UK Sets Timeline, Road Map for Post-Quantum Cryptography Migration

Insider Brief

• The UK’s National Cyber Security Centre (NCSC) has outlined a roadmap for post-quantum cryptography (PQC) migration, setting key milestones to help organizations transition by 2035 and mitigate the risk of quantum computers breaking current encryption.
• Organizations should complete a discovery phase by 2028, carry out high-priority PQC migration activities by 2031, and finalize the full transition by 2035, ensuring that cryptographic security remains robust against future threats.
• The NCSC warns that PQC migration is unavoidable, urging businesses to plan early, coordinate with vendors, and implement testing protocols to ensure a smooth and secure transition.

The UK’s National Cyber Security Centre (NCSC) has outlined a roadmap for migrating to post-quantum cryptography (PQC), setting target dates for organizations to assess risks, define strategies and fully transition by 2035. The move is designed to mitigate the looming threat posed by future quantum computers, which could break today’s widely used encryption methods.

The NCSC’s latest guidance acknowledges that PQC migration is a complex, multi-year process that will require significant planning and investment. The document provides specific milestones:

• By 2028: Organizations should complete a full discovery phase, identifying which systems and services rely on cryptography and need to be upgraded. A migration plan should be drafted.
• By 2031: Companies should complete the highest-priority migration activities, refine their plans, and prepare infrastructure for a full transition.
• By 2035: Migration should be complete across all systems, services, and products.

The NCSC emphasizes that these steps are essential not only for addressing quantum threats but also for improving overall cyber resilience.

“Migration to PQC is an ecosystem-wide activity,” the guidance states, urging organizations to plan early to avoid last-minute security gaps.

Ali El Kaafarani, co-founder and CEO of PQShield, said that with these timelines for the transition to post-quantum cryptography, the NCSC has given clear instructions to businesses and institutions to protect the UK’s digital future.

“The timeline is aligned with the US hardstop of having all products and services in the cybersecurity supply chain protected by post-quantum cryptography by 2035,” said El Kaafarani in a statement. “To meet such a strict requirement, higher layers of the supply chain like Semiconductors and OEMs have already started executing their own transition roadmaps, which they have been working on for a while. By 2028, I very much expect the majority of semis and OEMs to have their main product lines post-quantum enabled, which will have the door wide open to the rest of the supply chain, be it telecom, financial, energy, or healthcare, to continue executing their transition roadmaps with actual post-quantum enabled devices/protocols.”

The Quantum Threat to Cryptography

Quantum computers operate fundamentally differently from classical computers. While today’s encryption relies on problems that classical machines find difficult to solve, quantum computers could solve them efficiently. This would render widely used cryptographic methods, such as RSA and ECC, obsolete.

The NCSC stresses that this is not just a theoretical concern.

“The threat to cryptography from future large-scale, fault-tolerant quantum computers is now well understood,” the agency states. “Quantum computers will be able to efficiently solve the hard mathematical problems that asymmetric public key cryptography (PKC) relies on to protect our networks today.”

To counter this risk, organizations must transition to PQC, which relies on mathematical problems that even quantum computers cannot efficiently solve.

A Global IT Shift

The PQC transition is not a UK-specific effort. The U.S. National Institute of Standards and Technology (NIST) published its first set of PQC standards in 2024, including ML-KEM (FIPS 203) and ML-DSA (FIPS 204). Global cloud providers, browser vendors, and major enterprises are already integrating these standards into their security roadmaps.

However, adoption timelines will vary. The NCSC notes that while financial services and telecom companies are likely to transition earlier, industrial control systems and Internet of Things (IoT) devices may face delays.

Steps to Address Migration Challenges

For most organizations, PQC migration will follow the pattern of any major IT upgrade, but with unique challenges. Many systems were built without quantum resistance in mind, leading to complex cryptographic dependencies. In critical infrastructure sectors, migration will be particularly difficult due to long product lifecycles and the high cost of replacing operational technology (OT). The NCSC team recommends several steps to be part of their compliance plans.

An initial step is discovery and assessment — organizations must catalog all cryptographic dependencies, identify long-lived data that needs protection, and determine whether third-party vendors are prepared for PQC. Building this understanding should include systems, products, software applications, networking hardware, mobile devices and more, the analysts write.

Strategy selection is also important. Companies relying on standard IT infrastructure may receive PQC updates from vendors. Others will need to choose between in-place migration (replacing vulnerable cryptographic components), re-platforming (switching to a PQC-compatible system), or retiring legacy technology. Some systems may not be upgradeable at all, requiring risk mitigation strategies.

The NCSC also recommends that organizations define their migration goals, considering both security needs and regulatory requirements. Because PQC migration is a long-term effort, businesses should also evaluate their ability to adapt to future cryptographic advancements.

Companies should immediately begin discussions with vendors and suppliers to ensure they are aligned on PQC readiness.

The NCSC advises organizations to communicate needs to their suppliers and they should also consider releasing a statement of intent outlining their commitment to PQC migration. This can help signal demand for quantum-secure products and encourage industry-wide action, the analysts suggest.

Testing and validation will be critical throughout the transition. Incorrect cryptographic configurations could create security vulnerabilities, even if PQC algorithms are implemented. Organizations should verify that systems are using the correct encryption protocols and not defaulting to traditional cryptography.

A Mandatory Shift, Not an Option

The NCSC is clear: PQC migration is not optional.

“Migration will happen, globally,” the analysts stress. “It will not be possible to avoid PQC migration, so preparing and planning now will mean you can migrate securely and in an orderly fashion.”

Failure to prepare will leave organizations vulnerable once quantum computers reach sufficient scale to break classical encryption.

To support the transition, the NCSC will launch a pilot program to certify consultancy firms that provide PQC migration planning. The agency also encourages organizations to share best practices within industry groups and regulatory forums.

The NSCS team recommends engaging in the preparatory work immediately: “Carrying out preparatory activities ensures that, once robust implementations of PQC in products become available, you will be able to carry out a principled, staged migration, in a way that limits any disruption to your organisation’s business, reduces the risk of insecurity and ultimately reduces total cost.”

Read the complete NSCS roadmap here.