THE DEADLINE JUST MOVED. AGAIN.

That should concern every board, regulator, CISO and risk committee still treating post-quantum cryptography as a distant technology problem.

The United States has issued a new Executive Order accelerating PQC migration requirements.

Notably:

• PQC key establishment for High Value Assets by 31 December 2030

• PQC digital signatures for High Value Assets by 31 December 2031

This is the second major shift in federal timing expectations.

That matters.

Governments do not compress cryptographic transition windows for entertainment. They do it because their assessment of risk, capability, timelines, or all three, has changed.

The headline is not the encryption deadline.

The headline is digital signatures.

For years, discussion centred on Harvest Now, Decrypt Later.

This order goes further.

Digital signatures underpin software integrity, identity, trust chains, certificates, firmware updates, financial transactions and national infrastructure. A compromised encryption system exposes data. A compromised signature system undermines trust itself.

The world is moving faster than many organisations anticipated.

Not because a cryptographically relevant quantum computer has suddenly appeared.

Because governments responsible for protecting critical infrastructure are no longer planning around theoretical timelines. They are planning around implementation reality.

Five years sounds like a long time.

It is not.

Cryptographic discovery, dependency mapping, inventory validation, remediation planning, vendor engagement, testing, governance and migration can consume years before a single production key is replaced.

The organisations still debating whether they need a PQC strategy may have missed the point.

The discussion has moved on.

The timetable just proved it.

#PQC #PostQuantumCryptography #QuantumRisk #CyberSecurity #Governance #RiskManagement #Cryptography #DigitalTrust

www.sitg-consulting.com