NIST post-quantum standards
On 13 August 2024 NIST finalised FIPS 203 (ML-KEM) for general encryption, and FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) for digital signatures. These are the reference algorithms for the migration.
Background on the standards and regulations that frame the transition to post-quantum cryptography, and the sources this index builds on. This page is descriptive context. It is not legal or compliance advice.
On 13 August 2024 NIST finalised FIPS 203 (ML-KEM) for general encryption, and FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) for digital signatures. These are the reference algorithms for the migration.
The European Commission's coordinated roadmap asks member states to prepare and begin national transition plans by the end of 2026, and to protect the most sensitive use cases by 2030.
The NIS2 Directive sets cybersecurity risk-management obligations for essential and important entities. Cryptography sits within that risk management.
The Digital Operational Resilience Act sets ICT risk-management requirements for financial entities, including controls that depend on cryptography.
The CRA sets security requirements for products with digital elements, where the ability to update cryptography over a product's life is relevant.
Post-quantum readiness is relevant to obligations under NIS2, DORA and the CRA. This page does not interpret those obligations for any organisation.
In Lithuania the transition is coordinated by the Ministry of National Defence. A national working group is preparing the country's transition plan, expected in the third quarter of 2026, which will apply to organisations designated as cybersecurity entities. Eighteen EU states, including Lithuania, have jointly committed to protecting the most sensitive use cases no later than 2030.
Timeline summarised from Lithuanian national guidance and the EU coordinated roadmap.
The index measures publicly observable cryptographic readiness that is relevant to these frameworks. It is not a compliance assessment, a certification or a legal opinion, and it does not rate any named institution.
This work refers to publicly available national guidance published by the Lithuanian Ministry of National Defence and to open tools published at pqc.lt. These sources are cited for context and provenance. Mention here does not imply endorsement of the European Post-Quantum Readiness Index by any government body, institution or individual.