On Monday 23 June, Member States and the European Commission published a ‘roadmap’ and timeline for the coordinated implementation at European level of the “transition to post-quantum cryptography”, with a view to strengthening the Union’s cybersecurity.
This ‘roadmap’, drawn up by the NIS Cooperation Group (established by the directive of the same name, which is responsible for facilitating European strategic cooperation in terms of cybersecurity), should anticipate the needs and adjustments required to achieve this objective.
The Commission believes “that all Member States [should] initiate a national PQC transition strategy [...] by the end of 2026”.
“By 2035, the transition should be completed for as many systems as practically feasible. This ambitious timeline is justified by the severe consequences broken cryptography would have on safeguarding data and securing sensitive communications which are vital for the EU’s and its Member States’ society, economy, security and prosperity”, explains the ‘roadmap’.
According to the document, the EU27 must take a series of “first steps” to initiate the transition: create a “national awareness and communication program”, carry out “quantum risk analysis”, start a dialogue with product and service suppliers, create “dependency maps” of internal and external dependencies for applications, products, platforms and operations, and identify and involve “important” national stakeholders.
Secondly, Member States will have to provide sufficient funding for the transition, ensure cooperation between the various players, “adapt [their own] certification schemes” for cybersecurity and amend their laws accordingly.
As for the Commission, it will be able to play the role of mediator between players (industry, etc.) and implement “supportive measures [...] with actions under the Digital Europe programme and Horizon Europe”.
See the roadmap: https://aeur.eu/f/hi9 (Original version in French by Isalia Stieffatre)