DuoKey logotype

How to Build a PQC Migration Roadmap and Where to Start

DuoKey Team2 July 2026
How to Build a PQC Migration Roadmap and Where to Start

How to Build a PQC Migration Roadmap and Where to Start

The regulatory clock on post-quantum cryptography is already ticking. NIST has officially deprecated RSA-2048 and ECDSA, with a hard deadline of 2030. The NSA's CNSA 2.0 mandate requires PQC for all new national-security systems by 2027. And adversaries are already harvesting encrypted data today, betting they'll have the quantum computing power to decrypt it later.

Most security teams know a migration is coming. Few know where they actually stand.

That's the problem a PQC migration roadmap is supposed to solve. Here's how to build one, and why the first step is more important than any other.

Table of Contents

  1. Why PQC Migration Is Harder Than It Looks
  2. Step 1: Know Your Cryptographic Exposure
  3. Step 2: Prioritise by Risk, Not by Convenience
  4. Step 3: Map Your Migration Path
  5. Step 4: Prepare Your Infrastructure
  6. Step 5: Build for Ongoing Algorithm Change
  7. How DuoKey Quantum Risk Score Fits In

Why PQC Migration Is Harder Than It Looks

The last major cryptographic transition (RSA to ECC) took the industry over a decade, and many organisations never completed it. PQC migration is more complex: larger key sizes, multiple new algorithm families, hybrid deployment phases, and stricter regulatory deadlines. Unlike the ECC transition, organisations cannot afford a decade-long drift.

The companies that will navigate this cleanly share one thing in common: they started with a clear picture of their current exposure. The ones that will struggle are already behind, because without visibility, there is no roadmap, just guesswork.

Step 1: Know Your Cryptographic Exposure

Before you can prioritise anything, you need to know what cryptographic assets you have and how vulnerable they are to quantum threats. This means understanding:

  • Which TLS cipher suites your public-facing domains use
  • Whether you're using RSA-2048 or ECDSA P-256 (both deprecated by 2030 under NIST IR 8547)
  • Your forward secrecy posture across endpoints
  • Your DNSSEC configuration and certificate rotation cadence
  • Public evidence (or absence) of any migration programme

Manual audits at this scale are impractical. Most enterprise environments have hundreds of endpoints, certificates issued and rotated constantly, and cryptographic dependencies embedded across cloud workloads, SaaS integrations, and internal systems.

This is exactly what DuoKey's Quantum Risk Score (QRS) automates. It evaluates your domain's observable cryptographic posture against four signals (algorithm resilience, crypto-agility, harvest exposure, and migration posture) and produces a composite index from 0 to 100. Critically, the assessment operates entirely on publicly observable signals. No access to internal systems is required.

The output gives you the baseline every migration roadmap depends on.

DuoKey PQC on ServiceNow

Step 2: Prioritise by Risk, Not by Convenience

Not all systems face the same quantum threat profile. Once you have visibility, classify assets by:

Data longevity: Data that must stay confidential for a decade or more is already at risk from harvest-now-decrypt-later (HNDL) attacks. Adversaries are capturing encrypted traffic today. This is not a future threat. It is happening now.

System lifespan: Automotive ECUs, industrial controllers, and medical devices are difficult or impossible to update post-deployment. If a device will still be in the field in 2030, it needs a quantum-resistant cryptographic foundation now.

Regulatory alignment: Map your assets against NIST IR 8547, CNSA 2.0, ANSSI, NCSC, and BSI timelines. The QRS report delivers this gap analysis per jurisdiction, so you can sequence your migration against real deadlines rather than abstract urgency.

The QRS Priority Migration Matrix does this work for you: it ranks your quantum-vulnerable assets by migration urgency, using a CVSS-style approach adapted for cryptographic obsolescence.

Step 3: Map Your Migration Path

There is no single right migration strategy. Most organisations will combine approaches:

Encrypt-first: Address key establishment protocols before digital signatures. PQC key exchange is less disruptive than signature migration. PKI changes are architecturally heavier, and deferring them buys time to prepare infrastructure properly. The upside: you protect confidentiality against HNDL attacks with relatively lower operational disruption.

Hybrid cryptography: Running classical and PQC algorithms in parallel hedges against the (real) possibility that a PQC algorithm gets broken. The SIKE algorithm reached the final round of NIST standardisation before a classical attack destroyed it. Hybrid is a transitional posture, not a destination. For high-stakes environments, it's the right intermediate step.

Crypto-agility as the foundation: Regardless of which path you choose, your architecture needs to support algorithm swaps without service disruption. Policy-driven key management, where cryptographic algorithms are configuration rather than code, is what turns a one-time migration project into a sustainable security programme.

The QRS 36-month migration sequence delivered with each assessment maps these phases concretely against your specific posture, not a generic template.


Migrating to Post-Quantum Cryptography

Download our PQC whitepaper DuoKey PQC Whitepaper

Step 4: Prepare Your Infrastructure

PKI is typically the most time-consuming piece of any PQC migration. NIST PQC signature algorithms (ML-DSA, SLH-DSA) produce significantly larger signatures than their classical counterparts. Certificate chains compound this: multiple signatures per chain means size increases stack up fast, potentially breaking network buffers, HSM throughput limits, and application assumptions that have been stable for years.

Practical preparation steps:

  • Test PQC and hybrid certificates in non-production environments before any production exposure
  • Plan for coexistence: during the transition, infrastructure must handle both classical and PQC certificates simultaneously
  • Update trust anchors on a coordinated schedule: leaf certificates cannot lead root CA migration
  • Validate interoperability with every external partner or vendor that exchanges cryptographic artifacts with your systems

None of this is quick. Starting PKI preparation now is the single best thing most enterprise teams can do to avoid crunch in 2028–2029.

Step 5: Build for Ongoing Algorithm Change

PQC migration is not a project with an end date. NIST has standardised five algorithms so far, with more in the pipeline. BSI, ANSSI, and other national bodies maintain their own suites, and organisations operating globally may need to support multiple algorithm families simultaneously. And as SIKE demonstrated, even well-vetted algorithms can fail.

The right response is not paralysis. It's crypto-agility: the operational capability to update cryptographic algorithms across your infrastructure without redesigning systems or rewriting code. Build that capability now and every future algorithm change becomes a policy update, not an emergency.

How DuoKey Quantum Risk Score Fits In

Every step of a PQC migration roadmap depends on a reliable baseline. Without knowing where you stand, you cannot prioritise what to migrate, justify investment to leadership, or satisfy auditors asking for documented cryptographic exposure.

That baseline is what the Quantum Risk Score provides:

  • 0–100 composite index across four weighted signals, using a published, auditable formula with no proprietary black boxes
  • Full cryptographic inventory of your observable domain surface: endpoints, certificates, cipher suites, DNSSEC
  • Regulatory gap analysis mapped against NIST IR 8547, CNSA 2.0, NCSC, ANSSI, and BSI deadlines
  • Prioritised migration matrix ranking quantum-vulnerable assets by urgency
  • 36-month migration sequence with projected score uplift per phase
  • 30-minute review session with the DuoKey cryptographer who conducted and signed the assessment

The assessment is free to start and requires no internal access. It operates exclusively on publicly observable signals, making it fast to deploy and straightforward to scope for even the most complex enterprise environments.

Request your Quantum Risk Assessment → DuoKey QRS report example


The Bottom Line

Organisations that understand their cryptographic exposure today will migrate on their own terms. Those that wait will face compressed timelines, constrained options, and regulators asking uncomfortable questions.

The roadmap is five steps: know your exposure, prioritise by risk, choose your migration path, prepare your infrastructure, and build for ongoing change. The first step is the one that unlocks all the others.

Start with visibility. The QRS gives you that in days, not months.

Related Resources

Post-quantum cryptography and key management

Store Now, Decrypt Later: The Quantum Threat

Store Now, Decrypt Later: The Quantum Threat

Datenspeicherung fur Finanzdienstleistungen in der Cloud: Das Gebot der Verschlusselung im Jahr 2026

Datenspeicherung fur Finanzdienstleistungen in der Cloud: Das Gebot der Verschlusselung im Jahr 2026

NIS2 Encryption Requirements: What Enterprises Must Implement

NIS2 Encryption Requirements: What Enterprises Must Implement