A new joint report published by Europol and its partners provides financial institutions with a structured, risk-based approach to preparing for the transition to post-quantum cryptography. Advances in quantum computing are expected to challenge the long-term security of today’s encryption standards.
The report, ‘Prioritising Post-Quantum Cryptography Migration Activities in Financial Services’, is designed to support organisations as they move from strategic awareness to practical execution. It sets out a prioritisation framework that helps identify which systems and business use cases should be addressed first, based on an assessment of both quantum-related risk and the time and complexity required to implement quantum-safe solutions.
The methodology combines factors such as the sensitivity and expected lifespan of protected data, the level of exposure to potential attackers and the potential business impact of compromise. It also takes into account practical considerations including solution availability, implementation cost, and dependencies on third parties. This allows organisations to distinguish between use cases that require long-term planning and those where early action can be taken with limited disruption.
The report highlights several areas where immediate steps are possible, including the deployment of hybrid post-quantum encryption for public-facing websites and the identification and removal of weak or outdated cryptographic practices that increase technical debt and hinder future migration. These measures are presented as “no-regret” actions that strengthen security today while improving readiness for the quantum transition.
Developed in cooperation with financial institutions, the publication is intended to support consistent decision-making and coordination across the financial ecosystem. It underlines that the move to quantum-safe cryptography is a phased, multi-year effort that requires early visibility of risks and dependencies, alignment with vendors and standards bodies, and integration into existing risk management and modernisation programmes.
Europol’s Quantum Safe Financial Forum
In 2024, Europol’s European Cybercrime Centre (EC3) created the Quantum Safe Financial Forum (QSFF), in close cooperation with the EC3 Advisory Group on Financial Services. The QSFF is a multi-stakeholder effort to address the transition to Post Quantum Cryptography across the financial sector, with particular focus in Europe.
The original announcement can be found here.
