For most enterprise security teams, quantum computing has existed at a comfortable distance — a theoretical future threat that could be safely deferred to the next budget cycle. That comfortable distance collapsed in 2024, and by 2026 it has vanished entirely.

In August 2024, the U.S. National Institute of Standards and Technology (NIST) finalized the first three post-quantum cryptographic (PQC) standards — ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205). These are not draft proposals or experimental algorithms. They are approved, production-ready standards that the U.S. government has directed organizations to begin deploying today. In March 2025, NIST added a fourth standard, HQC, as a backup key encapsulation mechanism.

Aug 2024NIST PQC standards finalized
Jan 2027NSA CNSA 2.0 deadline for national security systems
2030Legacy algorithms (RSA, ECDH) deprecated under NIST guidance

The Threat Is Not Theoretical — It Is Already Operational

The most dangerous misconception in enterprise security today is that quantum threats only matter when quantum computers can actually break encryption. This framing misses the most immediate risk entirely.

State-level adversaries — and increasingly well-resourced criminal organizations — are conducting what security professionals call "harvest now, decrypt later" (HNDL) attacks. The strategy is simple: intercept and store encrypted data today, in bulk, and decrypt it retrospectively once sufficiently powerful quantum computers exist.

Key insight

For data that retains its sensitivity over a multi-year horizon — trade secrets, strategic communications, patient records, national security information — the breach is effectively already happening, even if the decryption is deferred.

Recent research has compressed the timeline for quantum computing capabilities considerably. Analysis published in early 2026 suggests that breaking RSA-2048 could eventually require fewer than one million physical qubits under certain conditions — down from the 20 million estimated just a few years ago.

What NIST Has Actually Standardized

Understanding what NIST has finalized helps organizations prioritize their migration efforts.

FIPS 203
ML-KEM (formerly CRYSTALS-Kyber)
Key encapsulation mechanism replacing RSA and elliptic-curve Diffie-Hellman. Highest priority for most organizations — underpins virtually every encrypted communication channel including TLS and VPNs.
FIPS 204
ML-DSA (formerly CRYSTALS-Dilithium)
Primary lattice-based digital signature algorithm replacing ECDSA and RSA signatures. Recommended default for code signing, document authentication, and protocol authentication.
FIPS 205
SLH-DSA (formerly SPHINCS+)
Hash-based signature scheme. More conservative than ML-DSA, relies on well-understood hash function security. Useful as a hedge if lattice-based schemes encounter unforeseen cryptanalytic challenges.
March 2025
HQC — Fourth Standard Selected
Code-based key encapsulation mechanism. Alternative to ML-KEM for cryptographic agility. Organizations planning for PQC agility should track HQC as it moves toward FIPS publication.

The Migration Problem Is Larger Than It Appears

Most organizations frame post-quantum migration as a software update — swap out the cryptographic libraries, redeploy, done. The reality is substantially more complex.

Cryptography is embedded throughout enterprise infrastructure in ways that are rarely visible from the surface. TLS certificates, hardware security modules (HSMs), VPN appliances, code-signing pipelines, PKI hierarchies, IoT device firmware, cloud API authentication, database encryption, and third-party SaaS integrations all carry cryptographic dependencies.

Past cryptographic migrations provide a sobering precedent. The deprecation of SHA-1 — a far more contained migration than the PQC transition — took years, and in many cases more than a decade, to complete across the industry.

What Quantum-Safe Cryptography Consulting Actually Involves

01
Cryptographic Discovery and Inventory
Systematic scanning of applications, protocols, infrastructure, and third-party dependencies to identify all cryptographic assets. The non-negotiable starting point — you cannot migrate what you cannot see.
02
Risk-Based Prioritization
Not all cryptographic assets carry equal risk. Long-lived data, externally exposed services, and systems with long replacement cycles represent highest priority. A risk-based playbook protects the most vulnerable assets first.
03
Hybrid and Cryptographic-Agile Architecture
Systems that operate with both classical and post-quantum algorithms simultaneously. Cryptographic agility — the ability to swap algorithms without rebuilding systems — protects against future changes to the standard landscape.
04
Vendor and Supply Chain Engagement
Hardware providers, cloud platforms, and SaaS vendors are at varying stages of PQC readiness. Understanding your supply chain's cryptographic posture is essential to building a complete migration picture.

The Business Case for Moving Now

Executives sometimes ask why they should invest in quantum-safe migration today when the quantum computers capable of breaking current encryption do not yet exist. There are three answers, each compelling in its own right.

First, the HNDL threat is present-tense, not future-tense. If any of your data retains its sensitivity beyond 2028–2030, it is already at risk of retrospective decryption. Acting now is the only way to protect data in transit today.

Second, regulatory and contractual deadlines are real and approaching. NSA CNSA 2.0 compliance is required by January 2027. Legacy algorithms are slated for deprecation after 2030 and disallowance after 2035. Canada required every federal department to submit a PQC migration plan in April 2026.

Third, early movers build durable advantages. Organizations that build internal cryptographic agility now will be faster, cheaper, and less disruptive to operate during the migration years ahead — while competitors scramble.

How Aumnium Technology can help

We offer quantum readiness assessments, cryptographic discovery engagements, migration roadmap development, and cryptographic agility architecture for enterprises across financial services, healthcare, defense technology, and deep-tech infrastructure. Our work is grounded in NIST's published standards and aligned with NSA CNSA 2.0 and the Quantum Computing Cybersecurity Preparedness Act. Visit aumnium.tech to learn more.