Transitioning to quantum-safe cryptography is an urgent strategic challenge for Europe. There are around 90 billion devices that use current encryption methods. But quantum computers capable of breaking today’s cryptographic systems may emerge as early as the 2030s, allowing for – amongst others – the unauthorised decryption of private messages and financial transactions, which could have disastrous consequences.
But transitioning to post-quantum cryptography (PQC) is a lengthy and complex process. Past experiences with security standard migrations suggest such a transformation can take anywhere between 10-15 years. Thus, careful coordination and long-term planning across both the public and private sectors is required.
Despite this urgency, recent surveys by the European Union Agency for Cybersecurity (ENISA) and the Information Systems Audit and Control Association (ISACA) show that most European stakeholders remain underprepared – only a small share have begun to invest in post-quantum solutions and overall awareness remains low. At the Member State level, Germany, France and the Netherlands have led the charge by issuing guidance and launching PQC pilot projects, both through national roadmaps and within the Network and Information Systems (NIS) Cooperation Group. Alas, progress across the EU remains uneven and it still lacks a coherent, unified transition framework – unlike the US.
Against this backdrop, in April 2025, CEPS launched a Task Force on Strengthening the EU Transition to a Quantum-Safe World. Its objective was to draw attention to the technical, market, governance and policy challenges involved in Europe’s transition to quantum safe.
Designed as a multi-stakeholder platform, the Task Force brought together private organisations, EU institutions and agencies, universities and think tanks, national research agencies and civil society organisations. The final Task Force Report is a rallying call for strengthening the EU’s transition process towards quantum safety.
A systemic transformation and moving beyond the ‘Q-Day’ narrative
The shift to quantum-safe cryptography shouldn’t be viewed as a routine technical upgrade but as a comprehensive, systems-level transformation. Transitioning to PQC extends beyond merely updating cryptographic libraries. Rather, it involves integrating new product versions, modifying APIs, adapting software development lifecycles and – in some cases – redesigning core business processes. It also demands the proactive management of supplier, customer and ecosystem relationships. This represents a major managerial challenge, requiring long-term planning, a skilled workforce and sustained organisational change.
Public discussions also often refer to ‘Q-Day’, the hypothetical moment when quantum computers render classical cryptography obsolete. While this can help raise awareness, it’s nonetheless misleading. Quantum capability won’t arrive as a tsunami but instead as a gradual, uneven process with early machines breaking selected keys before broader capabilities are developed.
Instead, a more realistic perspective is that of a ‘Q-period’, which supports balanced and adaptive migration strategies aligned with the actual pace of quantum and standards development.
Post-quantum cryptography as the core of the transition
PQC forms the backbone of the transition to quantum safety. These algorithms are designed to withstand attacks from quantum computers and are widely recognised by regulators and standardisation bodies as the only viable short- to medium-term solution.
Other quantum technologies play more specialised roles. These include Quantum Key Distribution (QKD), which isn’t a direct substitute for public-key cryptography but rather a complementary technology that can offer diverse layered protection for specific high-security environments.
And then there are Quantum Random Number Generators (QRNGs) devices that produce unpredictable numbers using quantum processes. They offer certifiable high-quality randomness, meaning their output can be embedded into cryptographic stacks and validated under recognised certification schemes.
Encouraging a risk-based transition model
Migrating billions of devices to quantum-safe standards requires a structured, risk-based approach. This encompasses several elements. Firstly, crypto agility (i.e. designing cryptographic systems in a modular way, allowing for cryptographic components to be easily replaced). Secondly, for effective planning, migration requires ensuring comprehensive crypto and product inventories, which include software, hardware, APIs and services. Critical systems should be prioritised for early migration.
Besides, as most organisations rely heavily on third-party vendors, it’s crucial for them to understand and manage their supply chain dependencies. That’s why they need to engage suppliers, request clear timelines for quantum-safe capabilities and actively monitor supply chain readiness.
Hybrid solutions can greatly assist the transition – the co-existence of classical and quantum-resistant algorithms (‘hybrid cryptography’) ensures interoperability and redundancy. One of the Task Force’s key recommendations here is that the definition of hybrid solutions should be broadened to include ‘context-aware, technically inclusive approaches’ that combine multiple cryptographic mechanisms for resilience, such as PQC/tradition and PQC/QKD.
When it comes to designing and implementing a European Roadmap for Post-Quantum Cryptography, the Task Force highlights several actions that should be taken forward.
First, we need to integrate quantum safety into digital systems from the outset, meaning that the European Commission and Member States should ensure digital systems (such as the European Digital Identity Wallet) are designed to be quantum-safe from the very outset.
Second, the Roadmap for the Transition to Post-Quantum Cryptography should be clearly linked to a transition strategy as well as existing legislation. A roadmap defines milestones and timelines but a supporting strategy must clarify how Member States, vendors and institutions will actually meet them.
Third, there needs to be alignment and coherence across roadmaps. With multiple quantum-safety roadmaps emerging at EU and national levels, the European Commission, Member States and standardisation bodies must coordinate their efforts to ensure coherence in timelines, dependencies and objectives. Coordinating with the US and other G7 partners is equally important.
Fourth, the Roadmap’s current structure implicitly relies on a staged or linear approach, which may unintentionally create bottlenecks. That’s why the Task Force recommends introducing greater parallelisation into the Roadmap to accelerate progress and reduce systemic risk.
Finally, the report underscores the importance of promoting awareness, cooperation and effective governance throughout the transition to quantum safety. It calls for capacity building, skills development and the establishment of dedicated crypto management units within organisations.
Promoting Europe’s secure transition to quantum-safe cryptography is an urgent necessity to stop the unauthorised decryption of private messages and financial transactions, which may not be a major threat now but is likely to become one in the very near future. A lack of awareness and past experience with security standards migration indicate that the transition will be a lengthy process, one that requires effective coordination and the strengthening of all current initiatives, no matter who’s leading them, whether by the private sector, the European institutions, the research community and/or civil society.
To read the full Task Force report that this commentary is based on, please click here.
