Sweden’s National Cyber Security Centre has published national recommendations for transitioning to quantum-safe cryptography, setting 2035 as the outer deadline for the full transition and 2030 for organisations operating in sensitive sectors. The recommendations, published on NCSC’s website and accompanied by a detailed guidance document, place Sweden among the first Nordic countries to issue a formal national roadmap on the issue.
The underlying concern is well established in cryptographic research, a sufficiently capable quantum computer would be able to break the asymmetric encryption algorithms that currently protect the majority of sensitive digital communications including RSA and elliptic-curve cryptography. No such computer exists today at the scale required to do this. The question is how long that remains true and whether organizations will have completed the transition before it stops being true.
The NCSC’s position is that waiting for certainty is itself a risk. Adversaries can collect encrypted data now and decrypt it later once quantum capability arrives, a threat pattern known as harvest now, decrypt later. For organisations handling data with a long confidentiality horizon, the attack window is already open.
Two Deadlines, One Risk Assessment
The NCSC is explicit that the transition does not mean replacing every cryptographic implementation an organization runs. The recommendation is to conduct a risk assessment first, identify which systems and data are genuinely sensitive enough to require early action and prioritize accordingly. That framing is sensible and worth taking seriously, organizations that treat this as a uniform infrastructure replacement project will waste resources and probably miss the actual threat.
The 2030 deadline applies to sensitive sectors. The NCSC has not published a sector-by-sector list in the summary guidance but the framing aligns with the same critical infrastructure categories that appear in Sweden’s Cybersäkerhetslagen including energy, transport, health, financial infrastructure and public administration. Organizations in those sectors that have not started a risk assessment should not interpret the 2030 date as distant. Cryptographic transitions across large infrastructure take years to complete and procurement cycles in the public sector alone frequently run to 18-24 months.
The European Commission issued a coordinated recommendation for member states to develop quantum-safe cryptography roadmaps in April 2024. Sweden’s NCSC publication moves from that political commitment to operational guidance. That is the right sequence and the Swedish document is more concrete than the Commission’s framework.
What Quantum-Safe Actually Means in Practice
Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks from both classical and quantum computers. In July 2024, the US National Institute of Standards and Technology finalized its first set of post-quantum cryptographic standards, ML-KEM (formerly CRYSTALS-Kyber) for key encapsulation, and ML-DSA and SLH-DSA for digital signatures. These are the algorithms organizations should be evaluating for implementation. NIST’s publication gives vendors and standards bodies a stable foundation to build on, and several major TLS implementations have already begun integrating ML-KEM support.
The transition is not simply a software update. Cryptographic algorithms are embedded in hardware security modules, network appliances, industrial control systems and long-lived certificates. Some of that infrastructure cannot be patched remotely, and some of it will need to be physically replaced. Organizations that have never mapped their cryptographic dependencies are likely to discover them during an incident rather than during an orderly transition. That is the wrong order.
The Cryptographic Inventory Problem
The hardest part of this transition for most organizations will not be selecting algorithms. It will be knowing where cryptography is currently in use across their systems. Public key infrastructure, VPN configurations, code-signing workflows, authentication tokens, encrypted storage, secure messaging integrations, these are rarely documented in one place and the teams that originally implemented them are often no longer with the organization.
The NCSC recommends developing a transition roadmap following the risk assessment. That roadmap needs to be grounded in an actual inventory, not an assumed one. Several vendors now offer cryptographic discovery tooling that scans network traffic and system configurations for algorithm usage. Whether organisations use commercial tooling or manual methods, the inventory has to come before the roadmap. A roadmap built on incomplete data is a compliance document, not a security plan.
One note of caution on vendor-issued quantum threat timelines is that the security industry has commercial incentives to accelerate urgency on this topic and some vendor communications have presented quantum risk as more imminent than the scientific consensus supports. The NCSC’s framing is measured and appropriate. The 2035 outer deadline reflects a realistic assessment of when capable quantum computers might plausibly arrive at scale, not a worst-case marketing scenario.
Where to Start Before 2030
The NCSC’s published guidance sets out the recommended sequence. Read it rather than summarizing it here. The PDF is publicly available on ncsc.se and written in Swedish but the structure is clear to any technically literate reader.
Three steps follow directly from the NCSC’s recommendations. First, complete a cryptographic inventory covering all systems that handle sensitive data with particular attention to systems with long operational lifespans and data with long confidentiality requirements. Second, conduct a risk assessment against that inventory to determine which systems require action before 2030 and which can be addressed on the standard 2035 timeline. Third, build the transition roadmap from the risk assessment output, not from a vendor’s product sheet.
Organizations that are also preparing for NIS2 compliance under Sweden’s Cybersäkerhetslagen should note that the cryptographic inventory and risk assessment work required for quantum-safe transition overlaps substantially with the Article 21 risk management documentation NIS2 supervisory authorities will expect to see. Running these workstreams in parallel is more efficient than treating them as separate projects.
References
- Så här bör övergången till kvantsäker kryptografi gå till
- NCSC Sweden: Nationella rekommendationer för övergången till kvantsäker kryptografi
- NCSC Sweden Should Be Quantum-Secure by 2035 at the Latest
- NIST: Post-Quantum Cryptography Standards
- European Commission: Recommendation on Post-Quantum Cryptography
This post is also available in:
Svenska