NIST has published its first post-quantum cryptography standards and major cloud providers are already implementing them. Quantum computers will render current asymmetric encryption unsafe before 2030. Harvest-now-decrypt-later attacks are already underway. These are the steps every enterprise must take now.
Quantum computing is no longer a distant prospect. NIST published its first three post-quantum cryptography (PQC) standards in 2024, and in March 2025 HQC was selected as a backup key-encapsulation algorithm. Google, AWS and Microsoft are already implementing post-quantum encryption in their cloud infrastructure. The migration window for enterprise organisations is now — and it will not remain open for long.
Quantum computers will render current asymmetric encryption — RSA and ECC — unusable before 2030. Gartner warns that organisations waiting until 2028-2029 may be too late. But there is a more immediate risk: harvest-now-decrypt-later (HNDL) attacks.
In HNDL attacks, adversaries collect encrypted network traffic today and store it until a quantum computer is powerful enough to decrypt it. Sensitive corporate data transmitted today — financial transactions, customer data, intellectual property — could be readable to attackers in five years' time who are already actively harvesting it now.
The primary NIST standard for key encapsulation is ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism), previously known as CRYSTALS-Kyber. ML-KEM comes in three variants: ML-KEM-512 (equivalent to AES-128), ML-KEM-768 (the recommended default for most applications) and ML-KEM-1024 (equivalent to AES-256, for the highest security requirements).
ML-KEM replaces RSA/ECDH in TLS 1.3 handshakes. Google and Cloudflare have already deployed hybrid PQC connections (classical + post-quantum) in production across their network infrastructure. Microsoft is following in its cloud services.
US federal agencies must achieve CNSA 2.0 compliance for new National Security Systems before 1 January 2027. While this is not a direct obligation for European organisations, it functions as a market signal: security standards are shifting, and suppliers and partners will increasingly require PQC readiness as a prerequisite.
A practical approach for enterprise organisations: Phase 1 — Cryptographic inventory. Deploy automated discovery tools to identify all RSA and ECC usage in your environment: TLS certificates, code-signing keys, VPN connections, data-at-rest encryption and internal PKI. Phase 2 — Risk-based prioritisation. Start with internet-facing TLS connections (highest exposure), followed by internal PKI, and finally data-at-rest encryption. Phase 3 — Hybrid implementation. Use a hybrid approach where classical and post-quantum algorithms operate side by side. This provides maximum compatibility during the transition.
Start with a cryptographic inventory if you have not yet done so. Identify which data is most at risk from HNDL attacks. Consult your cloud providers about their PQC roadmap. And ensure your certificate management and PKI infrastructure are ready for ML-KEM.
Zarioh Digital Solutions supports organisations in preparing for post-quantum migrations in Microsoft Azure and Microsoft 365 environments. Get in touch for a PQC readiness assessment.
