The European Union has taken a decisive step forward in the race to defend digital infrastructure from quantum-enabled threats. On 11 April 2024, the European Commission published its Recommendation on a Coordinated Implementation Roadmap for the transition to Post-Quantum Cryptography (PQC). This move is not just it policy gesture. It marks the beginning of a unified effort across EU member states to address the very real risks posed by quantum computing to our current cryptographic systems.

The essence of the roadmap lies in its ambition: a timely, synchronised, and secure transition to post-quantum cryptography across all member states. Quantum computers, once powerful enough, will be able to break widely used encryption methods that secure everything from national defence communications to critical infrastructure and personal data. Europe knows this threat is not a matter of if, but when.

The Commission’s roadmap recommends that member states create clear national strategies with defined goals, milestones, and deadlines. These strategies will form the backbone of a joint EU-wide implementation. Importantly, members are urged to integrate PQC technologies into public sector systems and critical infrastructure through hybrid schemes. These could involve combining current cryptographic methods with quantum-resistant algorithms or with Quantum Key Distribution (QKD). This layered approach ensures a higher degree of resilience during the transition.

Key Deadlines and Strategic Goals

The first concrete deliverable is now in place: a high-level document that defines the path forward for governments and infrastructure operators. The next milestones? By end of 2025, all EU members are expected to have defined and launched their national post-quantum strategies. By 2027, they should have begun widespread implementation of PQC solutions within public infrastructure and services. These deadlines are not merely suggestions — they are a clear signal of urgency.

Decent Cybersecurity fully supports this coordinated approach. We believe that the transition to quantum-resilient infrastructure must be a pan-European priority. For years, we have been designing cryptographic solutions built for the post-quantum age. Our technologies are ready to support the EU’s implementation effort today. And as the timelines move forward, we remain committed to offering public institutions and infrastructure operators the tools they need to comply with the roadmap’s demands.

The window for preparation is closing. The cryptographic systems we build today must be designed to withstand the quantum-powered threats of tomorrow. In the fast-changing world of cybersecurity, those who act early are the ones who stay secure.

We welcome this strategic direction from the European Commission. It reinforces what we’ve long argued: quantum readiness is not a theoretical concept. It is a technical, operational, and political necessity. As EU member states mobilise to implement this roadmap, Decent Cybersecurity will be there as a partner, a provider, and a proactive contributor to a secure European digital future.