← Back to Blog
Post-Quantum CryptographyCybersecurityComplianceFederalData Security

Post-Quantum Cryptography: Why the Transition Has to Happen Now

Lattix branded cover for Post-Quantum Cryptography: Why the Transition Has to Happen Now. /03 section number, FIPS 140-2 sunset date, IBM Plex Mono on dark grid background, surgical yellow accent.

The deadline is not 2030 or 2035. The deadline is data already in transit and at rest today.

September 21, 2026 moves all FIPS 140-2 modules to historical status. After that date, federal procurement requires FIPS 140-3 validation, and new submissions must support post-quantum algorithms or include a credible roadmap. January 2027 is the NSA's deadline for new National Security System acquisitions to meet CNSA 2.0, which means ML-KEM-1024 for key encapsulation and ML-DSA-87 for digital signatures.

Both deadlines fall before the public conversation about the quantum threat assumes they will. Both apply to systems already in production.

Why "wait for quantum computers" misses the threat

Adversaries do not need a cryptographically relevant quantum computer (CRQC) to defeat current encryption. They need storage, patience, and any encrypted secret with a long confidentiality lifetime. Health records, defense communications, source code, financial instruments, classified intelligence, and most regulatory data fall into that category.

NSA, CISA, and the Five Eyes intelligence community publicly attribute nation-state collection programs targeting encrypted traffic. Captured traffic against systems still using RSA-2048, ECDH P-256, or ECDSA P-256 will be decrypted on day one of CRQC availability. The cost of waiting is paid before the quantum computer exists.

Estimates of the CRQC threshold range from 2030 to the late 2030s. The threat to data with twenty-year confidentiality is already here. Treating PQC migration as a 2030 project misreads the calendar.

<Callout type="quote"> The harvest-now-decrypt-later threat does not wait for the quantum computer. It waits for the encryption to fail. </Callout>

The migration is not the algorithm

Replacing RSA with ML-KEM-768 is a one-line config change in a textbook. In production, almost no enterprise can answer the prerequisite question: where is cryptography actually being used, with what algorithms, and on what keys. The patchwork of TLS configurations, hard-coded libraries, aging HSMs, and third-party SDKs that runs most enterprise systems has no cryptographic inventory.

Meta published its PQC migration framework in April 2026. The framework describes five maturity levels from PQ-Unaware to PQ-Enabled, and six migration steps. The first step is not algorithm selection. It is inventory.

NIST IR 8547 (Transition to Post-Quantum Cryptography Standards) and the NCCoE Migration to Post-Quantum Cryptography project both center the same prerequisite. Cryptographic agility, the architectural property of swapping algorithms without rewriting the application layer, is the real migration work. Without it, a 2030 deadline is unreachable.

The data-centric architecture is the agility layer

Data-centric zero trust binds policy to the object, not to the channel. Encryption lives in the data object's metadata, not in the network protocol. A policy enforcement point (PEP) selects the key encapsulation mechanism based on the object's classification, the requesting principal's attributes, and the operational context.

This pattern decouples the cryptographic primitive from the application. Lattix Technologies implements ML-KEM-768 for civilian federal workloads and ML-KEM-1024 plus ML-DSA-87 for CNSA 2.0 National Security Systems at the policy decision point (PDP). Algorithm rotation happens at the data layer through key wrapping, with no rebuild of consumers, services, or storage.

Merkle-tree lineage anchored in content-addressed storage records which algorithm protected which object at which time. Post-migration audit becomes a query, not an investigation. Organizations running data-centric zero trust are PQ-Capable in the Meta framework's terms before the conversation starts.

<StatPanel number="2026-09-21" label="FIPS 140-2 SUNSET" caption="After this date, federal procurement requires FIPS 140-3 validation, and new submissions must support post-quantum algorithms or carry a credible roadmap." />

What changes in the next twelve months

CISA's January 2026 product category list pushed PQC readiness into federal acquisition language. Solicitations closing through Q4 2026 and FY27 require named parameter sets, not "PQC-ready" marketing claims. ML-KEM-768 satisfies civilian federal procurement, while ML-KEM-1024 plus ML-DSA-87 satisfies National Security Systems.

NSA's April 2026 clarification narrowed the field. Vendors that listed ML-KEM-768 against NSS workloads are revising statements. DoD program offices building FY27 acquisition packages now have a binary criterion: the product either implements ML-KEM-1024 and ML-DSA-87 against the published test vectors, or it does not.

Hybrid PQC modes, classical and post-quantum running in parallel, are the migration path for production systems that need to satisfy today's interoperability and tomorrow's compliance. The hybrid window closes when CNSA 2.0 reaches full enforcement.

The deadline already running

The PQC transition is not about one algorithm replacing another in 2030. It is about whether an organization has the cryptographic agility to swap algorithms when the parameter sets change again, which they will, before the CRQC threshold arrives. The deadline that matters is the one already running. Adversaries collect long-lived encrypted data now.

References

← Back to Blog