CyberInsider

Reliable cybersecurity news and resources

General

Latest News

About

CyberInsider covers the latest news in the cybersecurity and data privacy world. In addition to news, we also publish in-depth guides and resources.
See our Mission >

UK Sets Deadline for Quantum Cryptography Migration to 2035

By Leave a Comment

The UK’s National Cyber Security Centre (NCSC) has released detailed guidance on the transition to post-quantum cryptography (PQC), setting key target dates for organizations to complete their migration.

The move is aimed at mitigating the future risks posed by quantum computers, which could render today’s encryption methods obsolete.

Quantum cryptography by 2035

The NCSC’s recommendations, primarily targeted at large organizations, operators of critical national infrastructure (CNI), and government entities, outline a phased approach over the next decade. By 2028, organizations should have defined migration goals, completed a discovery exercise to assess cryptographic dependencies, and developed an initial migration plan. By 2031, early migration activities should be underway, and a refined roadmap should be in place. The final deadline is 2035, by which time all systems, services, and products should be fully migrated to PQC.

Proposed roadmap
NCSC

The threat from fault-tolerant quantum computers is now widely recognized, as these machines will be able to break traditional public-key cryptography (PKC) by solving complex mathematical problems far more efficiently than classical computers. The NCSC has emphasized that preparing for PQC should be integrated into broader cyber-resilience efforts, urging organizations to use this transition as an opportunity to modernize security infrastructure.

UK’s approach aligns with global PQC migration efforts, particularly those led by the National Institute of Standards and Technology (NIST) in the United States. In 2024, NIST finalized three new PQC algorithm standards — ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) — which will serve as the foundation for the next generation of cryptographic security. More recently, NIST selected HQC as a backup algorithm for quantum encryption. The adoption of these standards by browser vendors, cloud providers, and hardware manufacturers is already underway, with widespread implementation expected by the end of the decade.

The NCSC’s roadmap also acknowledges that migration challenges will vary by sector. Organizations relying on commodity IT solutions, such as off-the-shelf browsers and operating systems, will likely see a seamless transition as vendors update their software. However, critical infrastructure, industrial control systems (ICS), and proprietary IT environments may require more extensive planning, testing, and investment. Legacy systems that cannot support PQC will need to be phased out or protected through alternative security measures.

Key recommendations

To prepare for the transition, the NCSC advises organizations to:

  • Conduct a full cryptographic audit to identify systems that rely on traditional PKC.
  • Engage with suppliers to ensure that future hardware and software purchases support PQC.
  • Develop a migration roadmap that aligns with the 2028, 2031, and 2035 milestones.
  • Adopt cryptographic agility, ensuring systems can switch to new algorithms as standards evolve.
  • Integrate PQC planning into broader cyber resilience strategies, reducing overall security risks.

The NCSC has also announced plans to launch a pilot scheme to assure consultancy firms offering migration support, ensuring that UK organizations have access to the expertise needed to navigate the transition.

About Alex Lekander

Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors.

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *