The board’s PQC clock just moved up: why post-quantum migration is a 2026 governance item

Post-quantum cryptography stopped being a future concern in 2024. When NIST finalized its first PQC standards — FIPS 203, 204, and 205 — the transition from research to regulatory expectation was complete. For boards, the question shifted permanently: not whether to address quantum-era cryptography, but by when, on what assets, and through whom.

This is an intelligence brief, not legal advice. Claims are tied to named instruments, with sources and a snapshot date below.

What changed in 2024

The National Institute of Standards and Technology published the first finalized post-quantum cryptographic standards in August 2024: FIPS 203 (ML-KEM, based on CRYSTALS-Kyber), FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium), and FIPS 205 (SLH-DSA, based on SPHINCS+). These are not draft guidance — they are operative standards against which U.S. federal requirements will be assessed and against which international regulators are already aligning.

The U.S. National Security Agency's CNSA 2.0 suite, published in 2022 and updated through 2024, sets migration calendars for national security systems: most systems adopting PQC algorithms by 2030, full completion by 2035. These dates are now active reference points in procurement, audit, and regulatory dialogue across public and private sectors alike.

The threat that reframes the timeline

The reason PQC migration matters now — before large-scale quantum computers exist — is the harvest-now-decrypt-later (HNDL) threat. An adversary with the capability and motive can capture encrypted network traffic or stored data today, at low cost, and hold it against the day when a cryptographically relevant quantum computer can decrypt it.

That reframes the risk from a future engineering event to a present data-handling decision. Data with a long confidentiality life — financial records, legal communications, medical information, trade secrets, state-level sensitive data — is already at risk under HNDL if it is protected only by quantum-vulnerable algorithms such as RSA or elliptic-curve cryptography. The exposure is not hypothetical; it is a function of what is being captured now and how long it must stay confidential.

This is why migration sequencing matters: not all data deserves the same urgency. A cryptographic inventory, ranked by data shelf-life and sensitivity, is the starting point for rational board oversight — not a general mandate to upgrade everything simultaneously.

The regulatory overlay

Several instruments now create obligations with dates boards can be held to:

CNSA 2.0 (NSA, United States): Adoption timelines for national security systems; private-sector organizations operating in the defense industrial base, financial infrastructure, or critical sectors are expected to align. The 2030 and 2035 milestones are the most-cited reference points in board-level discussion.

NIS2 Directive (EU, operative October 2024): Mandates appropriate technical and organizational security measures for covered entities across critical infrastructure, digital services, and supply chains. Because "appropriate" is read against the current state of the art, cryptographic-migration readiness is increasingly part of how that standard is discussed for entities handling sensitive data or operating long-lived systems.

DORA (EU, applicable from January 2025): Requires financial entities to manage ICT risk, including cryptographic risk, with documented policies. Cryptographic-agility and PQC readiness are increasingly raised within ICT-risk management and audit discussions for significant financial institutions.

EU coordinated PQC roadmap (ENISA/NIS Cooperation Group): The EU's coordinated approach aligns with NIST finalization and sets expectations for member-state critical infrastructure operators. Sector-specific guidance is being developed through 2025–2026.

What a board should be able to answer

Board oversight of PQC migration does not require deep cryptographic expertise. It requires asking the right questions of management — and receiving substantive, documented answers.

Where is quantum-vulnerable cryptography in our stack? RSA and ECC are the primary algorithms at risk. They appear in TLS, PKI, code signing, VPN, email encryption, authentication, and data-at-rest protection. A meaningful answer names the systems, not just the algorithm families.

Which of our data has a shelf-life that outlasts the migration window? This is the prioritization question. Long-lived sensitive data — patient records, legal files, trade secrets, financial instruments with multi-decade enforcement lives — is at higher risk under HNDL than short-lived operational data.

What is our dated, phased roadmap to 2030 and 2035, and who is accountable? A credible answer includes a named owner, at least three phases (inventory → hybrid transition → full PQC), and explicit milestone dates tied to the regulatory calendar.

How Quentir reads it

Quentir's PQC Migration Roadmap for Boards, 2026 maps the threat-and-standards landscape, the inventory-and-prioritization method, and a four-phase dated roadmap aligned to the regulatory calendar — every claim tied to a named instrument with a snapshot date. It is published intelligence, identical for every reader. It is not legal advice on your specific matter or situation.

Sources: NIST FIPS 203/204/205 (Aug 2024); NSA CNSA 2.0 (2022, updated 2024); EU NIS2 Directive (operative Oct 2024); EU DORA (applicable Jan 2025); ENISA/NIS CG coordinated PQC roadmap. Snapshot date: June 2026.

This brief is published intelligence produced by Quentir Systems LLC. It does not constitute legal advice and creates no advisory or client relationship. Consult qualified legal counsel for advice specific to your organization’s situation and jurisdiction.