are reflected in the report’s emphasis on “crypto-agile” systems and the inclusion of QKD as a complementary technology for certain high-security scenarios. Both sub-groups’ detailed reports are summarized in the Task Force report, ensuring technical depth (from the standards and testing side) is tied together with policy and migration strategy.

National Testing and Certification Framework

A significant recommendation is to establish a National PQC Testing and Certification Program as early as possible. By December 2026, India aims to operationalize dedicated Tier-1 and Tier-2 laboratories under agencies like TEC, STQC (Standardisation Testing and Quality Certification), and BIS (Bureau of Indian Standards) to start testing quantum-safe solutions. The Task Force urges a public–private partnership model to quickly stand up this lab infrastructure, leveraging both government facilities and industry expertise. These labs would evaluate implementations of new post-quantum algorithms, ensuring they meet security and performance criteria.

Importantly, the report suggests enhancing existing cryptographic labs (some of which already test quantum key distribution (QKD) systems) so that India can certify QKD products alongside PQC algorithms. This dual focus on PQC and QKD in testing is relatively unique globally. The envisioned framework echoes well-known standards like FIPS 140-3 for cryptographic modules, but tailors them to India’s needs. It sets out multiple assurance levels (L1 through L4) based on risk context, and specifies how products can be validated at each level (e.g. from basic conformance up to high-assurance reviews).

While technical in detail, the takeaway is that India plans to build a domestic certification ecosystem for quantum-safe tech – so that algorithms and devices can be vetted on Indian soil to international standards. This will support both local developers (startups, academia) and give confidence to government adopters. The framework is “draft” at this stage, and the report invites feedback to refine it further, recognizing that test requirements will evolve as standards mature.

Global Comparison

The report devotes a full section to benchmarking India against global peers – and the detail is worth unpacking, because it reveals where India is genuinely aggressive and where it’s following the pack.

The report benchmarks India against global peers, revealing a distinct urgency. While most major economies (UK, EU, Canada) target 2035 for full transition and 2030-2031 for high-priority systems, India is compressing that timeline. The proposed 2029 deadline for CII is arguably the most aggressive formal target globally, matching only the strictest tier of the U.S. CNSA 2.0 timeline.

India’s enterprise timeline of 2033 is more in line with these peers, but the CII sprint to 2029 stands out. Whether that timeline is achievable depends entirely on execution – and that’s where the advisory-vs-binding question (below) becomes critical.

Two outliers in the global landscape are worth noting. Singapore is pursuing an integrated PQC+QKD approach through its NQSN+ network, which most closely resembles what India is proposing. China, meanwhile, is running its own PQC standardization process through the ICCS, deliberately bypassing NIST – and is aiming to launch a global quantum communication satellite service by 2027. India is not going the sovereignty-maximalist route of China, but it’s not purely following the US/NIST playbook either. That middle path is arguably the smartest position for a country of India’s scale and ambition.

Prioritisation Framework

National roadmaps are easy to read and surprisingly hard to operationalize. The first question every CISO, regulator, vendor, and infrastructure operator asks is: which timeline applies to me?

Beyond timelines, the Task Force introduces a persona-based prioritisation framework that segments organisations into three categories based on their risk profile and role in the migration ecosystem. This is a useful conceptual device – it moves past the usual “critical vs. non-critical” binary and explicitly recognises that vendors and technology providers have a distinct obligation to lead, not just follow.

Urgent Adopters are CII operators – defence, power grid, telecom, ISRO, DRDO, ONGC – who handle data with the longest shelf life and operate systems with the slowest refresh cycles. Both HNDL and TNFL risks are highest here. They follow the accelerated 2027–2028–2029 track.

Regular Adopters are enterprises with moderate risk profiles – banking, healthcare, education, e-governance, insurance – following the standard 2028–2030–2033 milestones. These organisations typically have shorter data sensitivity windows but large attack surfaces, and migration complexity is high due to diverse vendor ecosystems.

Technology Providers & Enablers – HSM vendors, PKI providers, cloud platforms, crypto libraries, network OEMs, and startups – are the supply-side linchpin. Without PQC-ready products from this group, neither urgent nor regular adopters can migrate. The report makes this dependency explicit: CBOM submissions become mandatory from FY 2027–28, and vendors are expected to lead by example.

Critically, the Task Force directs that where an organisation falls into more than one persona, the highest-risk persona governs. A bank that also operates telecom infrastructure follows the CII track for that infrastructure. This “highest-risk governs” principle is important – it prevents organisations from selectively applying the more lenient timeline to their riskiest assets.

My Analysis

Quick note on scope: this is an initial, first-pass reaction based on a fast read. Applied Quantum will publish a deeper technical assessment and submit a formal comment to DST before the consultation deadline (19 Feb 2026). I’d encourage vendors, CISOs, regulators, researchers, and critical infrastructure operators to do the same.

Notably, the Task Force’s references include practitioner analysis alongside official standards documents – including PostQuantum.com’s coverage of Australia’s and Canada’s PQC policies. That kind of cross-referencing between government reports and independent analysis is a healthy sign: it suggests the authors are actively engaging with the broader global discourse, not working purely from standards paperwork.

More broadly, I continue to view India’s National Quantum Mission trajectory as one of the more serious “whole-of-ecosystem” approaches globally. This report reinforces that impression: it is ambitious, time-bound, and unusually concrete on testing/certification infrastructure. I don’t agree with every emphasis, but the direction of travel is absolutely the right one.

QKD Approach

The Indian roadmap notably deviates from some global norms in its inclusion of QKD (Quantum Key Distribution) as a parallel track to PQC. This is a point worth some debate. Globally, opinions on QKD are divided. The U.S. and UK, for example, have been skeptical about QKD for general use – the NSA’s position (as of its 2021 FAQ) is that QKD is not approved for protecting national security communications, primarily due to its distance limitations and infrastructure overhead. These nations are focusing almost entirely on PQC algorithms for now.

India, by contrast, is embracing a dual approach more akin to what Singapore is doing with its quantum networks, or what China has invested in via satellite QKD. In fact, the Task Force explicitly had a sub-group on QKD networks. I find this both intriguing and reflective of India’s desire to cover all bases. On the positive side, this means India recognizes that PQC and QKD are not mutually exclusive – QKD can provide additional physical-layer security for certain high-value links (for example, between data centers or for military communications), while PQC secures the broader internet and everyday applications. The report’s mention of hybrid PQC–QKD solutions and national testbeds suggests India might pilot using QKD for telecom backbone security combined with PQC for end-user security.

This integrated vision could potentially leapfrog what other countries are doing, making India one of the first to deploy both new quantum-safe algorithms and quantum-based key exchange technologies together.

On the other hand, a note of caution: QKD is expensive and niche, and it should not distract from the urgent need to roll out PQC widely. The report seems to get this balance right by prioritizing PQC timelines while positioning QKD as an adjunct (e.g., upgrading a few labs to test QKD, encouraging PPP in QKD tech). As someone who has written about QKD before, my stance has been that QKD is a complement, not a replacement for cryptography. I’m encouraged that the Task Force uses the term “hybrid” – implying QKD might be layered with PQC in certain scenarios. That reflects emerging global thinking (for instance, some projects in Europe and South Korea exploring hybrid QKD+PQC for telecom).

India’s posture here differs from, say, Canada’s roadmap, which focuses purely on PQC, but it aligns with the country’s broader quantum ambitions under NQM (which include developing long-distance fiber and satellite QKD links by 2028 as part of the mission). In essence, India is attempting to be crypto-agile in the broadest sense: agile in algorithm adoption and even agile in types of solutions (algorithmic and photonic). It’s an ambitious divergence from the strict algorithm-only norm, and its success will depend on sustained funding and technical progress in quantum communications.

Sovereignty

Another difference to global norms is the emphasis on domestic capacity and sovereignty. China is the obvious comparator – China’s pursuit of indigenous encryption standards (skipping the NIST PQC standards process) is cited in the report, and India is certainly not going that far.

India’s report does not reject international standards; it will adopt NIST-chosen algorithms like ML-KEM, ML-DSA, and SLH-DSA (formerly known as Kyber, Dilithium, and SPHINCS+). However, India does want to build its own implementations and perhaps even its own variants optimized for local needs (or to have backups). This is somewhat analogous to Europe’s approach of funding local implementations and additional candidate algorithms (the EU has its own list of deployment profiles and “alternate” algorithms under study, even after NIST’s selections).

In my opinion, this is a sensible middle ground: follow the science, but control your destiny. I have previously written about the importance of digital sovereignty in the quantum age – relying entirely on foreign cryptography can be risky if geopolitical winds shift. The Task Force’s recommendations for indigenous development (be it in algorithms, hardware like quantum random number generators, or secure chips) align with that view. The challenge will be ensuring that “indigenous” solutions meet the high bar of security and interoperability.

As the report notes, any local algorithm still needs an IETF RFC or similar standard, and if not, it must undergo rigorous validation. The testing framework will be crucial if India ever evaluates its own PQC algorithms down the line.

Positives

There are several strong points in India’s roadmap worth highlighting.

A programmatic roadmap (not an “algorithm swap”)

First, the strategy is comprehensive: it doesn’t just say “use PQC algorithms” and stop there. The Task Force treats post-quantum migration as an end-to-end program spanning governance, procurement, standards, implementation pathways, and ecosystem readiness. That is the right framing – because the real work is not picking algorithms, it’s turning a multi-year cryptographic transition into something organisations can actually execute.

Crypto‑agility as an operating model (not a tool)

The report’s emphasis on crypto‑agility is particularly strong – and, importantly, it explains crypto‑agility as more than “implement a technology.” Crypto‑agility is a capability: the organisational and architectural ability to replace cryptographic primitives (algorithms, key sizes, protocols, libraries, certificate profiles) without redesigning entire systems. In the post‑quantum era, that matters because today’s “final” choice will not stay final: standards mature, implementations evolve, performance trade-offs surface, and new attacks appear.

What I like here is that the roadmap ties crypto‑agility to concrete levers: procurement requirements, vendor accountability, and maintainable crypto inventories. In other words, it implicitly pushes organisations toward a model where cryptography is managed as a lifecycle discipline – with repeatable change paths, testing, and governance – rather than an embedded dependency that only gets revisited during crises.

The report also connects crypto‑agility to the practical mechanics that make it real: maintaining an up-to-date cryptographic bill of materials (CBOM) and insisting that systems be “PQC‑ready” by design. This is similar in spirit to the U.S. OMB M‑23‑02 approach (inventory first, then migrate), but India goes a step further by explicitly baking agility expectations into procurement – which is often the fastest way to change behaviour at national scale.

Domestic testing & certification capacity (rarely this explicit)

Another major strength is the focus on building domestic testing and certification capabilities. Few countries have addressed this so explicitly. The U.S. and Canada rely on programs like FIPS 140-3 validation and Common Criteria, but those can be slow and largely foreign-led initiatives. India is planning to stand up its own PQC testing labs by 2026 and even upgrade some labs to “Tier‑3 sovereign‑grade” facilities for critical infrastructure.

This investment won’t just raise assurance levels for deployments inside India – it can also create a durable ecosystem of evaluation labs and skills. The public–private partnership (PPP) angle is sensible: government alone often can’t scale specialist testing capacity quickly, while the private sector can bring tools, talent, and operational maturity.

I also appreciate that the report explicitly mentions leveraging existing quantum-security labs and extending their scope to cover QKD certification alongside PQC. That dual capability (algorithmic + hardware/quantum) could place India among a small set of countries able to validate quantum-safe products end-to-end.

Ecosystem readiness: skills, pilots, and learning loops

The Task Force doesn’t limit the roadmap to government networks; it explicitly addresses the broader ecosystem. It calls for outreach, awareness, skill-building for CISOs and engineering teams, and structured pilot programs. This matters because the biggest bottleneck in PQC migration is often not cryptography – it’s organisational capacity: discovery, planning, testing, vendor coordination, and change management.

By encouraging pilots, crypto testbeds, and lessons‑learned sharing, the roadmap signals that this transition is iterative and experience-driven. That aligns with the better approaches globally (e.g., the UK NCSC’s encouragement of early planning and staged migration), and it increases the chance that the roadmap turns into repeatable patterns rather than one-off hero projects.

Indigenous innovation – with interoperability guardrails

The report’s acknowledgement of indigenous innovation also deserves credit. It pushes for preferential consideration of Indian-developed solutions, while explicitly conditioning that preference on “technical suitability and interoperability.” That balance is important: it encourages local capability-building without drifting into security-by-sovereignty thinking or incompatible one-off stacks.

The “non-obvious” wins: ESG, AI, and contingency planning

Finally, a few less obvious inclusions deserve praise. The report flags ESG implications of PQC migration – noting that quantum-safe algorithms may require greater processing power and energy, and that sustainability should factor into long-term technology investment strategies. I’m not aware of another national PQC roadmap that makes that link this explicitly, and it matters: CISOs and boards increasingly need to justify infrastructure investment through an ESG lens.

The report also names AI as an accelerant to cryptographic risk, noting that advances in AI may speed up cryptanalysis and side-channel attacks, further increasing urgency. Most national roadmaps treat quantum computing as the only driver; India’s framing is closer to how real adversary capability evolves – as a multi-factor curve.

Relatedly, the Task Force includes contingency provisions: interim measures (proxies, tunnels, VPNs, gateways, QRNG, TRNG) in case of an accelerated quantum breakthrough. It’s good to see the “what if Q‑Day comes early?” scenario addressed rather than assumed away.

Areas of Improvement

No plan is perfect, and it’s important to consider potential shortcomings or challenges in implementation.

Trust Now, Forge Later (TNFL)

My biggest substantive gap: the report’s threat model stops at HNDL and doesn’t explicitly address Trust Now, Forge Later (TNFL).

HNDL is about confidentiality – someone steals your ciphertext today and decrypts it once quantum attacks mature. TNFL is about integrity and authenticity: the signatures, device identities, and update mechanisms we trust today can be forged later once quantum attacks break RSA/ECC-based signing keys.

For many OT environments with long equipment lifecycles and slow patching windows, TNFL is the bigger operational and safety risk – think counterfeit device identities, malicious but “validly signed” firmware updates, or poisoned configuration packages. This is especially relevant given the report’s own emphasis on CII sectors like power and defence where OT dominates.

Calling TNFL out explicitly would help sector regulators prioritize PQC-ready PKI, code-signing, and device identity as first-class migration targets – not an afterthought.

Execution is the real risk

The hard part won’t be choosing algorithms – it will be inventorying cryptography at scale, retrofitting legacy systems, and managing vendor timelines across platforms with decades-long lifecycles.

I’ve written extensively about why PQC migration is the largest, most complex IT/OT overhaul ever undertaken – far bigger than Y2K, because in 1999 we didn’t have billions of network-connected devices to worry about. Every device, application, and system that touches a network relies on cryptography, and nearly all of it is vulnerable to quantum attacks in some form.

Consider the scale: India’s CII sectors include defence establishments, power grids spanning a subcontinent, and telecom networks serving 1.2 billion subscribers. Completing a comprehensive cryptographic asset inventory alone – identifying every algorithm, key size, protocol, library, and certificate across these environments – is a multi-year endeavour even with mature tooling. And India’s report acknowledges that such tooling and skills are still being developed. The report’s own Section 7.0 lists the challenges plainly: legacy system complexity, vendor readiness gaps, skills shortage, and governance continuity. Each of these is a programme-killer on its own; together they define a migration that cannot be rushed by decree.

The strategy-funding mismatch amplifies this concern. India’s NQM budget of ~$700M through 2031 covers all quantum technology objectives – computing, sensing, communications, and security – not just PQC migration. By contrast, the U.S. estimates $7.1 billion for federal PQC migration alone. India’s CII timeline is strictly more aggressive than the U.S. timeline, yet its allocated capital is an order of magnitude lower. Ambitious timelines without proportionate funding tend to produce compliance theatre rather than genuine security transformation.

Second, the report is advisory in nature – it repeatedly states that it “is not a regulatory mandate” and that actual enforcement of timelines will be up to sectoral regulators. This could become the critical bottleneck. Unless the government ensures follow-through – perhaps through DST, MeitY, or a high-level inter-ministerial committee – there’s a real risk that some regulators will drag their feet. If the financial regulator or power sector regulator does not issue concrete orders referencing this roadmap, the private companies in those sectors will not act in time. In contrast, the United States used a top-down mandate approach for federal agencies: a National Security Memorandum from the President, binding OMB directives, and NSA’s requirements for defence contractors. Those have real teeth. India’s report is an excellent blueprint, but without an enforcement mechanism – an accountable owner with authority across ministries – it risks becoming a well-intentioned document that sits on a shelf.

Third, incentives and support for the private sector need more clarity. The timeline for “other enterprises” (full adoption by 2033) will involve thousands of companies, many of whom won’t act until compelled. The report could be strengthened by suggesting concrete incentives or penalties – tax breaks for early adopters, integration of PQC readiness into cybersecurity audit frameworks and procurement eligibility, or compliance requirements tied to insurance underwriting and board-level accountability.

Conclusion

India’s proactive stance here is very encouraging, and with collective input it can be made even stronger.

Perhaps one outcome of the feedback process could be to establish a dedicated PQC Migration Task Force (or Office) that continues beyond this report to oversee implementation, similar to how the U.S. created an inter-agency working group to implement NSM-10, or how France set up a national coordinator for its quantum plan.

Additionally, I would suggest India look at the possibility of legislating some requirements (for critical infrastructure at least) to ensure compliance – something akin to designating PQC upgrade as a mandatory security control under India’s IT Act or sectoral regulations. These are details that go beyond the report, but they will determine its ultimate impact.