The EU plans to make digital encryption completely quantum-safe by 2035 at the latest. As quantum computers grow more and more powerful, qbit by qbit, experts on post-quantum cryptography (PQC) have laid a basis for secure encryption in recent years with new algorithms. But if they are to win the race by 2035, they have their work cut out for them in terms of implementation in systems and communication protocols. That is the takeaway from the Fraunhofer Institute for Applied and Integrated Security AISEC’s 2025 PQC Update, which saw the German-speaking PQC community from government agencies, companies, universities and other research institutions gather for the fourth time on May 12 and 13, 2025, to talk about the current state of advancement in post-quantum cryptography (PQC).

As new advances in quantum hardware like IBM’s 2023 156-qbit model and plans for up to 2,000 logical qbits by 2033 emerge, there is also growing concern that cryptographic methods such as RSA and ECC could soon be cracked. It typically takes a minimum of ten years before new cryptography is introduced in application systems, which makes this high time for companies and institutions to get started with their PQC migration. The 4^th PQC Update, held at Fraunhofer AISEC on May 12 and 13, 2025, was marked by cautious optimism because migration to new methods is now possible across many different areas.

There have been seven key advances in PQC on the whole:

1. EU timeline for PQC migration in the works:

A draft EU roadmap calls for making high-risk applications quantum-safe by 2030 and fully concluding the PQC application migration by 2035. A risk-based approach is to prioritize systems where the risk is especially acute.

2. Standardization and certification picking up steam:

NIST and ISO have published initial PQC standards, such as ML-KEM (ISO/IEC 18033-2 DAmd2). The EUCC certification process is also gathering momentum. In Germany, the German Federal Office for Information Security (BSI) is coordinating the changeover. It recommends hybrid approaches that combine traditional and quantum-safe cryptography.

3. Funding measures in Germany placed on a firmer footing:

New funding calls by entities such as the Cyberagentur and the German Federal Ministry of Education and Research (BMBF) support projects focusing on side-channel attacks, quantum cryptanalysis and PQC in automotive OTA updates across fields such as the automotive sector, railways and more.

4. PQC growing more relevant to internet communications:

PQC integrations into protocols such as TLS, SSH and DNSSEC are on the rise. Figures from Cloudflare show that PQC-encrypted HTTPS traffic is up from three to 38 percent in the past year alone.

5. Complexity of PQC migration is manageable:

The recommendation is to take inventory of software, use a cryptographic bill of materials (CBOM) to identify outdated or insecure cryptography and then base the plans for PQC migration on that. There are also warnings about challenges in software supply chains and lack of API compatibility.

6. PQC migration of hardware is possible:

Hardware migration is especially time-critical. Infineon was the first provider to receive a CC certificate for ML-KEM, which it did in 2024. Even so, the long life cycles and limited retrofit capabilities in the hardware space remain significant obstacles.

7. Side-channel attacks recognized as risk factor:

Studies of attacks on UOV methods, quantum-secure public key cryptosystems, show that randomly generated signatures and compressed keys provide protection against a number of fault attacks. Guarding against side-channel attacks is more difficult and more expensive than with traditional encryption methods, by contrast.