Post-Quantum Prep Should Start Now, Says German State
Data Breach TodayArchived Jun 08, 2026✓ Full text saved
It May Already Be Too Late, Says Athene The transition to post-quantum cryptography will be a heavy lift. Experts from Germany's National Research Center for Applied Cybersecurity say there's plenty that can be done in the short term to prepare for a world in which classical cryptography is no longer able to protect secrets.
Full text archived locally
✦ AI Summary· Claude Sonnet
Geo-Specific , Next-Generation Technologies & Secure Development
Post-Quantum Prep Should Start Now, Says German State
It May Already Be Too Late, Says Athene
David Meyer • June 8, 2026
Share Post Share
Credit Eligible
Get Permission
A 3D rendering of a quantum computer. (Image: Bartlomiej K. Wroblewski/Shutterstock)
The transition to post-quantum cryptography will be a heavy lift. Experts in Germany say there's plenty that can be done in the short term to prepare for a world in which classical cryptography is no longer able to protect secrets.
See Also: Does Office 365 Deliver The Email Security and Resilience Enterprises Need?
The National Research Center for Applied Cybersecurity, or Athene, published in late May a comprehensive operational guide for post-quantum computing with funding from the authorities in the state of Hessen, home to the financial hub of Frankfurt. The guide is for the benefit of Hessian local authorities, and co-author Leonie Wolf told ISMG that this makes it applicable to organizations of all sizes. "There's a wide range, from very small towns with only one or two people working in IT to bigger cities," she said.
For now, classical asymmetric encryption and signature mechanisms such as Diffie-Hellman key exchange and RSA remain excellent at what they do. But the advent of quantum computers promises to change that by making it possible to use methods such as what's known as Shor's algorithm to break these public-key cryptography schemes.
Quantum computers are still research projects, with high error rates precluding commercialization anytime soon. But the implications are immediate because of the possibility of threat actors scooping up encrypted data now and decrypting it once quantum computers become viable. "Even if quantum computers are only real in 10 years' time, it means for the message you're exchanging right now, the threat is real," Wolf said.
With that urgency in mind, European authorities have been setting out timelines for the transition. A year ago, a European Union road map set a 2035 deadline for completing the switch. Germany is sticking to that date, though French ministries have been told to deploy PQC for sensitive data by the end of 2030 (see: Europe Preps for Post-Quantum Computing).
Wolf and her colleagues from Athene worked with various Hessian local authorities when drawing up the newly-released operational guidance. She suggested the transition hasn't been too much of a hard sell, given both the "harvest-now-decrypt-later" issue and the ever-increasing list of security incidents and cyberthreats hitting the headlines. "We sent out an invitation to a mailing list and there were so many participants in our workshops," Wolf said. "To me, that's a sign that there's a lot of interest in the topic."
Still, Wolf said, it makes sense to start the transition with "no-regret moves" that generally improve IT security in the organization while also smoothing the path for a future switch to post-quantum computing. That means figuring out who is going to be affected, getting them on board and then drawing up a comprehensive inventory of the existing IT infrastructure - systems and applications, external dependencies, communications protocols, software libraries, and cryptographic algorithms and parameters.
"Whatever you're going to do with your cryptography and your IT security in general, you're going to need to have that overview," Wolf said. She also noted how much local authorities and companies often struggle with just that first step. "That gives an impression of how huge this project is," she said.
The work will definitely be necessary. "You always need to balance it and it highly depends on your individual risk and the individual time that you need your communication to be secure," Wolf said. "If it's very important that communications stay secure for 20-30 years, you're probably already too late. If it only needs to be secure for five years, you probably still have a few years."
Athene's guidance bases its risk-analysis advice on a scoring system set out in the EU road map - factoring in the vulnerability of current encryption mechanisms, the potential damage if the data is compromised and the migration effort that's in store - plus further details set out in a 2024 guide published by Dutch authorities.
Per Athene, vulnerability assessments should take into account the combinations of algorithms that are used and the way in which they are used together. If the algorithms are used in a hybrid setup, the assessment will correspond to the security of the strongest element. But if they're being used in parallel, the weakest link could bring everything down.
One major issue for public sector organizations - and many companies too - is the specialist applications that were built for them and that "generally cannot be converted to PQC either quickly or independently," as the Athene guidance notes.
In many cases, organizations can still take some steps toward migrating these systems, especially if they have standard components that already support quantum-resistant or hybrid mechanisms. Athene stresses that the harvest-now-decrypt-later problem requires an initial focus on transmission paths, where options are already available - the widely-used OpenVPN standard has a quantum-resistant implementation, and version 1.3 of the associated Transport Layer Security protocol is also post-quantum computing-friendly, as are current versions of the OpenSSH remote-admin tool.
"Our suggestion is to start where your risk analysis revealed you should start because the risk is high - but also where it's easy to start, because there might be many applications where you can simply use TLS, for example," Wolf said.
As for applications that are unlikely to see post-quantum computing support anytime soon, if ever, the guidance recommends operating them behind a reverse proxy or over a quantum-resistant VPN connection.
At some point, those applications will need to be replaced, which is where procurement strategies come in. The Athene guidance spells out the documentation that potential vendors should have to provide for the sake of transparency and recommends that they should be able to demonstrate support for at least one quantum-resistant key exchange mechanism and - certainly for particularly sensitive systems - at least one quantum-resistant signature algorithm. The guidance refers to technical guidelines issued earlier this year by the German Federal Office for Information Security.
It's a laborious process and therefore one that needs to be considered as soon as possible, Wolf warned - particularly in the case of Germany's heavily regulated public sector.
"Local authorities have very strict tendering rules to follow - they say what they need and companies can apply, and most of the time they have to take the cheapest offer if the company meets the other criteria," Wolf said. "The local authorities need to focus on what the requirements are for the tender. That needs a lot of time because most of the time, if a local authority does one of those tenders, it's fixed for years."