Quantum computing is not some far-off theory anymore, and the threat to today’s encryption is real with the clock running for organizations to be resilient. And for banks and finance organizations sitting on mountains of sensitive data, the urgency to prepare for post-quantum cryptography (PQC) is growing.
With Q-day (the day a powerful quantum computer breaks today’s RSA and ECC algorithms) possibly arriving as early as 2028, today’s encryption won’t hold for much longer. That puts financial institutions—prime targets with high-value customer data, transactions, and proprietary models—at risk of cyberattacks targeting broken encryption.
If any industry should be leading the charge on post-quantum cryptography, it is financial services. Not just because the risks are high—but because the fallout from a cyberattack would be catastrophic. Around the world, regulators and industry groups are sounding the alarm and laying out roadmaps to guide financial institutions toward PQC readiness. In this blog, let’s dive into what that really means and why now is the time to start preparing.
The Fast Approaching Quantum Threat
Quantum computing threats are accelerating beyond early predictions. While today’s quantum computers can’t yet break our strongest encryption, the hardware required will close the gap rapidly. What felt like a 2030s problem now threatens to arrive earlier. This means today’s widely used asymmetric algorithms like RSA and ECC are at high risk of being cracked by then, putting critical financial systems and data at serious risk.
“For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures which enable dynamic legal agreements.”
Moreover, “Harvest Now, Decrypt Later” attacks are underway. Threat actors are capturing encrypted data today so they can decrypt it in the future using powerful quantum computers. That means sensitive financial records, customer data, intellectual property, and internal communications could all be exposed down the line—even if they’re presumed to be secure right now.
For financial organizations handling high-value data that needs to be stored and protected for years to come, the message is clear: don’t wait—begin your preparation for PQC migration today. Waiting until quantum threats are visible or until the threat becomes imminent could lead to data breaches, hefty financial losses, and lasting reputational damage.
Why PQC?
Think of the NIST approved PQC encryption algorithms as the new vault for your most critical assets—built on mathematical problems so tough that neither today’s supercomputers nor tomorrow’s quantum computers can crack them. By swapping in PQC algorithms, you can lock down customer data, preserve transaction integrity, and ensure long-term privacy against quantum‑powered attacks.
You Must Prioritize Post-Quantum Cryptography (PQC) and Shorter TLS Validity Readiness
But there is an even bigger win: retroactive protection. When PQC algorithms are in place, any encrypted data an attacker harvests today stays unreadable tomorrow—even by the most powerful quantum computers. In short, PQC protects both your future communications and everything you’re securing now.
Key Roadblocks to Post-Quantum Cryptography Adoption
Post-quantum cryptography promises unparalleled security, but rolling it out isn’t straightforward. Previous migrations—like SHA-1 to SHA-2—spanned over a decade; transitioning to quantum-secure algorithms is even more complex—and will demand significantly more time and resources.
Lack of Cryptographic Asset Visibility
There is no centralized view of keys and certificates scattered across on-prem servers, cloud environments, endpoints, and third-party services. Security teams are unaware of where sensitive encryption lives or how it’s used. That insight gap makes it significantly harder to assess quantum-risk exposure or prioritize migration efforts.
Integration and Performance Hurdles
Quantum-safe algorithms behave very differently from today’s classical algorithms: they use larger keys, produce bulkier signatures, and demand more compute power. As a result, applications, protocols, and hardware modules often require substantial code rewrites, deep testing, and workflow overhauls—yet real-world PQC expertise remains scarce, making staffing these projects a struggle.
Operational Burden Without Disruption
It all must happen without disrupting critical services or breaching data-retention and compliance mandates. That means extracting legacy encryption from software and hardware, modernizing infrastructure, updating policies, and coordinating cross-team migrations flawlessly—because any slip-up could stall trading platforms, payment systems, or customer portals.
Without a clear, step‑by‑step roadmap, financial institutions risk falling behind as quantum threats materialize. To stay ahead, organizations must start planning, testing, and laying the groundwork for a smooth and secure transition to PQC.
Global Momentum for PQC Adoption
PQC is now a global priority. In the United States, the National Institute of Standards and Technology (NIST) is leading the charge with formal efforts to standardize PQC algorithms that can withstand quantum-level threats.
FIPS 203 (ML-KEM) – The primary standard for general encryption
FIPS 204 (ML-DSA) – The primary choice for digital signatures
FIPS 205 (SLH-DSA) – A digital signature algorithm designed as a fallback option in case vulnerabilities are discovered in ML-DSA.
NIST’s roadmap also includes consideration for two additional algorithms: Falcon and HQC (Hamming Quasi-Cyclic). Once standardized, HQC will provide another option for key encapsulation mechanisms (KEM), while Falcon will support quantum-resistant digital signatures.
Global Guidance on PQC Migration for Financial Organizations
Several countries across the world have released roadmaps for PQC readiness and transition to spur real progress on post-quantum cryptography, especially in the finance sector.
NIST has laid out two critical deadlines: by 2030, classical cryptographic algorithms will be deprecated, and by 2035, they’ll be fully phased out. That’s not as far off as it sounds, especially for financial institutions managing complex infrastructures and long-lived data.
In February 2025, Europol’s Quantum Safe Financial Forum (QSFF) issued a clear call to action for financial institutions, vendors, and policymakers to jump into PQC migration without delay, recommending that they:
Prioritize PQC adoption – Make the transition to quantum‑safe cryptography a top strategic objective.
Coordinate roadmaps – Align goals planning and implementation of PQC across stakeholders.
Use a voluntary framework – Leverage regulator‑industry partnerships instead of new laws.
Modernize crypto governance – Treat this as an opportunity to enhance key and certificate management practices.
Foster global collaboration – Run joint pilots and share insights across private and public sector actors on quantum-safe initiatives.
The United Kingdom’s National Cyber Security Centre (NCSC) is also urging the banking and financial services sector to act early on PQC. To help organizations stay on track, the NCSC has outlined three key milestones:
2028 – Complete discovery of all cryptographic assets
2031 – Migrate critical systems to PQC
2035 – Achieve full migration across all systems, services, and products
Switzerland, too, is echoing the urgency. The Swiss Financial Innovation Desk (FIND) recently released its Action Plan to a Quantum-Safe Financial Future, providing a clear, seven-step roadmap to help financial institutions take the lead in preparing for quantum risk:
Establish quantum risk governance
Assess impacted business and technology components
Minimize new legacy through quantum-safe procurement
Align with industry standards and regulatory expectations
Continuously review and refine your quantum strategy
For financial institutions worldwide, this action plan offers a practical playbook to stay ahead of the curve and build long-term resilience against quantum threats.
Get PQC-Ready Today to Power Quantum-Safe Innovation Tomorrow
As financial services race to deliver faster and smarter experiences, post‑quantum cryptography is more than a security upgrade—it’s a strategic advantage. Leading global banks, including JPMorgan, HSBC and Intesa Sanpaolo, are already investing in quantum computing to achieve breakthroughs in credit scoring, fraud detection, and pricing models. But without weaving PQC into your long‑term roadmap, those quantum investments won’t pay off. Transitioning to PQC and building true quantum resilience is the only way to lock out tomorrow’s threats, safeguard customer trust, and fully capitalize on quantum’s promise for the finance sector.
To help get your PKI and certificate infrastructure ready for the PQC shift, AppViewX AVX ONE CLM accelerates your PQC readiness with end-to-end certificate lifecycle management and crypto-agility, giving you comprehensive visibility, closed-loop automation, and complete policy control of your certificates—all in one powerful solution.
Additional AppViewX Solutions for PQC Readiness
PQC Assessment Tool – A purpose-built solution designed to help organizations prepare for the PQC migration by generating a Cryptographic Bill of Materials (CBOM), delivering a PQC readiness score, and providing remediation steps by scanning code, dependencies, configurations and certificates in enterprise environments.
PQC Test Center – A dedicated free online resource built to help you assess your organization’s PQC readiness by generating and testing quantum-safe private trust certificates prior to their integration into existing systems, applications, workloads, and machines.
PQC-Ready PKI – A modern, agile, and secure private PKI solution, designed to support PQC-enabled certificate issuance.
Quantum computing is not some far-off theory anymore, and the threat to today’s encryption is real with the clock running for organizations to be resilient. And for banks and finance organizations sitting on mountains of sensitive data, the urgency to prepare for post-quantum cryptography (PQC) is growing.
With Q-day (the day a powerful quantum computer breaks today’s RSA and ECC algorithms) possibly arriving as early as 2028, today’s encryption won’t hold for much longer. That puts financial institutions—prime targets with high-value customer data, transactions, and proprietary models—at risk of cyberattacks targeting broken encryption.
If any industry should be leading the charge on post-quantum cryptography, it is financial services. Not just because the risks are high—but because the fallout from a cyberattack would be catastrophic. Around the world, regulators and industry groups are sounding the alarm and laying out roadmaps to guide financial institutions toward PQC readiness. In this blog, let’s dive into what that really means and why now is the time to start preparing.
The Fast Approaching Quantum Threat
Quantum computing threats are accelerating beyond early predictions. While today’s quantum computers can’t yet break our strongest encryption, the hardware required will close the gap rapidly. What felt like a 2030s problem now threatens to arrive earlier. This means today’s widely used asymmetric algorithms like RSA and ECC are at high risk of being cracked by then, putting critical financial systems and data at serious risk.
“For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures which enable dynamic legal agreements.”
Moreover, “Harvest Now, Decrypt Later” attacks are underway. Threat actors are capturing encrypted data today so they can decrypt it in the future using powerful quantum computers. That means sensitive financial records, customer data, intellectual property, and internal communications could all be exposed down the line—even if they’re presumed to be secure right now.
For financial organizations handling high-value data that needs to be stored and protected for years to come, the message is clear: don’t wait—begin your preparation for PQC migration today. Waiting until quantum threats are visible or until the threat becomes imminent could lead to data breaches, hefty financial losses, and lasting reputational damage.
Why PQC?
Think of the NIST approved PQC encryption algorithms as the new vault for your most critical assets—built on mathematical problems so tough that neither today’s supercomputers nor tomorrow’s quantum computers can crack them. By swapping in PQC algorithms, you can lock down customer data, preserve transaction integrity, and ensure long-term privacy against quantum‑powered attacks.
You Must Prioritize Post-Quantum Cryptography (PQC) and Shorter TLS Validity Readiness
But there is an even bigger win: retroactive protection. When PQC algorithms are in place, any encrypted data an attacker harvests today stays unreadable tomorrow—even by the most powerful quantum computers. In short, PQC protects both your future communications and everything you’re securing now.
Key Roadblocks to Post-Quantum Cryptography Adoption
Post-quantum cryptography promises unparalleled security, but rolling it out isn’t straightforward. Previous migrations—like SHA-1 to SHA-2—spanned over a decade; transitioning to quantum-secure algorithms is even more complex—and will demand significantly more time and resources.
Lack of Cryptographic Asset Visibility
There is no centralized view of keys and certificates scattered across on-prem servers, cloud environments, endpoints, and third-party services. Security teams are unaware of where sensitive encryption lives or how it’s used. That insight gap makes it significantly harder to assess quantum-risk exposure or prioritize migration efforts.
Integration and Performance Hurdles
Quantum-safe algorithms behave very differently from today’s classical algorithms: they use larger keys, produce bulkier signatures, and demand more compute power. As a result, applications, protocols, and hardware modules often require substantial code rewrites, deep testing, and workflow overhauls—yet real-world PQC expertise remains scarce, making staffing these projects a struggle.
Operational Burden Without Disruption
It all must happen without disrupting critical services or breaching data-retention and compliance mandates. That means extracting legacy encryption from software and hardware, modernizing infrastructure, updating policies, and coordinating cross-team migrations flawlessly—because any slip-up could stall trading platforms, payment systems, or customer portals.
Without a clear, step‑by‑step roadmap, financial institutions risk falling behind as quantum threats materialize. To stay ahead, organizations must start planning, testing, and laying the groundwork for a smooth and secure transition to PQC.
Global Momentum for PQC Adoption
PQC is now a global priority. In the United States, the National Institute of Standards and Technology (NIST) is leading the charge with formal efforts to standardize PQC algorithms that can withstand quantum-level threats.
FIPS 203 (ML-KEM) – The primary standard for general encryption
FIPS 204 (ML-DSA) – The primary choice for digital signatures
FIPS 205 (SLH-DSA) – A digital signature algorithm designed as a fallback option in case vulnerabilities are discovered in ML-DSA.
NIST’s roadmap also includes consideration for two additional algorithms: Falcon and HQC (Hamming Quasi-Cyclic). Once standardized, HQC will provide another option for key encapsulation mechanisms (KEM), while Falcon will support quantum-resistant digital signatures.
Global Guidance on PQC Migration for Financial Organizations
Several countries across the world have released roadmaps for PQC readiness and transition to spur real progress on post-quantum cryptography, especially in the finance sector.
NIST has laid out two critical deadlines: by 2030, classical cryptographic algorithms will be deprecated, and by 2035, they’ll be fully phased out. That’s not as far off as it sounds, especially for financial institutions managing complex infrastructures and long-lived data.
In February 2025, Europol’s Quantum Safe Financial Forum (QSFF) issued a clear call to action for financial institutions, vendors, and policymakers to jump into PQC migration without delay, recommending that they:
Prioritize PQC adoption – Make the transition to quantum‑safe cryptography a top strategic objective.
Coordinate roadmaps – Align goals planning and implementation of PQC across stakeholders.
Use a voluntary framework – Leverage regulator‑industry partnerships instead of new laws.
Modernize crypto governance – Treat this as an opportunity to enhance key and certificate management practices.
Foster global collaboration – Run joint pilots and share insights across private and public sector actors on quantum-safe initiatives.
The United Kingdom’s National Cyber Security Centre (NCSC) is also urging the banking and financial services sector to act early on PQC. To help organizations stay on track, the NCSC has outlined three key milestones:
2028 – Complete discovery of all cryptographic assets
2031 – Migrate critical systems to PQC
2035 – Achieve full migration across all systems, services, and products
Switzerland, too, is echoing the urgency. The Swiss Financial Innovation Desk (FIND) recently released its Action Plan to a Quantum-Safe Financial Future, providing a clear, seven-step roadmap to help financial institutions take the lead in preparing for quantum risk:
Establish quantum risk governance
Assess impacted business and technology components
Minimize new legacy through quantum-safe procurement
Align with industry standards and regulatory expectations
Continuously review and refine your quantum strategy
For financial institutions worldwide, this action plan offers a practical playbook to stay ahead of the curve and build long-term resilience against quantum threats.
Get PQC-Ready Today to Power Quantum-Safe Innovation Tomorrow
As financial services race to deliver faster and smarter experiences, post‑quantum cryptography is more than a security upgrade—it’s a strategic advantage. Leading global banks, including JPMorgan, HSBC and Intesa Sanpaolo, are already investing in quantum computing to achieve breakthroughs in credit scoring, fraud detection, and pricing models. But without weaving PQC into your long‑term roadmap, those quantum investments won’t pay off. Transitioning to PQC and building true quantum resilience is the only way to lock out tomorrow’s threats, safeguard customer trust, and fully capitalize on quantum’s promise for the finance sector.
To help get your PKI and certificate infrastructure ready for the PQC shift, AppViewX AVX ONE CLM accelerates your PQC readiness with end-to-end certificate lifecycle management and crypto-agility, giving you comprehensive visibility, closed-loop automation, and complete policy control of your certificates—all in one powerful solution.
Additional AppViewX Solutions for PQC Readiness
PQC Assessment Tool – A purpose-built solution designed to help organizations prepare for the PQC migration by generating a Cryptographic Bill of Materials (CBOM), delivering a PQC readiness score, and providing remediation steps by scanning code, dependencies, configurations and certificates in enterprise environments.
PQC Test Center – A dedicated free online resource built to help you assess your organization’s PQC readiness by generating and testing quantum-safe private trust certificates prior to their integration into existing systems, applications, workloads, and machines.
PQC-Ready PKI – A modern, agile, and secure private PKI solution, designed to support PQC-enabled certificate issuance.
Quantum computing is not some far-off theory anymore, and the threat to today’s encryption is real with the clock running for organizations to be resilient. And for banks and finance organizations sitting on mountains of sensitive data, the urgency to prepare for post-quantum cryptography (PQC) is growing.
With Q-day (the day a powerful quantum computer breaks today’s RSA and ECC algorithms) possibly arriving as early as 2028, today’s encryption won’t hold for much longer. That puts financial institutions—prime targets with high-value customer data, transactions, and proprietary models—at risk of cyberattacks targeting broken encryption.
If any industry should be leading the charge on post-quantum cryptography, it is financial services. Not just because the risks are high—but because the fallout from a cyberattack would be catastrophic. Around the world, regulators and industry groups are sounding the alarm and laying out roadmaps to guide financial institutions toward PQC readiness. In this blog, let’s dive into what that really means and why now is the time to start preparing.
The Fast Approaching Quantum Threat
Quantum computing threats are accelerating beyond early predictions. While today’s quantum computers can’t yet break our strongest encryption, the hardware required will close the gap rapidly. What felt like a 2030s problem now threatens to arrive earlier. This means today’s widely used asymmetric algorithms like RSA and ECC are at high risk of being cracked by then, putting critical financial systems and data at serious risk.
“For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures which enable dynamic legal agreements.”
Moreover, “Harvest Now, Decrypt Later” attacks are underway. Threat actors are capturing encrypted data today so they can decrypt it in the future using powerful quantum computers. That means sensitive financial records, customer data, intellectual property, and internal communications could all be exposed down the line—even if they’re presumed to be secure right now.
For financial organizations handling high-value data that needs to be stored and protected for years to come, the message is clear: don’t wait—begin your preparation for PQC migration today. Waiting until quantum threats are visible or until the threat becomes imminent could lead to data breaches, hefty financial losses, and lasting reputational damage.
Why PQC?
Think of the NIST approved PQC encryption algorithms as the new vault for your most critical assets—built on mathematical problems so tough that neither today’s supercomputers nor tomorrow’s quantum computers can crack them. By swapping in PQC algorithms, you can lock down customer data, preserve transaction integrity, and ensure long-term privacy against quantum‑powered attacks.
You Must Prioritize Post-Quantum Cryptography (PQC) and Shorter TLS Validity Readiness
But there is an even bigger win: retroactive protection. When PQC algorithms are in place, any encrypted data an attacker harvests today stays unreadable tomorrow—even by the most powerful quantum computers. In short, PQC protects both your future communications and everything you’re securing now.
Key Roadblocks to Post-Quantum Cryptography Adoption
Post-quantum cryptography promises unparalleled security, but rolling it out isn’t straightforward. Previous migrations—like SHA-1 to SHA-2—spanned over a decade; transitioning to quantum-secure algorithms is even more complex—and will demand significantly more time and resources.
Lack of Cryptographic Asset Visibility
There is no centralized view of keys and certificates scattered across on-prem servers, cloud environments, endpoints, and third-party services. Security teams are unaware of where sensitive encryption lives or how it’s used. That insight gap makes it significantly harder to assess quantum-risk exposure or prioritize migration efforts.
Integration and Performance Hurdles
Quantum-safe algorithms behave very differently from today’s classical algorithms: they use larger keys, produce bulkier signatures, and demand more compute power. As a result, applications, protocols, and hardware modules often require substantial code rewrites, deep testing, and workflow overhauls—yet real-world PQC expertise remains scarce, making staffing these projects a struggle.
Operational Burden Without Disruption
It all must happen without disrupting critical services or breaching data-retention and compliance mandates. That means extracting legacy encryption from software and hardware, modernizing infrastructure, updating policies, and coordinating cross-team migrations flawlessly—because any slip-up could stall trading platforms, payment systems, or customer portals.
Without a clear, step‑by‑step roadmap, financial institutions risk falling behind as quantum threats materialize. To stay ahead, organizations must start planning, testing, and laying the groundwork for a smooth and secure transition to PQC.
Global Momentum for PQC Adoption
PQC is now a global priority. In the United States, the National Institute of Standards and Technology (NIST) is leading the charge with formal efforts to standardize PQC algorithms that can withstand quantum-level threats.
FIPS 203 (ML-KEM) – The primary standard for general encryption
FIPS 204 (ML-DSA) – The primary choice for digital signatures
FIPS 205 (SLH-DSA) – A digital signature algorithm designed as a fallback option in case vulnerabilities are discovered in ML-DSA.
NIST’s roadmap also includes consideration for two additional algorithms: Falcon and HQC (Hamming Quasi-Cyclic). Once standardized, HQC will provide another option for key encapsulation mechanisms (KEM), while Falcon will support quantum-resistant digital signatures.
Global Guidance on PQC Migration for Financial Organizations
Several countries across the world have released roadmaps for PQC readiness and transition to spur real progress on post-quantum cryptography, especially in the finance sector.
NIST has laid out two critical deadlines: by 2030, classical cryptographic algorithms will be deprecated, and by 2035, they’ll be fully phased out. That’s not as far off as it sounds, especially for financial institutions managing complex infrastructures and long-lived data.
In February 2025, Europol’s Quantum Safe Financial Forum (QSFF) issued a clear call to action for financial institutions, vendors, and policymakers to jump into PQC migration without delay, recommending that they:
Prioritize PQC adoption – Make the transition to quantum‑safe cryptography a top strategic objective.
Coordinate roadmaps – Align goals planning and implementation of PQC across stakeholders.
Use a voluntary framework – Leverage regulator‑industry partnerships instead of new laws.
Modernize crypto governance – Treat this as an opportunity to enhance key and certificate management practices.
Foster global collaboration – Run joint pilots and share insights across private and public sector actors on quantum-safe initiatives.
The United Kingdom’s National Cyber Security Centre (NCSC) is also urging the banking and financial services sector to act early on PQC. To help organizations stay on track, the NCSC has outlined three key milestones:
2028 – Complete discovery of all cryptographic assets
2031 – Migrate critical systems to PQC
2035 – Achieve full migration across all systems, services, and products
Switzerland, too, is echoing the urgency. The Swiss Financial Innovation Desk (FIND) recently released its Action Plan to a Quantum-Safe Financial Future, providing a clear, seven-step roadmap to help financial institutions take the lead in preparing for quantum risk:
Establish quantum risk governance
Assess impacted business and technology components
Minimize new legacy through quantum-safe procurement
Align with industry standards and regulatory expectations
Continuously review and refine your quantum strategy
For financial institutions worldwide, this action plan offers a practical playbook to stay ahead of the curve and build long-term resilience against quantum threats.
Get PQC-Ready Today to Power Quantum-Safe Innovation Tomorrow
As financial services race to deliver faster and smarter experiences, post‑quantum cryptography is more than a security upgrade—it’s a strategic advantage. Leading global banks, including JPMorgan, HSBC and Intesa Sanpaolo, are already investing in quantum computing to achieve breakthroughs in credit scoring, fraud detection, and pricing models. But without weaving PQC into your long‑term roadmap, those quantum investments won’t pay off. Transitioning to PQC and building true quantum resilience is the only way to lock out tomorrow’s threats, safeguard customer trust, and fully capitalize on quantum’s promise for the finance sector.
To help get your PKI and certificate infrastructure ready for the PQC shift, AppViewX AVX ONE CLM accelerates your PQC readiness with end-to-end certificate lifecycle management and crypto-agility, giving you comprehensive visibility, closed-loop automation, and complete policy control of your certificates—all in one powerful solution.
Additional AppViewX Solutions for PQC Readiness
PQC Assessment Tool – A purpose-built solution designed to help organizations prepare for the PQC migration by generating a Cryptographic Bill of Materials (CBOM), delivering a PQC readiness score, and providing remediation steps by scanning code, dependencies, configurations and certificates in enterprise environments.
PQC Test Center – A dedicated free online resource built to help you assess your organization’s PQC readiness by generating and testing quantum-safe private trust certificates prior to their integration into existing systems, applications, workloads, and machines.
PQC-Ready PKI – A modern, agile, and secure private PKI solution, designed to support PQC-enabled certificate issuance.
Quantum computing is not some far-off theory anymore, and the threat to today’s encryption is real with the clock running for organizations to be resilient. And for banks and finance organizations sitting on mountains of sensitive data, the urgency to prepare for post-quantum cryptography (PQC) is growing.
With Q-day (the day a powerful quantum computer breaks today’s RSA and ECC algorithms) possibly arriving as early as 2028, today’s encryption won’t hold for much longer. That puts financial institutions—prime targets with high-value customer data, transactions, and proprietary models—at risk of cyberattacks targeting broken encryption.
If any industry should be leading the charge on post-quantum cryptography, it is financial services. Not just because the risks are high—but because the fallout from a cyberattack would be catastrophic. Around the world, regulators and industry groups are sounding the alarm and laying out roadmaps to guide financial institutions toward PQC readiness. In this blog, let’s dive into what that really means and why now is the time to start preparing.
The Fast Approaching Quantum Threat
Quantum computing threats are accelerating beyond early predictions. While today’s quantum computers can’t yet break our strongest encryption, the hardware required will close the gap rapidly. What felt like a 2030s problem now threatens to arrive earlier. This means today’s widely used asymmetric algorithms like RSA and ECC are at high risk of being cracked by then, putting critical financial systems and data at serious risk.
“For the financial industry, the advent of quantum computers poses a risk to customer confidentiality and peer communications, authentication processes, and trust in digital signatures which enable dynamic legal agreements.”
Moreover, “Harvest Now, Decrypt Later” attacks are underway. Threat actors are capturing encrypted data today so they can decrypt it in the future using powerful quantum computers. That means sensitive financial records, customer data, intellectual property, and internal communications could all be exposed down the line—even if they’re presumed to be secure right now.
For financial organizations handling high-value data that needs to be stored and protected for years to come, the message is clear: don’t wait—begin your preparation for PQC migration today. Waiting until quantum threats are visible or until the threat becomes imminent could lead to data breaches, hefty financial losses, and lasting reputational damage.
Why PQC?
Think of the NIST approved PQC encryption algorithms as the new vault for your most critical assets—built on mathematical problems so tough that neither today’s supercomputers nor tomorrow’s quantum computers can crack them. By swapping in PQC algorithms, you can lock down customer data, preserve transaction integrity, and ensure long-term privacy against quantum‑powered attacks.
You Must Prioritize Post-Quantum Cryptography (PQC) and Shorter TLS Validity Readiness
But there is an even bigger win: retroactive protection. When PQC algorithms are in place, any encrypted data an attacker harvests today stays unreadable tomorrow—even by the most powerful quantum computers. In short, PQC protects both your future communications and everything you’re securing now.
Key Roadblocks to Post-Quantum Cryptography Adoption
Post-quantum cryptography promises unparalleled security, but rolling it out isn’t straightforward. Previous migrations—like SHA-1 to SHA-2—spanned over a decade; transitioning to quantum-secure algorithms is even more complex—and will demand significantly more time and resources.
Lack of Cryptographic Asset Visibility
There is no centralized view of keys and certificates scattered across on-prem servers, cloud environments, endpoints, and third-party services. Security teams are unaware of where sensitive encryption lives or how it’s used. That insight gap makes it significantly harder to assess quantum-risk exposure or prioritize migration efforts.
Integration and Performance Hurdles
Quantum-safe algorithms behave very differently from today’s classical algorithms: they use larger keys, produce bulkier signatures, and demand more compute power. As a result, applications, protocols, and hardware modules often require substantial code rewrites, deep testing, and workflow overhauls—yet real-world PQC expertise remains scarce, making staffing these projects a struggle.
Operational Burden Without Disruption
It all must happen without disrupting critical services or breaching data-retention and compliance mandates. That means extracting legacy encryption from software and hardware, modernizing infrastructure, updating policies, and coordinating cross-team migrations flawlessly—because any slip-up could stall trading platforms, payment systems, or customer portals.
Without a clear, step‑by‑step roadmap, financial institutions risk falling behind as quantum threats materialize. To stay ahead, organizations must start planning, testing, and laying the groundwork for a smooth and secure transition to PQC.
Global Momentum for PQC Adoption
PQC is now a global priority. In the United States, the National Institute of Standards and Technology (NIST) is leading the charge with formal efforts to standardize PQC algorithms that can withstand quantum-level threats.
FIPS 203 (ML-KEM) – The primary standard for general encryption
FIPS 204 (ML-DSA) – The primary choice for digital signatures
FIPS 205 (SLH-DSA) – A digital signature algorithm designed as a fallback option in case vulnerabilities are discovered in ML-DSA.
NIST’s roadmap also includes consideration for two additional algorithms: Falcon and HQC (Hamming Quasi-Cyclic). Once standardized, HQC will provide another option for key encapsulation mechanisms (KEM), while Falcon will support quantum-resistant digital signatures.
Global Guidance on PQC Migration for Financial Organizations
Several countries across the world have released roadmaps for PQC readiness and transition to spur real progress on post-quantum cryptography, especially in the finance sector.
NIST has laid out two critical deadlines: by 2030, classical cryptographic algorithms will be deprecated, and by 2035, they’ll be fully phased out. That’s not as far off as it sounds, especially for financial institutions managing complex infrastructures and long-lived data.
In February 2025, Europol’s Quantum Safe Financial Forum (QSFF) issued a clear call to action for financial institutions, vendors, and policymakers to jump into PQC migration without delay, recommending that they:
Prioritize PQC adoption – Make the transition to quantum‑safe cryptography a top strategic objective.
Coordinate roadmaps – Align goals planning and implementation of PQC across stakeholders.
Use a voluntary framework – Leverage regulator‑industry partnerships instead of new laws.
Modernize crypto governance – Treat this as an opportunity to enhance key and certificate management practices.
Foster global collaboration – Run joint pilots and share insights across private and public sector actors on quantum-safe initiatives.
The United Kingdom’s National Cyber Security Centre (NCSC) is also urging the banking and financial services sector to act early on PQC. To help organizations stay on track, the NCSC has outlined three key milestones:
2028 – Complete discovery of all cryptographic assets
2031 – Migrate critical systems to PQC
2035 – Achieve full migration across all systems, services, and products
Switzerland, too, is echoing the urgency. The Swiss Financial Innovation Desk (FIND) recently released its Action Plan to a Quantum-Safe Financial Future, providing a clear, seven-step roadmap to help financial institutions take the lead in preparing for quantum risk:
Establish quantum risk governance
Assess impacted business and technology components
Minimize new legacy through quantum-safe procurement
Align with industry standards and regulatory expectations
Continuously review and refine your quantum strategy
For financial institutions worldwide, this action plan offers a practical playbook to stay ahead of the curve and build long-term resilience against quantum threats.
Get PQC-Ready Today to Power Quantum-Safe Innovation Tomorrow
As financial services race to deliver faster and smarter experiences, post‑quantum cryptography is more than a security upgrade—it’s a strategic advantage. Leading global banks, including JPMorgan, HSBC and Intesa Sanpaolo, are already investing in quantum computing to achieve breakthroughs in credit scoring, fraud detection, and pricing models. But without weaving PQC into your long‑term roadmap, those quantum investments won’t pay off. Transitioning to PQC and building true quantum resilience is the only way to lock out tomorrow’s threats, safeguard customer trust, and fully capitalize on quantum’s promise for the finance sector.
To help get your PKI and certificate infrastructure ready for the PQC shift, AppViewX AVX ONE CLM accelerates your PQC readiness with end-to-end certificate lifecycle management and crypto-agility, giving you comprehensive visibility, closed-loop automation, and complete policy control of your certificates—all in one powerful solution.
Additional AppViewX Solutions for PQC Readiness
PQC Assessment Tool – A purpose-built solution designed to help organizations prepare for the PQC migration by generating a Cryptographic Bill of Materials (CBOM), delivering a PQC readiness score, and providing remediation steps by scanning code, dependencies, configurations and certificates in enterprise environments.
PQC Test Center – A dedicated free online resource built to help you assess your organization’s PQC readiness by generating and testing quantum-safe private trust certificates prior to their integration into existing systems, applications, workloads, and machines.
PQC-Ready PKI – A modern, agile, and secure private PKI solution, designed to support PQC-enabled certificate issuance.
Imagine a brand-new, high-efficiency car. It’s got all the latest tech, promising to get you from point A to point B faster and more smoothly than ever.
Now, imagine you’re only using the basic functions — driving, accelerating, braking. You’re getting where you need to go, but you’re not using cruise control, lane assist or advanced navigation. That’s what it’s like when a team adopts a powerful automation platform without fully investing in training.
The car (the software) is fantastic, and it’s working, but there’s so much more it can do. A team of admins may have created basic automated tasks, transferred essential files and set up fundamental reports. But are they leveraging all the features that will help them achieve their goals? How much valuable time was spent setting up those rudimentary processes, and how often did they need to reach out to support or success teams to gain even minimal traction?
This is where a “learning champion” can shift things into high gear.
Learning champion: An individual who proactively seeks and shares software knowledge and best practices with their team, fostering a culture of continuous learning and improvement and driving increased productivity and efficiency
We’ll explore how becoming a learning champion boosts your individual productivity and career and amplifies that effect across your team and organization, especially if you’re in the process of adopting automation.
Taking control: Why become a learning champion?
According to the Customer Education Trends in 2025 report from Skilljar, the modern learner has been thrown into an “everything, everywhere, all at once” environment, consuming self-paced content, articles, documentation and live support on their own terms and at their own pace.
While the flexibility to find information in the format that makes sense to you and without waiting to be assigned a course can feel empowering, it also adds complexity. When you consider the number of people who must learn a given skillset or platform, you can understand the nth-degree potential for confusion or frustration — an undesirable and non-scalable state.
Individual ownership matters, especially when you’re adopting complex or evolving tools like automation platforms. A learning champion becomes a catalyst for team efficiency and organizational progress.
Elevate personal productivity
Proactive learners make fewer basic errors, reduce support tickets and implement automation faster. Plus, upskilling a team contributes to business agility. As BytePlus notes, “Employees with diverse, updated skills can adapt more quickly to technological and market changes.”
Quick tip: Gauge your starting point. How long does it take you to complete a process? How often are you asking for help? Once you complete training, measure again. You’ll see tangible signs of your growth, and so will others. Share these insights with your team and manager to make the case for upskilling.
Advance your career with certification
Becoming a learning champion isn’t just about helping your team; it’s a smart career move. Achieving certification, especially in complex automation software, validates your expertise and positions you as a subject matter expert. It signals to your organization (and future employers) that you’re not just using the tool but owning it.
Certifications in automation software demonstrate that you can do more than execute tasks: You can understand workflows, configure processes and lead others. For example, the Automation Developer Specialist Certification from Redwood University challenges your understanding of advanced functions, complex workflow automation and process scheduling best practices. Users with this certification leverage their deep knowledge of the software to drive transformation instead of just reacting to the tool.
The initiative can start during your onboarding: Learning champions don’t wait for permission to explore new things, and proactiveness is a quality your current leaders and future employers seek.
Quick tip: Ask about learning paths that align with your team and career goals, then dive in and get started. Share feedback with your immediate team on how the material helped you. Post your new credential on LinkedIn for wider reach.
Share what you learn
Knowledge is best when shared widely and in ways that are digestible. As Skilljar puts it, “Educators are curating, not just creating.” Software vendors can offer a full library of content (like what you’ll find in Redwood University), but it’s up to learners to enroll, complete lessons and share their knowledge.
Whether you’re forwarding helpful documentation, recommending training courses or showing a colleague how to fix a recurring issue, you become the go-to person. Don’t stop there. Your goal should be to elevate yourself AND others. A lone learning champion is a great start, but real efficiency comes when your whole team levels up.
Quick tip: Create a “Top 3 takeaways” list after every course you complete and email them to your team. Keep it light, useful and actionable.
The impact of software education on team productivity
A well-trained team is a fast team. When many users understand how to leverage automation software fully, you get better data, fewer bottlenecks and less reliance on external support.
In other words, you’re making the most of your investment.
According to TSIA, product adoption is a key business metric. Leaders expect returns on software purchases, and ongoing, quality training is how you get there.
The real power of education becomes clear when users go beyond the fundamentals of process automation. Too often, users are taught just enough to complete their tasks. But it’s essential to go deeper: to grasp why a process works the way it does, where automation eliminates inefficiencies and how to extend those benefits across other business processes.
This level of knowledge comes from hands-on experience — working through real use cases, experimenting in a safe environment and applying lessons immediately to daily work. If you discover a faster way to automate a handoff between departments, for example, you’re building consistency and making sure everyone is working from the same playbook.
Build a culture of curiosity
When one person steps up, others follow. A team that values education creates a ripple effect. Questions become learning moments, and continuous improvement becomes the norm.
That kind of culture pays off.
BytePlus emphasizes an SHRM stat: Replacing a single employee can cost up to 200% of their salary. Investing in learning reduces turnover and keeps your best people engaged and growing.
Bonus: Training builds loyalty. A team that learns together stays together.
User to influencer: How to lead the learning revolution
Whether you’re in leadership and setting up a flexible, comprehensive learning environment for your team or an individual looking to influence your peers, use the following steps to influence other automation software users.
Blaze the trail: Ask your vendor what training they offer and which courses fit your role. Choose the format that works best for you — live, self-paced, etc.
Elevate your team: Recommend key features or tricks your team can use today and encourage them to explore help centers, learning academies and documentation.
Look outward: In many enterprises, different teams use different tools for similar goals. Your experiences can help standardize education, in turn consolidating spend and scaling success.
Share your team’s gains: Are you submitting fewer support tickets? Are processes faster? Are you automating more? Compare your pre-training and post-training metrics.
Be the spark
Investing time in learning pays off at every level, from your own growth to company-wide productivity.
You gain:
The confidence to navigate the software
Mastery of tools that drive automation
Speed and accuracy in your day-to-day work
Recognition as a subject matter expert
Momentum to shape your career path
Your organization gains:
Stronger product adoption rates
Greater ROI
A lesser need for IT intervention and manual workarounds
Faster onboarding for new team members
Reduced turnover due to better engagement and support for each role
Become a learning champion for your team’s Redwood Software products by utilizing Redwood University. It’s free and open to all customers and partners. Sign up today.
Recently, the CA/Browser (CA/B) Forum approved Ballot SC-081v3, launching a gradual reduction of public TLS certificate lifespans—from today’s 398 days down to just 47 days by 2029. This landmark change ranks among the biggest in PKI in recent years and is already driving intense conversations about how reduced validity periods will reshape certificate lifecycle management (CLM) workloads and operations.
Here’s a break down of what the TLS validity reduction timeline looks like and the corresponding increase in CLM workload:
Year
Max Validity
Renewal Frequency
Workload Increase
Now
398 days
1 renewal/year
–
March 15, 2026
200 days
2 renewals/year
2×
March 15, 2027
100 days
4 renewals/year
4×
March 15, 2029
47 days
12 renewals/year
12×
Essentially, by March 15 2029, certificates will need to be renewed every month—a big shift from the once-a-year cadence that PKI and security teams are used to now.
And it’s not just the renewal frequency that’s changing. The domain validation reuse period will also shrink to just 10 days by 2029. This means PKI and security teams will need to perform domain validation more frequently and accurately to avoid certificate issuance delays.
Although this shift unfolds over the next four years, the initial reduction to 200-day certificates takes effect in less than a year from now, doubling your renewal workload almost immediately. Given the tight prep window, the sooner you start planning, the better prepared you will be to handle increased renewal workloads by next year (2026).
Why Is This Happening?
At first glance, moving from annual to monthly certificate renewals feels like a monumental shift—and it is. In fact, it’s a full rethink of how TLS certificates have been managed for years.
But this change is necessary—and overdue. Think of it like changing the locks on your doors more frequently. It becomes costly and more difficult for attackers to break the locks that are regularly changing and even if they do break the lock, they only have a short window for misuse, limiting potential damage significantly.
And, more frequent domain validation (every 10 days) means certificates are always issued based on up-to-date, accurate ownership information—preventing mis-issuance and boosting trust in your infrastructure.
Yes, it’s more work, but it promotes stronger security—and with quantum computing on the horizon, that’s a trade-off we cannot afford to ignore.
You Must Prioritize Post-Quantum Cryptography (PQC) and Shorter TLS Validity Readiness
There is a good reason for shortening TLS certificate lifespans: to push organizations toward full CLM automation and crypto-agility.
Certificate management might look straightforward—enroll, provision, install, renew, and done. But in reality, it’s a complex and layered process, involving domain validation, endpoint binding, configuration checks, discovery, alerts, policy enforcement, and monitoring for cryptographic hygiene. That’s a lot of moving parts—and they all have to happen on time, in the right order, and in sync.
Relying on spreadsheets, separate CA-specific tools, and manual processes for all these processes won’t cut it when you’re juggling thousands of certificates across hybrid and multi-cloud environments. Automation and crypto-agility are the only ways to keep pace with monthly renewals.
AppViewX AVX ONE CLM: A Complete End-to-End CLM Solution for Crypto-Agility
Although the focus now is on automating renewals, it is just the starting point for the 47-day TLS transition. True readiness demands a full-spectrum certificate lifecycle management (CLM) solution that is efficient and crypto-agile (that can adapt to changes seamlessly now and in the future).
Achieving this means embedding three core capabilities into every step of the CLM process: Visibility, Automation, and Policy Control. AppViewX AVX ONE CLM is built precisely to deliver that–enabling crypto-agility. Here’s how we can help in the context of the shift to 47-day TLS.
1. Complete Certificate Visibility
Smart Discovery: Flexible scanning methods to automatically discover your public and private trust certificates from your IP networks, managed devices, cloud accounts, CAs, Kubernetes clusters, and CT logs. You can run these scans on demand or at scheduled intervals to continually discover new certificates.
Centralized Inventory: Consolidate all discovered certificates in a centralized inventory along with essential certificate information such as the certificate location, owner, issuing CA, expiry date, chain of trust, crypto standards, and more. This inventory serves as a single source of truth for all certificate types, from any public or private CA, across every endpoint, to help you effectively monitor certificate expirations, prevent outages, and mitigate vulnerabilities.
Actionable Insights: Use dedicated Short-Lived TLS dashboards to pinpoint your current certificate validity periods—and get ahead of the 200-day (March 2026), 100-day (March 2027), and 47-day TLS (March 2029) transitions.
Alerting: Custom alerts for certificate expiry notifications are sent to certificate owners to ensure timely renewals, approvals, or escalations. Alerts can be delivered via emails for manual actions or via simple network management protocol (SNMP) traps for automation and integration with ITSM and SIEM solutions.
Certificate Lifecycle Management with Visibility, Control and Insights – All in One Place
Closed-Loop Renewals: Unlike any other vendor in the market, AVX ONE CLM handles renewals end-to-end. From generating the key pair and CSR to submitting it to the appropriate Certificate Authority (CA), retrieving the renewed certificate, installing it, and binding it to the correct endpoint or application, every step is automated and seamlessly managed. This helps ensure the new certificate is fully configured and ready to use and eliminates the risk of certificate misconfigurations, vulnerabilities, and outages.
CA-Agnostic Control: AVX ONE CLM works with every major public and private CA, centralizing discovery, renewal, and management of all your certificates in a single console. This means your PKI and security teams can work from a single consolidated tool for enterprise-wide CLM vs fragmented CA tools without complete visibility.
3. Automation Workflows:
Out-of-the-box Workflows: AppViewX AVX ONE CLM offers an extensive catalog of pre-built workflows for automating routine certificate tasks like alerting/escalations, enrollment, provisioning, and installation, including the last-mile action of endpoint binding.
Customizable Workflows: No two PKI environments are the same. That’s why AVX ONE CLM’s automation framework is designed to allow deep customizations. Using a drag-and-drop visual workflow builder, you can fully customize workflows to tailor CLM processes to your unique needs. Whether it is implementing one-click approvals and renewals, or fully automating the entire renewal and provisioning process as zero-touch, AVX ONE CLM can accommodate that in your environment. For example, you can automate public TLS certificate issuance via ACME or customize ServiceNow workflows with layered approvals to align with your internal policies.
Broad Integration Ecosystem: AppViewX offers extensive pre-built integrations with public and private CAs, Cloud providers, DevOps toolchains, ITSM platforms like ServiceNow, MDM solutions like Microsoft Intune, and more for streamlining certificate management across cross-functional teams. In addition, REST APIs enable custom integrations—so you can automate exactly the way your environment demands.
Auto-Enrollment Protocols and ACME Support: AVX ONE CLM works with all the major auto-enrollment standards—ACME included—so you get the fastest path from certificate issuance to installation and renewal. But ACME by itself only tackles part of the challenge: it automates issuance and renewal, but it doesn’t discover certificates in your environment, enforce your security policies, or cover every PKI use case. That’s where AppViewX steps in. By integrating ACME into a full-featured CLM framework, AVX ONE CLM gives you the speed of ACME with end-to-end visibility, governance, and compliance—so there are never any gaps in your certificate management.
4. Continuous Policy Control
Zero-Touch Policy Enforcement: Enforce policies to gradually enforce shorter TLS lifespans by defining the use of approved CAs, crypto-standards, and more through automation and eliminate rogue/non-compliant certificates.
Granular Role-Based Access Control (RBAC): Shrinking TLS lifespans mean more certificates—and often more CAs—to manage. Implementing RBAC helps set clear permissions for who can request, approve, and issue certificates, preventing CA and certificate sprawl. At the same time, it empowers your cross-functional teams with certificate self-service, so they can request and issue security-approved certificates on their own, without extra handoffs.
Complete audit trails: Track every action with detailed logs to simplify external and internal audits. Generate regular compliance reports to keep up with industry and regulatory standards.
Lean Into This Change for a More Resilient Tomorrow
Shorter certificate lifespans aren’t just about creating more work (even if it feels that way right now). They’re about making your organization more secure with faster certificate rotations, smaller attack windows, and up-to-the-minute domain validation. So, it is important to see this 47-day TLS validity shift as an opportunity to level up your PKI and CLM practices. With the right end-to-end CLM solution in place, what feels like a daunting jump can become a competitive advantage: real-time visibility, automated renewals, and built-in compliance.
