FINMA Writes Mid-2027 Into the Quantum-Safe Finance Calendar
Post-Quantum Transition Henry Quentir Post-Quantum Transition Henry Quentir

FINMA Writes Mid-2027 Into the Quantum-Safe Finance Calendar

A supervisory date appears

FINMA Guidance 05/2026 recommends that supervised Swiss financial institutions draw up a post-quantum cryptography roadmap by mid-2027. The guidance follows a survey of 60 banks, insurers, asset managers and financial-market infrastructures conducted between November 2025 and January 2026. Only 8 percent reported having a specific roadmap, while 72 percent said they had not planned or implemented measures. The date gives quantum-safe finance a concrete planning horizon without pretending that a cryptographically relevant quantum computer already exists.

The roadmap reaches beyond cryptography teams

FINMA connects the transition to board-approved strategy, institution-specific risk analysis and a continuously updated cryptographic inventory. That inventory reaches encryption in transit and at rest, digital signatures, key management and authentication across internal systems, outsourced functions and services. Long-lived data receives priority because information stolen today may remain sensitive when stronger quantum machines arrive. Hybrid cryptography may help during migration, although the regulator also notes its added implementation complexity.

Outsourcing terms enter the calendar

The guidance makes crypto-agility in outsourcing a commercial issue. FINMA recommends it as a requirement for new software and data arrangements and asks institutions to incorporate it into existing requirements at the earliest opportunity. Responsibility for an outsourced function remains with the supervised institution. The mid-2027 date therefore measures more than the existence of a document: it exposes whether architecture, supplier dependencies and accountability have entered one credible timetable.

Read More