All insights
·Post-Quantum Readiness·IQCDL

How Should an Enterprise Start Its PQC Migration? A Phased Playbook

Post-quantum migration is a multi-year program, not a library swap. Here's how an enterprise starts one - governance, cryptographic inventory, risk-based prioritization, and a phased Assess to Implement roadmap.


How Should an Enterprise Start Its PQC Migration? A Phased Playbook

Now that NIST has finalized its post-quantum standards, "we'll deal with it later" is no longer a defensible position — because of "harvest now, decrypt later," data you fail to protect today can be decrypted the day a cryptographically relevant quantum computer arrives. But post-quantum cryptography (PQC) migration is a multi-year, cross-organization program, not a weekend library swap. The organizations that struggle are the ones that start with tooling; the ones that succeed start with governance and inventory. Here's the sequence.

1. Establish governance and a mandate

Stand up a dedicated PQC team with clear ownership that reports into security leadership. Its job is to map risk, align the effort with business strategy, and make quantum-readiness a standing part of technology planning rather than a side project. Without an owner and a board-level mandate, migration stalls the moment it competes with quarter-to-quarter priorities.

2. Discover and inventory your cryptography (the CBOM)

You cannot migrate what you cannot see. Build a Cryptographic Bill of Materials — a machine-readable inventory of every algorithm, key, certificate, library and protocol, and where each is used. Start from existing SBOMs, CMDBs and certificate managers, then close the gaps with code, network and configuration scanning. This is the foundation everything else stands on. (Full method: How to build a CBOM.)

3. Prioritize by risk, using Mosca's Theorem

Not everything migrates at once. Rank assets by data-secrecy lifetime (X), migration time (Y) and time-to-quantum (Z): where X + Y > Z, you're already late, so those move first. Long-shelf-life, high-sensitivity data — health records, state secrets, financial and identity data — is most exposed to harvest-now-decrypt-later and heads the queue. (Worked examples: Mosca's Theorem explained.)

4. Build a phased roadmap

Sequence the work in phases aligned to the EU PQC Roadmap:

  • Assess (now to ~2026): literacy, CBOM, first risk assessment, certify leaders.
  • Plan / protect the crown jewels (~2026-2030): pilot PQC and hybrid TLS on your highest-risk, longest-shelf-life systems; stand up crypto-agile architecture.
  • Implement at scale (~2030-2035): broad PQC adoption, continuous monitoring, crypto-agility by default.

5. Default to hybrid and crypto-agility

Deploy hybrid schemes (classical + PQC, e.g., TLS with ML-KEM/CRYSTALS-Kyber) for backward compatibility, and design so algorithms can be swapped again later without re-engineering. The goal isn't "we shipped Kyber" — it's "we can change primitives with a config change."

6. Pilot, then engage vendors

Validate with controlled pilots on non-production or low-risk services before scaling. In parallel, put crypto-agility clauses into vendor contracts at renewal and pressure-test assumptions about key lifetimes and update cycles — much of your exposure lives in third-party products.

Skills the program needs

Strategy and sequencing are leadership skills (IQCDL Foundation Level for CISOs and IT leaders); implementing Kyber/Dilithium/SPHINCS+, hybrid TLS and CBOM-driven roadmaps are hands-on skills (IQCDL Practitioner Level). Start with a free readiness assessment to get a tailored first-step plan in two minutes.

FAQ

What is the first step in PQC migration? Governance plus a cryptographic inventory (CBOM). You need an owner with a mandate and full visibility of where cryptography lives before you can prioritize or migrate anything.

Should we replace classical cryptography outright? No — deploy hybrid (classical + PQC) schemes for compatibility and design for crypto-agility so primitives can change again without re-engineering.

How do we decide what to migrate first? Use Mosca's Theorem. Systems protecting the longest-lived, most sensitive data are most exposed to "harvest now, decrypt later" and migrate first.

How long does enterprise PQC migration take? Typically years, which is why starting now matters. Discovery and remediating long-shelf-life data dominate the timeline, not the algorithm swap.