A Banker’s Guide to Quantum Safe Cryptography - Part 1: The Compliance Mandate for PQC Migration

EXECUTIVE SUMMARY

Financial institutions in Europe face an urgent dual mandate: migrate to post-quantum cryptography (PQC) to counter looming quantum threats, while complying with new regulatory standards that demand stronger cryptographic controls.

Upcoming EU regulations like the Digital Operational Resilience Act (DORA) and NIS2, as well as industry standards such as PCI DSS 4.0, require banks and payment providers to upgrade their encryption practices and demonstrate rigorous key management.

All this is happening as quantum computing advances raise the risk of “harvest now, decrypt later ” attacks, wherein adversaries steal encrypted data today to decrypt once quantum capabilities mature. This risk is highlighted by NIST and CISA guidance. The EU’ s coordinated PQC roadmap asks Member States to start transition activities by end-2026 and to secure high-risk systems, including critical financial infrastructure, with PQC by end-2030. It also signals completing as much of the remaining transition as feasible by 2035.

Outside the EU, the NSA’ s CNSA 2.0 guidance sets category-based milestones for migrating away from classical algorithms; these are informative for multinational institutions rather than binding on EU entities. In short, the clock is ticking for banks to achieve crypto agility – the ability to swiftly swap and upgrade cryptographic algorithms – and to modernize their key management across fragmented on-premises and cloud systems .

This white paper addresses the topic in three parts:

1. The regulatory drivers behind this push.

2. The challenges financial institutions face (from crypto‐inventory fragmentation and talent gaps to audit fatigue, tight deadlines, and HSM and cloud exit-strategies).

3. Strategic solutions to navigate the transition. We emphasize practical approaches such as establishing a centralized, crypto-agile key management program, adopting hybrid classical–PQC encryption schemes, and preparing governance and infrastructure for a post-quantum era.

THE COMPLIANCE MANDATE FOR PQC MIGRATION

Several recent regulations and industry standards – particularly in the EU, but also globally – are driving financial institutions to strengthen cryptographic controls and plan for PQC. Below we outline the key drivers.

EU Digital Operational Resilience Act (DORA)

DORA is an EU regulation focused on ICT risk in financial services, effective 17 January 2025. It mandates formal policies for encryption and cryptographic key management. Under the Commission ’ s RTS, firms must have a written encryption and cryptography policy covering data at rest and in transit and, where necessary, in use; include criteria for selecting techniques; and include lifecycle key management plus a register of certificates for ICT assets supporting critical or important functions. This means European financial entities need to ensure state-of-the-art encryption is applied to all sensitive data, with robust key usage, protection, rotation and storage practices. While DORA does not explicitly mention quantum-safe algorithms, its requirement to follow leading practices and standards in cryptography implies that firms should be ready to adopt new algorithms (like PQC) as they become standard. This creates a de facto imperative for crypto agility: policies must provide for updating cryptography based on developments in cryptanalysis.

NIS2 Directive

NIS2 is the EU’ s update to the Network and Information Security directive, widening its scope to include banks and other critical sectors. It requires organizations to implement appropriate cybersecurity risk management measures. Encryption and cryptography are explicitly highlighted as part of these baseline measures: Article 21 requires “ policies and procedures regarding the use of cryptography and, where appropriate, encryption, ” and measures must reflect the state of the art” . Furthermore, NIS2 expects security measures to reflect the latest technological advances, suggesting that regulators expect firms to transition off outdated ciphers (e.g. legacy RSA or SHA-1) in favor of modern algorithms.

Although NIS2 doesn ’t set specific deadlines for PQC, it creates regulatory pressure to demonstrate strong encryption for data in transit and at rest and to be prepared to upgrade cryptography as needed. Adopting PQC is a credible way to demonstrate state-of-the-art protection for long-lived data.

EU Co-ordinated PQC Migration Roadmap

The Commission issued a Recommendation in April 2024; the NIS Cooperation Group published the initial roadmap in June 2025. This EU PQC roadmap sets clear timelines: By 31 December 2026, Member States should have initiated national strategies and inventories; by 31 December 2030, high-risk use cases, including critical financial systems, should be transitioned to PQC; by 2035, as many remaining systems as practicable should be completed. This roadmap, developed via the EU NIS Cooperation Group, has strong political backing and effectively establishes 2030 as the EU’ s target deadline for quantum-proofing vital sectors including banking. The message for financial institutions is that regulators expect them to be PQCready within the next 5years for core systems. Even though 2035 is given as an outer horizon for stragglers, EU authorities emphasize that waiting until 2035 is risky; a cryptographically relevant quantum computer could feasibly exist by around 2030 according to some experts. Thus, EU regulators are urging a proactive approach, pulling forward deadlines for critical use cases to 2030. This EU roadmap is a key driver because it effectively forewarns financial entities that future supervisory assessments may require evidence of PQC migration plans and progress in line with these dates.

PCI DSS 4.0

The Payment Card Industry Data Security Standard version 4.0 applies globally where cardholder data is processed. PCI DSS v3.2.1 retired on 31 March 2024.

PCI DSS v4.0 has been applied since then, and many future-dated requirements became effective on 31 March 2025. PCI DSS 4.0 significantly elevates cryptographic requirements for compliance. Requirement 4.2.1 requires only trusted, valid certificates for PAN (primary account numbers) transmissions over open networks and prohibits fallback to insecure versions or algorithms; Requirement 4.2.1.1 introduces an inventory of trusted keys and certificates used to protect PAN in transit. These were future-dated until 31 March 2025. All cryptographic keys that protect cardholder data must be managed with documented procedures for generation, distribution, storage, rotation, and revocation. Strong cryptography must protect PAN both in transit and at rest, and only industry-accepted algorithms of adequate strength are allowed. While PCI DSS 4.0 does not explicitly mention post-quantum algorithms, its spirit is to enforce crypto best practices.

Achieving compliance will push institutions toward crypto-agility – for instance, if new algorithms become recommended or if vulnerabilities are found in older ciphers, organizations must be able to adapt quickly. Moreover, PCI 4.0’ s stringent logging and audit requirements for crypto keys (e.g. proving certificates are valid, not expired, with continuous monitoring) mean that centralized key management and automation are now essential to pass audits. In summary, PCI DSS 4.0 is a driver for improving cryptographic hygiene today, which in turn lays groundwork for adopting PQC in the near future as part of maintaining “ strong encryption ” in the PCI sense.

U.S. CNSA 2.0 and Global Standards

Outside the EU, global standards bodies and governments are also steering the move to PQC, which influences multinational financial institutions. In the United States, the National Security Agency ’ s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) provides a roadmap for U.S. national security systems to adopt quantum-resistant cryptography. CNSA2.0 mandates phasing out RSA/ECC and moving to lattice- and hash-based algorithms that resist quantum attacks. CNSA 2.0 sets categorybased milestones, including compliance for certain new acquisitions by 2027 and further transitions through 2030–2031, with broader completion targets into the 2030s. Treat these as directional signals for interoperability rather than a single cutover date. U.S. federal directives like National Security Memo10 similarly set 2035 as a target for completing PQC migration in federal IT. These timelines, albeit slightly looser than the EU’ s 2030 target for critical systems, underscore a global consensus that the next ~10 years are the window for action.

Additionally, NIST has now standardized several PQC algorithms: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) were published August 2024. In March 2025 NIST selected HQC as a backup KEM for standardization. NIST is urging organizations to begin integrating these new algorithms “ as soon as possible, ” warning that full integration will take time and should start now. Financial institutions that operate globally or interface with US-based systems will need to align with these standards. For instance, future versions of protocols (TLS, X.509 certificates, etc.) will incorporate PQC algorithms. Being cryptoagile and compliant means anticipating these changes so that when regulators or industry groups (like ISO, SWIFT, or card networks) mandate quantum-safe crypto, the organization can comply with minimal disruption.

Why These Drivers Matter

Collectively, the EU and US roadmaps and standards create a clear regulatory imperative for action. European banks should expect supervisory expectations under DORA and NIS2 to encompass quantum risk, while PCI 4.0’ s future-dated cryptographic controls took effect on 31 March 2025 for card operations. Global banks also heed NSA/NIST guidance to stay ahead of threats. The common theme is that regulators and standard-setters now expect a formal PQC migration strategy from critical institutions. Organizations will be asked to inventory their cryptographic estate and provide plans or evidence of quantum readiness within the next 1–2 years in some jurisdictions. Those without a plan risk non-compliance and elevated operational risk. The next whitepaper discusses the on-the-ground challenges that make achieving these goals difficult for financial institutions.

cryptomathic_symbol_core_negative_transparent

APPENDIX: INSTITUTIONS, STANDARDS, REGULATIONS AND REFERENCES

EUROPEAN UNION

European Commission

The EU’ s executive body responsible for regulations, directives, and recommendations affecting financial institutions and cybersecurity.

ENISA (European Union Agency for Cybersecurity)

EU agency providing expertise and studies on cryptographic resilience and post-quantum migration.

NIS2 Directive (Directive (EU) 2022/2555)

Expands the EU cybersecurity framework to cover banks and critical infrastructure. Requires “state-of-theart” encryption and explicit policies for cryptography. Reference: EUR-Lex

DORA – Digital Operational Resilience Act (Regulation (EU) 2022/2554)

Regulation effective January 2025 requiring ICT risk management in financial services, including encryption and key management policies. Reference: EUR-Lex

DORA RTS (Regulatory Technical Standards)

Commission rules specifying encryption and cryptography policy requirements, lifecycle management of keys, and certificate registers. Reference: European Commission

EU Coordinated PQC Roadmap (2024 Recommendation / 2025 Cooperation Group Roadmap)

Milestones: national strategies by 2026, PQC for critical systems by 2030, broad migration by 2035. Reference: European Commission DG CONNECT

UNITED STATES

NIST (National Institute of Standards and Technology)

U.S. standards body leading PQC transition.

FIPS 203 (ML-KEM / Kyber) – NIST PDF
FIPS 204 (ML-DSA / Dilithium) – NIST PDF
FIPS 205 (SLH-DSA / SPHINCS+) – NIST PDF
NIST PQC Homepage – csrc.nist.gov PQC portal
NIST Selected Algorithms (HQC backup KEM, March 2025) – NIST update

NSA (National Security Agency)

U.S. agency setting cryptographic policy for national security systems.

CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) – NSA CNSA 2.0 Guidance
CNSA 2.0 FAQ / Migration Timelines – NSA Cybersecurity Information Sheet
NSA Press Highlight – NSA CNSA 2.0 News Release

CISA (Cybersecurity and Infrastructure Security Agency)

Provides joint factsheets with NIST, e.g. on “Harvest Now, Decrypt Later.” Reference: CISA PQC Factsheet

National Security Memorandum-10 (NSM-10)

U.S. directive requiring PQC migration across federal IT by 2035. Reference: White House NSM-10

GLOBAL INDUSTRY STANDARDS

PCI DSS 4.0 (Payment Card Industry Data Security Standard v4.0.1)

Governs cardholder data protection. Effective March 2024, with future-dated crypto requirements mandatory by March 2025. Reference: PCI SSC Document Library

PCI DSS Timing and Requirements

Reference: PCI SSC Blog

PCI SSC (Payment Card Industry Security Standards Council)

Industry body managing PCI DSS.

IETF (Internet Engineering Task Force)

Standards body developing hybrid cryptography drafts (e.g. hybrid KEMs for TLS 1.3). Reference: IETF Draft on Hybrid Key Exchange

ISO, SWIFT, Card Networks

Global and financial industry standard-setters expected to adopt PQC requirements in upcoming standards.

ETSI (European Telecommunications Standards Institute)

Standards organization with research and technical reports on CBOMs and PQC integration.

KEY CONCEPTS AND RISKS

Crypto Agility

Organizational capability to swap cryptographic algorithms without major redesign. Required implicitly by DORA, PCI DSS, and NIS2.

Harvest Now, Decrypt Later (HNDL)

Adversary model where encrypted data is collected today and decrypted later with quantum computers. References: NIST Quantum Risk Explainer, CISA PQC Factsheet

Hybrid Cryptography

Using classical and PQC algorithms in parallel (e.g. TLS with Kyber + ECDH). References: Cloudflare Blog on Hybrid PQC, Chromium Blog on PQC Trials

A Banker's Guide to Quantum Safe Cryptography

Part 1: The Compliance Mandate for PQC Migration