Quantum computing poses a serious threat to today’s asymmetric cryptography and is expected to render widely used algorithms such as RSA and ECC obsolete. By contrast, symmetric cryptography (such as AES) and hash functions, maintaining an equivalent level of security can be achieved by increasing key sizes or security parameters. 

In response to this emerging risk, the NIST standardized four post-quantum asymmetric algorithms in August 2024, specifically designed to withstand attacks from quantum computers. 

While quantum computers are not yet powerful enough to carry out such attacks, estimates vary as to when this capability will be reached, with many experts anticipating a timeframe between 2033 and 2037. 

Nevertheless, the “Harvest Now, Decrypt Later” (HNDL) threat—where attackers collect encrypted data today with the intent of decrypting it in the future using quantum computers—makes it critical to protect sensitive, long-lived data well before such machines become operational. 

2025: Regulatory Acceleration 

While 2024 marked the completion of technical standards with the publication of the NIST specifications, 2025 stands out for the acceleration of institutional and regulatory roadmaps. In recent months, several major stakeholders have released their recommendations: 

• The European Union has defined a roadmap for Member States and entities subject to NIS 2 
• G7 Finance has formally integrated the post-quantum transition into its priorities 
• The Bank for International Settlements (BIS) has raised awareness within the banking sector 
• The UK government has published its national post-quantum roadmap 

These announcements build on previously communicated timelines: the NIST released a draft targeting 2035, while the Australian Signals Directorate (ASD) set a 2030 deadline. We expect additional countries to issue similar announcements in the coming months. 

As a result, the post-quantum transition is no longer solely a technological challenge. It is becoming a regulatory and institutional imperative, comparable to past largescale digital transformations. Regardless of the exact timeline for the emergence of quantum computers capable of breaking current cryptographic algorithms, a transition is unavoidable. 

Migrating a complex IT infrastructure is far from trivial. According to a 2022 memorandum, the Biden administration estimated the cost of migrating all U.S. federal agencies at over $7 billion. Such a program spans multiple dimensions—from risk assessment to technical execution—and involves numerous intermediate steps. Dedicated solutions already exist to support and accelerate each phase of this transition. 

The Wavestone Radar: A Market Overview of Solutions 

The 2026 Wavestone Radar of post-quantum migration solutions provides a visual overview of the leading solutions available on the market to support this transition. It has been—and will continue to be—regularly updated and enriched over the coming months. Any company that believes it should be featured is encouraged to contact us. 

The objective of this radar is not to list solutions that have already completed their post-quantum transition, but rather to highlight those that actively support and accelerate the migration process. 

Radar Categories 

Quantum Key Distribution (QKD) was considered but ultimately excluded as a category. While QKD is resistant to quantum computers, it is not technically a post-quantum cryptography technology and is not recommended by regulatory bodies. 

• Inventory: Automating the identification of all cryptographic assets, including the types of cryptography used and their locations 
• Network Analysis: Detecting network traffic that relies on obsolete cryptography using network probes 
• Migration Management: Providing an end-to-end view of the post-quantum transition, often based on inventory or network analysis results 
• PQC compliant HSM / PKI / CLM: Delivering essential digital trust components for most services that are resistant to quantum attacks 
• Libraries / Embedded Services: Encrypting and signing data using versatile cryptographic libraries or cloud integrated solutions 
• Perimeter Protection: Adding an additional layer of security against quantum threats, notably through traffic encapsulation and application wrappers for critical systems 

Inventory: The Cornerstone of Any Migration 

Our initial feedback from supporting post-quantum migration programs highlights a clear reality: it is impossible to plan and budget a migration without visibility into the existing environment. Concretely, organizations need to understand : 

• Which use cases and data are involved? 
• Where is cryptography used across the information system? 
• Which algorithms are currently deployed? 

Conducting an exhaustive inventory of a complex IT infrastructure represents a significant investment. It is therefore critical to prioritize the areas where inventory tools should be deployed first, based on three key criteria: data exposure (data accessible via the internet, exchanged with partners, etc.), long-term data sensitivity and vulnerability to HNDL attacks, and the technical components used to secure this data. Without this upfront visibility—understanding which algorithms are used, for which purposes, and to protect which data-effective migration planning becomes impossible. 

However, cryptographic inventory cannot rely on a single source. Organizations must combine multiple complementary approaches: network probes enable real-time observation of traffic, code analysis identifies cryptographic usage within applications and internal developments, SaaS specific tools and interfaces with external providers reveal third-party dependencies, while existing CMDBs and reference repositories map the overall infrastructure. This multiplicity of sources creates a new strategic need for tools capable of centralizing heterogeneous information and providing a consolidated, actionable view to effectively manage migration. A trend is emerging around the CBOM (Cryptography Bill of Materials) format to standardize these inventories, although it is still too early to assess its actual adoption across the market. 

Inventory thus becomes the foundation of post-quantum migration governance. Without it, organizations are effectively navigating blind. 

Since 2024, the market for digital asset inventory solutions has experienced strong growth, driven by the emergence of highly specialized players focused exclusively on the detection, mapping, and management of IT assets (hardware, software, cryptographic certificates, etc.). These vendors stand out for their deep expertise and ability to address complex environments. 

At the same time, established players in the network and infrastructure space – such as IBM, Samsung, Cisco, and Microsoft – are leveraging their deep knowledge of IT environments to deliver robust solutions. These offerings increasingly integrate advanced network probes and cryptographic inventory capabilities, with growing attention paid to post-quantum cryptography challenges. 

CryptoAgility: A Long Term Objective of the Post-quantum Transition 

Cryptoagility is not merely a technical feature; it is a strategic capability that enables organizations to adapt to cryptographic evolutions without operational disruption. As post-quantum cryptographic (PQC) algorithms increasingly become a regulatory standard, cryptoagility allows business logic to be decoupled from the underlying cryptography, thereby facilitating updates without requiring a complete overhaul of existing infrastructures. 

To adopt a crypto agile approach, organizations must embed flexible and scalable mechanisms from the design phase, capable of adapting to cryptographic advances—whether driven by the quantum threat or by the rapid deprecation of algorithms. 

On the library side, solutions offering a modular approach are now widely available. Tools such as Open Quantum Safe (OQS), compatible with OpenSSL and BoringSSL, or liboqs (Intel), optimized for x86 architectures, enable the integration of NIST standardized post-quantum algorithms (Kyber, Dilithium, SPHINCS+). Bouncy Castle, for its part, provides a unified API for Java and C#, easing the transition between classical and post-quantum cryptography. 

However, the modular approach offered by these libraries must be integrated into a broader ecosystem of specialized tools. In this context, inventory solutions and cryptographic key and certificate lifecycle management tools play a critical role. They enable the establishment of an exhaustive mapping of the cryptographic environment, providing full visibility into all assets that need to be protected. This comprehensive view forms an essential foundation for ensuring data security and implementing truly effective risk management. 

Ultimately, crypto agility goes beyond the technical domain. It is a strategic capability that allows organizations to secure their data sustainably, reduce quantum related risks, and approach the future with greater confidence. The technological building blocks are already in place; what remains is to integrate them today into cybersecurity strategies. 

Perimeter Protection: A Rapid Mitigation Strategy 

Given the scale and complexity of post-quantum migration programs, perimeter protection (edge protection) solutions provide a pragmatic and fast acting approach to reducing exposure across critical data flows. 

These solutions enable the rapid securing of sensitive communication channels—such as VPNs, email, and file transfers – by encapsulating traffic within a post-quantum cryptographic layer, without requiring changes to the underlying applications. This makes it possible to deploy wrappers around critical applications without waiting for their full redesign or migration. 

The primary advantage of this approach lies in the significant time savings it delivers. While a comprehensive application-level migration remains necessary in the medium term and may span several years, perimeter protection offers immediate security for the most exposed assets. This strategy allows organizations to intelligently prioritize the protection of their most sensitive data, while methodically preparing for the broader, long-term migration of their IT infrastructure. 

HSMs and Certifications: A Turning Point in 2025 

In the first version of our radar, we highlighted the lack of certifications for post-quantum Hardware Security Modules (HSMs), which represented a major barrier to their deployment in production environments. 

This situation has since evolved positively. Both the ANSSI and the BSI have now issued three Common Criteria certifications for PQC compatible HSMs (from Samsung, Thales, and Infineon). These certifications mark a significant turning point and pave the way for real-world deployments under operational conditions. 

HSMs play a critical role in the digital trust chain, particularly for: 

• The secure generation and storage of PQC keys, which are significantly larger than their classical counterparts 
• Signature operations within Public Key Infrastructures (PKIs) 
• End-to-end key lifecycle management (rotation, revocation, archiving), ensuring integrity and traceability to maintain the chain of trust 

However, even when certified, these HSMs must still address challenges related to side channel attacks, given the relative immaturity of current implementations of these new algorithms. The scientific community continues to actively assess and analyze these risks. 

IoT and Embedded Systems: The Weak Link 

While the market for PQC solutions is progressing rapidly for traditional IT environments, a worrying gap is emerging for IoT and embedded systems. These devices operate under severe constraints – limited power, reduced processing capabilities, and restricted storage – which directly conflict with the requirements of post-quantum algorithms, inherently more resource intensive than their classical counterparts. 

Deploying PQC on such systems often requires dedicated processors with optimized instruction sets. However, the current hardware ecosystem remains insufficient: few dedicated PQC hardware accelerators are available on the market, and hardware development cycles typically span several years. This technical complexity is compounded by the challenge of upgrading a highly decentralized and heterogeneous device landscape, including widely deployed and hard to access connected objects, mission critical industrial systems where downtime is costly, smart cards with long renewal cycles, and legacy equipment with limited or no update capabilities. 

The risk is clear: a lasting gap could emerge between traditional IT environments, which will progressively migrate to PQC, and embedded IoT systems, which may remain vulnerable for a much longer period. Organizations must anticipate this challenge now by embedding PQC compatibility requirements into their specifications for all new deployments of embedded and connected equipment. 

A Nuanced Market Outlook 

The market has now clearly acknowledged that the post-quantum transition will necessarily begin with a systematic inventory phase and a comprehensive risk assessment, a realization that has reshaped the structure of the ecosystem. This growing awareness is reflected in several encouraging developments: the proliferation of specialized solutions for mapping cryptographic assets; the first official certifications for PQC compatible security modules, confirming their readiness for operational deployment; and the maturity of opensource libraries, now widely supported by the industry. Migration support tools further complement this landscape. In parallel, perimeter security approaches already make it possible to protect sensitive data flows without waiting for a full system overhaul. 

However, this momentum continues to face persistent challenges. Delays in the development of suitable hardware – particularly for IoT and embedded systems – remain a major obstacle, with a still limited availability of low power, PQC compatible processors. Certifications, while promising, remain limited in number and cover only part of the available technological spectrum. Finally, inventory tools, despite becoming increasingly sophisticated, have yet to fully demonstrate their ability to effectively address the complexity and heterogeneity of large enterprise IT environments. 

As a result, while the market has clearly oriented its efforts toward inventory and risk analysis as essential prerequisites for migration, technological and industrial challenges continue to slow largescale adoption. 

Cet article Radar 2026 of Post-quantum Migration Solutions  est apparu en premier sur RiskInsight.

Quantum Threats: a new era for industrial cryptography 

Quantum computing represents a threat to traditional cryptographic algorithms which guarantee integrity, authenticity and confidentiality of communications, including those of OT systems and products. Even if “Q-Day” (the day quantum computers will break current cryptography) is still several years away, the risk is already present: threat actors can already use « Harvest Now, Decrypt Later » attacks by storing encrypted data today to decrypt them as soon as current cryptographic algorithms are broken. Another risk, just as critical, is already appearing: « Trust Now, Forge Later ». Digital signatures or certificates seen as reliable today could be falsified tomorrow, allowing transparent deployment of malwares or even compromising supply chains. Unlike progressive data breach, this attack triggers an immediate collapse of trust and integrity, with massive impacts on industrial environments and smart products. With the European roadmap, structuring 2026, 2030 and 2035, the question hinges on the sequencing of the transition. 

Within the industrial sector, where assets are used for multiple decades, this represents a major concern: OT environments and embedded products depend on critical cryptographic usage that will be directly impacted by the arrival of post-quantum algorithms. 

Key OT and product use cases include: 

• Secure administration of OT systems and products: guarantee the integrity and confidentiality of operations. 
• Digital signatures and firmware integrity: guarantee the reliability of software updates (secure boot, code signing, X.509…). 
• Secure remote access to industrial assets and products: protect VPN, SSH, RDP connections as well as other protocols from future attacks. 
• Data exchanges IT/OT: secure flows between information systems and industrial environments (TLS, MQTTS, HTTPS…). 
• Data confidentiality of industrial processes: preserve the confidentiality of sensitive data in transit or at rest. 
• Secure logging and event history: ensure the traceability and integrity of logs and historical data. 

PQC for OT & Products: Address the constraints while preserving crypto-agility 

OT & Products context: specific constraints 

OT systems and products were never conceived for crypto-agility. Numerous industrial protocols, for instance DNP3, Modbus or MQTT, are not encrypted as of today because OT architecture historically depends more on network isolation than on cryptography, thus there is no reason to think they will be encrypted tomorrow with post-quantum algorithms. 

Nevertheless, encrypted communications will undergo this cryptographic disruption. 

In a second step, multiple OT devices face significant hardware constraints (CPU, memory, storage capacity) and have a very long lifespan, often between 10 and 30 years. Those characteristics make updates difficult and expensive: secure remote update mechanisms are still rare, and firmware signing is not consistently implemented, which is in fact bad practice. 

Those constraints explain why OT environments cannot integrate new cryptographic primitives at the same speed as IT, and why PQC isn’t yet natively considered. 

Nevertheless, even if current products and OT systems aren’t conceived for post-quantum cryptography, the emergence of PQC standards, the evolution of regulatory obligations and the rise of risks linked to quantum computing make this transition essential in the medium term. 

Making crypto-agility operational for the industry and products 

The scoping of the PQC project for Products and OT can be broken down into four main components: 

1. Conduct the cryptographical inventory and prioritize critical assets  

Start the dialogue with your cryptographic platform providers (PKI, KMS, HSM) now, to anticipate the migration. 

2. Conceive and deploy crypto-agile architectures 

Rely exclusively on NIST-standardized algorithms (for instance: ML-KEM, ML-DSA, SLH-DSA) and prohibit any internal development or non-standard library for cryptographical components; prioritizing validated and proven solutions. 

Conceiving crypto-agile architecture implies accounting for the embedded aspect and its constraints (limited memory, PCBs, energy resources). The implementation of PQC algorithms on those systems remains uncertain. Nevertheless, optimized algorithms for embedded systems are starting to emerge and open the way to its realistic adoption. 

3. Progressively migrate through hybridization and iteration  

Transition towards post-quantum cryptography cannot be approached as a one-off project or a “one-shot” migration. It is an iterative process that must be managed and governed over time, by starting with hybridization of algorithms: this is explicitly recommended by ANSSI (France’s National Cybersecurity Agency) and the European Commission. 

Crypto-agility isn’t an option, but a necessity to ensure resilience and compliance for industrial environments and products from the quantum threat. This depends on a structured approach, driven by inventory, architecture, hybrid migration and governance.  

Operational feedback & concrete use cases: stakeholders at different stages 

Our field experience reveals a noteworthy maturity gap between two industrial organizations when dealing with post-quantum cryptography: 

1. Organizations with a rudimentary understanding 

•  Observation: In numerous industrial environments, PQC remains an abstract concept, often seen as distant or limited to experts.  
• Symptoms:  
  • Operational and business teams aren’t part of strategic deliberations on cryptography. 
  • Current roadmaps lack maturity and clarity; the underlying projects costs are often underestimated. Priority remains on service availability; quantum security is therefore deprioritized. 
  • HNDL & TNFL concepts are poorly understood, if not outright ignored.  
• Risks:  
  • Disruption of industrial production processes and data breaches: vulnerable communications between critical assets, based on outdated algorithms, expose sensitive data and can cause interruptions or major disturbances in industrial operations (loss of integrity of the data). 
  • Production downtime caused by abrupt migration: A forced transition towards post-quantum cryptography, without preparation nor crypto-agility, can lead to production interruptions, significant additional costs and severe impacts on operational continuity. 

2. Product suppliers: pioneers already undergoing industrialization 

• Observation: On the contrary, some product suppliers are already ahead (including automotive and smart objects). 
• Symptoms:  
  • PQC projects are prioritized over critical use cases: firmware and update signatures (OTA), device identity management, secure remote access, etc. 
  • Pilot projects are being launched on product lines or representative environments, with concrete feedback on performance, compatibility and robustness of hybrid solutions  
  • The process is being industrialized: Integration of PQC clauses in supplier contracts, automation of cryptographic inventory CBOM, team upskilling, and dedicated governance.

Conclusion & Roadmap: Take action to build a quantum-safe future 

Quantum threat is no longer a distant prospect: it already demands a significant transformation of industrial and product cybersecurity. 

1. Plan ahead to protect the future 

Demystify quantum concepts and incorporate them in your cybersecurity processes, including your products, your OT environments or your IT systems. Planning ahead is the key to preventing a major disruption. 

2. Make crypto-agility a strategic vision

Stop viewing it as merely a technical project, but as a pillar of your resilience and of your digital sovereignty. Build a clear roadmap, with milestones in the short, medium and long term. 

3. Rely on trusted partners 

The market is ready: experts and solutions exist to support you through the modernization and securing of your critical infrastructure. Don’t face complexity on your own.  

4. Industrialize the process

Move from pilot projects to broader rollout:  

• Implement a PQC strategy to map out, prioritize and pilot the migration of critical uses (include PQC clauses in contracts). 
• Start a transition program to modernize trust infrastructure components (PKI, CLM, HSM), automate the inventory and ensure the operational continuity. 
• Rely on peers’ feedback as well as feedback from sectors already engaged in PQC. 

Quantum risk is already there: weakened asymmetric encryption, leaving signatures and data exposed. 

As mentioned previously, we start from the observation that elements that aren’t encrypted today in OT environments are not meant to be encrypted tomorrow with post-quantum algorithms, because already existing measures ensure a risk level judged acceptable. 

In other words, PQC doesn’t aim to transform the entirety of OT, but to protect the uses that really rely on cryptographical components exposed to quantum risk. 

However, this observation doesn’t reduce the importance of planning. 

The two priorities remain as follows: 

• Migrate your assets before 2030 and act today to protect data confidentiality 
• Define your perimeter, build your roadmap, and above all, begin the migration process today. 

Cet article Post-Quantum Cryptography for products & OT: From trends to industrial reality est apparu en premier sur RiskInsight.