NCSC Guidance: Post-Quantum Cryptography Migration
- Issuer
- National Cyber Security Centre(NCSC)
- Effective date
- Aug 1, 2023
- Published date
- Aug 1, 2023
- Full text
- View full text →
Summary
The UK National Cyber Security Centre (NCSC) provides guidance on migrating to post-quantum cryptography, urging UK organisations to begin planning immediately. The NCSC recommends following NIST-standardised PQC algorithms and adopting a hybrid approach during transition. Aligned with the UK Government Cyber Security Strategy 2022–2030, the guidance targets government departments, critical national infrastructure operators, and large enterprises.
PKI impact
NCSC guidance targets UK government and critical national infrastructure operators whose certificate-dependent services face long-term quantum risk. Deadlines are advisory, but long PKI migration lead times — particularly Root CA re-keying — mean organizations that delay past 2025 will face compressed timelines.
Migration hints
- Complete a cryptographic asset register covering all TLS/SSL certificates, code-signing certificates, and client authentication certificates used in CNI and government systems.
- Adopt NCSC's recommended hybrid approach for TLS/SSL: deploy ML-KEM alongside ECDH key exchange to protect against both classical and quantum adversaries during transition.
- When renewing CAs or procuring HSMs, require vendor roadmaps for ML-DSA (FIPS 204) and ML-KEM (FIPS 203) support in hardware before committing to a platform.
- Use NCSC's Board Toolkit framing to communicate PKI migration cost and urgency to senior leadership for budget allocation.
Milestones (2)
| Deadline | Label | Type | Hard | Notes |
|---|---|---|---|---|
| Dec 31, 2025 | Begin cryptographic inventory and PQC readiness assessment | Inventory | NCSC urges organisations to complete cryptographic asset inventories and identify quantum-vulnerable systems. This is a recommendation, not a statutory deadline. | |
| Dec 31, 2027 | Implement cryptographic agility in new and updated systems | Crypto Agility | NCSC recommends organisations embed cryptographic agility into procurement and development practices by 2027. |
Algorithm references (3)
- ML-KEMFIPS 203Recommended
Replaces: RSA, ECDH
NCSC recommends ML-KEM (FIPS 203) as the primary post-quantum key encapsulation mechanism for UK organisations.
- ML-DSAFIPS 204Recommended
Replaces: RSA, ECDSA
NCSC recommends ML-DSA (FIPS 204) for post-quantum digital signatures in UK systems.
- SLH-DSAFIPS 205Noted
Replaces: RSA, ECDSA
SLH-DSA (FIPS 205) noted as an alternative signature scheme with conservative security assumptions.
Changelog (2)
| Date | Type | Description |
|---|---|---|
| Jul 1, 2025 | Clarification | NCSC updated PQC migration guidance to incorporate FIPS 206 (FN-DSA) and align with final NIST IR 8547 deprecation timelines, reinforcing the hybrid approach for UK government and CNI systems. |
| Aug 1, 2023 | New | NCSC published updated post-quantum cryptography migration guidance, recommending NIST FIPS 203/204/205 and hybrid approaches for UK organisations. |
Issuer
National Cyber Security CentreNCSC
Type: GOVERNMENT
Region: UK