Jan 31, 2026

PQC Policy in 2026 - What Governments Are Mandating Now

Post-Quantum Cryptography Policy: What Governments Are Mandating in 2026

Governments are not waiting for a cryptographically relevant quantum computer to appear. The policy direction is clear: treat post-quantum cryptography (PQC) as a migration programme now, driven by harvest-now-decrypt-later risk and the long life of sensitive state and defence data.

By 2026 the key shift is not that every system is already quantum-safe - it is that governments increasingly mandate the groundwork that prevents a rushed, brittle transition later: inventories, prioritisation, crypto-agility, procurement controls, and early deployments in the highest risk domains.

What follows is a practical overview of the mandates and quasi-mandates shaping 2026 across the US, EU, UK and leading European cybersecurity authorities - written for policy teams, defence primes, critical infrastructure operators and CISOs.

1) The 2026 mandate is chiefly about readiness

Across jurisdictions, PQC policy in 2026 typically takes five enforceable forms:

Inventory mandates: locate where vulnerable public-key cryptography is used (TLS, VPNs, certificate chains, firmware signing, identity, email, PKI and so on).
Prioritisation mandates: identify long-lived sensitive data and systems with slow replacement cycles (defence platforms, OT, satellites, passports and ID, secure communications).
Migration planning mandates: publish roadmaps, budgets and programme governance.
Procurement mandates: ensure vendors and integrators can support PQC or hybrid modes and crypto-agility.
Implementation milestones: early adoption in specified areas such as network equipment support, signing and key management.

These are the levers governments can pull before every product ecosystem is fully ready.

2) United States: PQC is already a programme requirement

Federal agencies - inventories and migration leadership are mandated.
OMB Memorandum M-23-02 set a clear policy-to-operations pattern. Civilian agencies must appoint a PQC inventory and migration lead and submit a prioritised inventory of cryptographic systems vulnerable to a quantum attack, on a recurring basis. By 2026 this normalises two compliance expectations: know where public-key cryptography is used, and have a plan.

Standards baseline - NIST PQC is now a set of final standards.
With FIPS publications for ML-KEM, ML-DSA and SLH-DSA, and a designated backup KEM, US-aligned programmes can require NIST-standardised PQC - or hybrids including it - in procurements and roadmaps.

National Security Systems - CNSA 2.0 brings concrete 2026 pressures.
The NSA’s Commercial National Security Algorithm Suite 2.0 expects traditional networking equipment such as VPNs and routers to support and prefer CNSA 2.0 by 2026. Vendors targeting defence and near-defence environments are therefore pressed to demonstrate PQC-ready firmware and software signing, PQC or hybrid key establishment, updated certificate and PKI handling, and realistic performance and latency on network devices.

3) European Union: 2026 marks the start of a synchronised transition

A coordinated roadmap mechanism.
The European Commission’s coordinated roadmap frames PQC as a Union-wide synchronisation challenge. By mid 2025, the Commission and Member States published a Coordinated Implementation Roadmap with timelines and recommendations.

What this means in practice for 2026.
Member States and public sector operators are expected to move from awareness to programme execution with cross-border interoperability and supply chain alignment in view.

Why this matters for a Paris 2026 event.
The EU is shifting into execution mode, focusing on harmonised migration approaches, procurement alignment, certification and assurance pathways, and coordinated timelines. That creates high-intent audiences in 2026 - public sector CISOs, defence procurement, critical infrastructure regulators and prime contractors.

4) United Kingdom: a public roadmap sets de facto milestones

In March 2025 the National Cyber Security Centre set phased guidance for PQC migration:

By 2028: identify cryptographic services requiring upgrades and build plans.
By 2031: execute high-priority migration activities.
By 2035: complete migration across systems, services and products.

This is not a single statute, but it becomes a market mandate. Boards and regulators will ask whether organisations align to the NCSC timeline. Suppliers will be expected to show readiness trajectories, and operators of critical national infrastructure will treat it as a planning baseline. The 2026 implication is straightforward: UK-facing organisations should already be in discovery and inventory mode, building crypto-agility and procurement controls rather than waiting for 2028.

5) France and Germany: national authorities are steering the transition

France (ANSSI) - explicit migration guidance and state enablement.
ANSSI maintains PQC transition guidance, including updated positions on hybridisation and a dedicated PQC programme presence. Expect stronger procurement expectations, more structured guidance for ministries and strategic enterprises, and growing emphasis on validated and assessed products through 2026.

Germany (BSI) - cryptographic mechanisms and quantum-safe restructuring.
BSI’s TR-02102 guidance continues to evolve in a quantum-safe context. In 2026 regulated sectors and public procurement in Germany will increasingly reference BSI guidance and long-term security assessments.

6) What governments are effectively requiring from suppliers in 2026

Whether styled as a directive, recommendation or procurement policy, 2026 requirements converge into a vendor checklist:

A) Crypto inventory support
Be ready to document where public-key operations occur, which algorithms and key sizes are used, certificate chains and validity lifetimes, and dependencies such as HSMs, libraries and third-party services. This maps directly to inventory mandates such as those in the US.

B) Crypto-agility - not merely PQC support
One-time swaps are risky. Crypto-agility means algorithm negotiation and versioning, updatable cryptographic modules, policy-driven configuration, and rapid revocation and rotation for certificates and keys. Coordinated roadmaps and national guidance increasingly imply these properties.

C) Hybrid deployment paths
Ecosystems will not flip overnight. Many agencies will expect classical plus PQC during transition, particularly for TLS, VPN and signing chains, consistent with national guidance on hybridisation.

D) Domain-specific milestones
Networking equipment is a 2026 hotspot. If you touch defence networks, CNSA 2.0 expectations for support and preference by 2026 translate into concrete procurement pressure.

7) A practical 2026 compliance posture to adopt now

Publish a PQC policy statement - risk-based, timeline-aware, aligned to NIST PQC standards.
Complete a crypto inventory across systems, products, services, PKI, firmware signing and third parties.
Classify long-lived data and systems for harvest-now-decrypt-later prioritisation.
Build crypto-agility into architecture - configurable algorithms, modular crypto, upgradeable endpoints.
Require PQC and hybrid readiness in procurement - RFP language, vendor attestations, test evidence.
Pilot PQC in one hard area - for example VPN, TLS termination or a signing pipeline - and measure performance.
Create a roadmap aligned to government timelines - US inventory cadence, EU coordinated approach, UK milestones.

Closing: why 2026 is pivotal

By 2026 PQC stops being a future cryptography upgrade and becomes a governance and assurance programme with measurable deliverables: inventories, plans, procurement controls and early deployments. That is where serious organisations want to convene - standards to implementation, defence procurement realities and cross-border interoperability.