EU Calls for Transition to Post-Quantum Cryptography – are We Prepared?

With the support of the Commission, the EU member states have published a roadmap and timeline for moving toward a more complex form of cybersecurity, known as post-quantum cryptography. According to this roadmap, all member states have to begin the transition to post-quantum cryptography by the end of 2026. At the same time, the protection of critical infrastructures is to be migrated to post-quantum cryptography as quickly as possible, but no later than the end of 2030. We asked Stefan-Lukas Gazdag, IT security researcher and PQC expert at genua, how this requirement can be implemented by affected organizations.

In June 2025, the EU Commission published a press release outlining a concrete roadmap for the transition to post-quantum cryptography. Is there a specific reason for this, such as new findings about an increasing real threat to encryption methods posed by productive quantum computers?

Stefan-Lukas Gazdag: The current state  of development is sometimes difficult to determine, as many reports from manufacturers and early adopters contain a lot of marketing. The German Federal Office for Information Security (BSI) regularly publishes and updates an excellent study on the state of development of quantum computers.

At the end of 2023, the authors stated that a realistic estimate for the construction of a cryptanalytically relevant quantum computer would be approximately 20 years. By the beginning of 2025, this time horizon had already been reduced to a maximum of 16 years, as many insights were gained within that one year faster than even experts had expected.

Since further acceleration and disruption cannot be ruled out, the BSI and other authorities assume that risk management must anticipate a significant probability that the first attacks using quantum computers could become possible in the early to mid-2030s. Some guidelines and recommendations therefore advise protection against so-called "store now, decrypt later" attacks – i.e., an attacker who collects data and later breaks it using a quantum computer – by 2030 at the latest. However, Internet traffic can already be intercepted and stored today, so the sooner the better.

genua has been working on post-quantum cryptography (PQC) for years as part of research collaborations, building up relevant expertise, and achieving success. What is the current status of research and development?

Stefan-Lukas Gazdag: genua has been working on this topic for about 15 years. Our first publicly funded research project, squareUP, began in 2014 with a single researcher. Further projects followed. Currently, a team of experts is working exclusively on PQC, collaborating with a variety of academic institutions, industry partners, and government agencies. This currently includes three funded research projects focusing on post-quantum migration (AmiQuaSy), quantum-resistant solutions for safety-critical digital infrastructure (QUDIS), and issues related to confidential computing (SUSTAINET guarDian), as well as various contract projects.

Our findings continuously flow into our product development. Back in 2017, we received approval for quantum-resistant software updates for our VPN appliance genuscreen using the algorithm XMSS, which we also contributed to. Since the major rollout in 2018, other appliances have followed. Last year, we received approval for a post-quantum VPN with quantum-resistant key exchange. By actively advancing the topic, coordinating with the relevant authorities, and developing initial migration steps, we are one of the leading providers for post-quantum migration.

How should organizations that need to convert their VPN infrastructures act now? What should be considered when public authorities and companies process classified information in the course of public procurement?

Stefan-Lukas Gazdag: The most important first step seems banal, but unfortunately, it is far from trivial: creating a crypto inventory. For a post-quantum migration in general, an organization needs to know where and in which products and applications cryptographic methods are used. Traditional inventory lists can be just as helpful, as can system administrators' knowledge of the specific structure of corporate networks or an analysis of network traffic. However, the ultimate documentation and prioritization of all systems and applications can quickly become complex.

Organizations can also find out what the migration of their systems might look like. This means contacting vendors and learning about their strategy and plans for post-quantum migration, which hopefully go beyond "we'll be able to update this somehow at some point." It's also important to find out, for example, whether certain open source solutions can be updated in a timely manner. With all this information, a migration plan tailored to the organization can be created.

Of course, it's especially important for government agencies to stay informed about the progress of approved and certified products, as well as the regularly updated BSI specifications. For example, it was important to us to incorporate a quantum-resistant update mechanism into our appliances as early as possible. This means that even in the case of a quantum attack, software updates can be securely installed at any time. With our post-quantum VPN, you can take the first step toward protection against the aforementioned "store now, decrypt later" approach.

Further migration steps for our products are already planned, while we are working on solutions for the day after tomorrow in research. For many areas of our product portfolio, we have already ensured that products being rolled out today are fit for future threats and requirements. VPN infrastructures in particular benefit from the fact that our VPN solutions not only already incorporate the first post-quantum mechanisms, but also that they can be used to protect vulnerable communication applications that cannot or are difficult to secure with quantum-resistant security.

How can organizations obtain further information?

Stefan-Lukas Gazdag: In addition to the recommendations of the European Commission, various guidance documents exist. The BSI, in particular, provides information on the topic through various publications and regularly updates specifications and recommendations, such as TR-02102-1 on cryptographic procedures. Other useful guides are also available, such as the "PQC Migration Handbook."

And we as a manufacturer are also available at any time to advise organizations on an upcoming post-quantum migration and to implement it successfully.