Views: 619
Quantum computing has been used to radically transforming existing cryptography, by creating, at the same time, new threats to data security. The Commission’s commitment (through the engagement with stakeholders) is to equip the member state and developers with the modern facilities available for a post-quantum cryptography world. These steps include the collection of feedback on the published roadmap (and an updated/additional roadmap), aimed at using a more complex form of cybersecurity, by exploring the post-quantum cryptography, PQC.
Background
Post-quantum cryptography, PQC provides a new generation of cryptographic algorithms designed to withstand attacks by future quantum computers; the PQC (sometimes referred to as quantum-proof, quantum-safe, or quantum-resistant) is the development of cryptographic algorithms (usually public-key algorithms) that are currently thought to be secure against a crypto-analytic attack by a quantum computer.
Henna Virkkunen, Executive Vice-President for Technological Sovereignty, Security and Democracy, said in June 2025, what while entering the quantum era, the “post-quantum cryptography is essential to ensure a high level of cybersecurity” and defending the EU digital systems against future threats. Thus, the PQS’ roadmap provides a “clear direction to ensure the robust security of the EU’s digital infrastructure”, she added.
Quantum technologies can perform complex tasks and lead to solutions for numerous modern global challenges, i.e. climate mitigations, detecting natural disasters and finding new solutions in healthcare.
The quantum technology’s potential in delivering societal benefits, somehow, are associated with the accompanied misuse’s risks that can pose to the cybersecurity of the EU-wide communications and connected infrastructure. An effective solution to these challenges is post-quantum cryptography, which uses encryption methods based on complex mathematical problems that even quantum computers find difficult to solve.
The Commission has recommended that all EU member states should start transitioning to post-quantum cryptography by the end of 2026. At the same time, the protection of critical infrastructures should be transitioned to PQC as soon as possible, no later than by the end of 2030.
Thus, in a response to the Commission’s Recommendation published in April 2024, the NIS Cooperation Group developed the roadmap strategy, reflecting the need for European urgent actions, as the development of quantum computers advances rapidly.
For the development of the roadmap, the Commission recommended to establish a working program on PQC with the NIS Cooperation Group. This document is the first deliverable and is meant to be a first high-level paper aimed at the EU member states. It includes a set of recommendations that the states might need to implement for a synchronised transition to PQC, as well as measures to ensure that all stakeholders are well informed on the quantum threat to cryptography.
Source and reference to: https://digital-strategy.ec.europa.eu/en/news/eu-reinforces-its-cybersecurity-post-quantum-cryptography
About the NIS Cooperation Group
Most states in the world, as well as private entities, are actively pursuing the capabilities of quantum computers, which open-up exciting new possibilities. However, the consequences of this new technology include threats to the current cryptographic standards that ensure data confidentiality, integrity and supporting key elements of network security. While quantum computing technologies capable of breaking public key encryption algorithms in the current standards do not yet exist), government and critical infrastructure entities are obliged to cooperate in order to be ready for a new post-quantum cryptographic standard to defend against future threats.
The US was among the first states in the world (in July 2022) to establish a PQC initiative to unify and drive national efforts to address threats posed by quantum computing. In coordination with interagency and industry partners, the new initiative was cooperating with the Department of Homeland Security and the Department of Commerce’s National Institute of Standards and Technology to support critical infrastructures, government networks and operators during the transition to post-quantum cryptography.
Critical infrastructure systems rely on digital communications to transmit data. To secure the data in transit, data encryption built into the devices and systems protects the data from tampering and espionage. As quantum computing advances over the next decade, it presents increasing risk to certain widely used encryption methods.
Source: https://www.cisa.gov/quantum
Thus, the Group’s main aim is to achieve a high level “common security structures” for the EU-wide digital network and information systems; NIS supports and facilitates the strategic cooperation and the exchange of information among the EU member states, as is explicitly described (art.11) in the NIS Directive.
The NIS Cooperation Group functions according the European Commission Implementing Decision of February 2017 and follows its own rules of procedure; the European Commission serves as the secretariat of the Group.
On implementing decision in: https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32017D0179&from=EN
On the operational side, the NIS Cooperation Group is supported by the work of the network of Computer Security Incident Response Teams (CSIRTs), dedicated to sharing information about risks and ongoing threats, and cooperating on specific cybersecurity incidents. The CSIRTs network was established under Article 12 of the NIS Directive, which also defines its role. The NIS Cooperation Group provides strategic guidance for the activities of the CSIRTs network.
The NIS Cooperation Group is also working closely with the European Cooperation Network on Elections to counter threats to electoral processes under a new joint operational mechanism set-up as a part of the European Democracy Action plan.
More on “Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography”, in: https://digital-strategy.ec.europa.eu/en/library/coordinated-implementation-roadmap-transition-post-quantum-cryptography
Perspectives
The Commission invites the public (and in particular providers of critical infrastructures, industry stakeholders and academia), to give feedback on the roadmap in a public consultation. The EU is expected concrete proposals for the document in the consultation, e.g. by providing additional text targeting specific challenges of relevant sectors. Submissions will undergo a review process, and promising proposals will be invited to provide more details.
Contributions can also include mentioning of open-source tools that could be of benefit for all actors impacted by the transition (except product advertisement).
The feedback deadline is until 29 September 2025; thus, the feedback would assist the initiative applicants to guiding through all the steps toward new vision in the quantum-resistant European digital infrastructures.