European Union: NIS Cooperation Group published roadmap on post-quantum cryptography

On 23 June 2025, the NIS Cooperation Group (NIS CG) published a roadmap on post-quantum cryptography (PQC) for Member States. The guidance details a timeline for the transition to PQC. By 31 December 2026, the Group recommends that all Member States have established national PQC transition roadmaps (including timelines) and initiated pilots for medium- and high-risk use cases. To execute this, the Group also recommends that all Member States identify and involve stakeholders, create inventories of cryptographic assets, develop supply chain dependency maps, and encourage entities to incorporate the risk of quantum into existing cryptographic standards into existing risk management methods. The Group also encourages all Member States to create a national awareness program and share knowledge with the NIS CG by 31 December 2026. By 31 December 2030, the Group encourages all Member States to have transitioned to PQC for all high-risk use cases and to have completed planning for medium-risk use cases. The NIS CG also recommends that quantum-safe software be enabled by default by this point. By 31 December 2035, the NIS CG hopes that the PQC for medium-risk cases will be complete and that the transition for low-risk cases will be completed as much as possible.