Although, I should know the standards and timeline by heart now, and in general, I do – but I’m always anxious I am getting a small detail wrong when talking about the PQC standards and migration timelines and thus, I will re-do the search again and again… For my peace of mind and quick access, I am writing these on my blog (including the links at the end for reference and to keep track of future changes).
PQC standards as of August 2025:
- FIPS 203 : Module Lattice Base Key Encapsulation Mechanism standard (ML-KEM) and previously known as CRYSTALS-Kyber
- FIPSĀ 204 : Module Lattice Based Digital Signature Standard (ML-DSA) and previously known as CRYSTALS-Dilithium
- FIPSĀ 205: Stateless Hash-based Digital Signature Standard (SLH-DSA) and previously known as SPHINCS+
- FIPS 206 : standardisation in progress of FN-DSA (previously known as FALCON)
NCSC Timeframe (UK):
2028 – Discovery tasks completed on all assets and initial PQC migration roadmap created.
2031 – Critical assets have been migrated to PQC cryptography. Refine roadmap.
2035 – Migration to PQC is completed
References:
- https://csrc.nist.gov/projects/post-quantum-cryptography
- https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
- https://www.ncsc.gov.uk/guidance/pqc-migration-timelines
- https://uk.newsroom.ibm.com/IBM-Developed-Algorithms-Announced-As-Worlds-First-Post-Quantum-Cryptography-Standards