News - PQC Consultancy

February 2026

Cisco Ships Full-Stack PQC in IOS XE 26

Cisco has released IOS XE 26 with industry-first full-stack post-quantum cryptography protections for enterprise networking. ML-KEM and ML-DSA are now integrated into TLS, IKEv2, and SSH across Cisco enterprise infrastructure.

India Releases National Quantum-Safe Roadmap

India's task force, led by C-DOT, has released a multi-phased quantum-safe roadmap. Critical infrastructure sectors (defence, power, telecom, space) must begin formal PQC implementation by 2027, with dedicated PQC testing laboratories operational by December 2026 and full nationwide adoption by 2033. India adopts NIST-selected algorithms as the foundation.

Palo Alto Networks Launches Quantum-Safe Security Solution

Palo Alto Networks has made its Quantum-Safe Security solution generally available, combining cryptographic discovery, risk assessment, and cipher translation capabilities. The solution enables instant PQC upgrade of applications and IoT/OT devices through network-layer cipher translation.

NIST Publishes Crypto Agility Guidance (CSWP 39)

NIST has published the final version of CSWP 39, providing strategies and practices for achieving crypto agility — the ability to replace and adapt cryptographic algorithms across protocols, applications, software, hardware, and infrastructure. Essential reading for organisations planning PQC migration.

AWS Expands PQC Across Major Services

AWS has rolled out post-quantum TLS support across Amazon S3 (regional, Tables, Express One Zone), Application and Network Load Balancers, AWS Payments Cryptography, and AWS Private CA (ML-DSA digital certificates). This represents one of the largest single PQC deployments by any cloud provider.

UK NCSC Unveils Three-Phase PQC Migration Roadmap

The UK National Cyber Security Centre has published a formal three-phase migration timeline: Phase 1 (by 2028) — complete discovery and build migration plans; Phase 2 (by 2031) — execute high-priority migrations; Phase 3 (by 2035) — complete full PQC migration. The NCSC also launched a PQC Pilot under its Assured Cyber Security Consultancy scheme.

Signal Introduces Triple Ratchet with Post-Quantum Protection

Signal has announced SPQR (Sparse Post Quantum Ratchet), combining their existing Double Ratchet with ML-KEM 768 to create a Triple Ratchet protocol. Building on their earlier PQXDH implementation, Signal now provides quantum-safe messaging that protects against harvest-now-decrypt-later attacks while maintaining all existing security guarantees.

NIST Publishes First KEM Recommendations (SP 800-227)

NIST has published SP 800-227, the first-ever guidance specifically for Key-Encapsulation Mechanisms (KEMs). This provides critical implementation guidance for organisations adopting ML-KEM, covering secure KEM usage patterns, key lifecycle management, and hybrid deployment approaches.

Apple Adds PQC APIs to All Platforms at WWDC25

Apple has announced CryptoKit PQC APIs for iOS 26, iPadOS 26, macOS Tahoe, tvOS 26, watchOS 26, and visionOS 26. All Apple operating systems now automatically advertise X25519MLKEM768 in TLS 1.3 ClientHello, alongside ML-KEM and ML-DSA support via CryptoKit.

US Executive Order Mandates PQC-Capable Procurement

Executive Order 14306 directs CISA to publish a list of product categories where PQC-capable products are widely available. CISA has released the list (developed with NSA), covering cloud services, web software, networking hardware, and endpoint security. Organisations should now acquire only PQC-capable products when procuring in listed categories.

Canada Publishes Federal PQC Migration Roadmap

The Canadian Centre for Cyber Security (CCCS) has published a formal PQC migration roadmap (ITSM.40.001) for all Government of Canada IT systems. Federal departments must submit initial migration plans by April 2026, complete high-priority migrations by 2031, and finish all remaining systems by 2035. Systems susceptible to HNDL threats are designated highest priority.

NIST Selects HQC as Fifth Post-Quantum Algorithm

NIST has selected HQC (Hamming Quasi-Cyclic) as the fifth post-quantum cryptography algorithm, providing a code-based backup for the lattice-based ML-KEM. This ensures algorithm diversity — if lattice-based schemes are ever compromised, HQC offers an independent mathematical foundation. A draft standard is expected in 2026, with the final standard in 2027.

ETSI Publishes Quantum-Safe Hybrid Key Exchange Standard

ETSI has published TS 103 744 v1.2.1, specifying how to combine classical and post-quantum key establishment schemes into hybrid constructions. This ensures the derived key is at least as secure as the strongest component — critical for the transition period where organisations must run both classical and PQC algorithms simultaneously.

South Korea Announces KpqC Competition Winners

South Korea's KpqC competition has selected its national PQC algorithms: HAETAE and AIMer for digital signatures, SMAUG-T and NTRU+ for key encapsulation. These are Korea's own algorithms developed alongside (but distinct from) NIST selections, providing sovereign algorithm diversity. A national PQC rollout roadmap spans 2025-2035.

EU Publishes Coordinated PQC Implementation Roadmap

The European Commission has published a coordinated implementation roadmap recommending all Member States begin transitioning to post-quantum cryptography by end of 2026, with critical infrastructure completing migration by 2030. The recommendation includes hybrid schemes and applies across public administration and critical infrastructure.

Australia Sets Most Aggressive Western PQC Timeline

The Australian Signals Directorate (ASD) has published updated PQC planning guidance requiring organisations to have detailed transition plans by end of 2026, begin implementing PQC on critical systems by 2028, and cease using traditional asymmetric cryptography entirely by 2030 — the most aggressive timeline of any Western nation.

Singapore Launches NQSN+ Nationwide Quantum-Safe Network

Singapore's IMDA has launched NQSN+ for nationwide quantum-safe network deployment via Singtel, SPTel, and SpeQtral. The CSA also released a Quantum-Safe Handbook and Quantum Readiness Index (QRI) at Singapore International Cyber Week 2025, providing practical tools for organisations to assess their quantum readiness.

China Launches Independent PQC Standardisation Process

China's Institute of Commercial Cryptography Standards (ICCS) has launched its own independent call for PQC algorithm proposals, diverging from NIST-led efforts. Stage A (2025 Q4 - 2026 Q4) focuses on national GB/T PQC standards for key encapsulation and digital signatures. This could result in a bifurcation of global PQC standards between US-aligned and China-aligned ecosystems.

News & Updates