While India’s PQC migration roadmap is a crucial step towards protecting the country’s digital landscape from quantum threats, it would benefit from greater pragmatism and refinement
In the face of the large-scale risks posed by quantum computers, several nations around the world have issued long-term roadmaps for Post-Quantum Cryptography (PQC) migration. Recently, India followed suit, with the Department of Science and Technology under the Ministry of Science and Technology publishing its own comprehensive PQC migration roadmap, laying out a detailed national testing and certification framework as well as phased PQC migration timelines across different sectors. This marks a crucial step towards ensuring India’s future cryptographic security and digital sovereignty, particularly given the critical role of Digital Public Infrastructure within the country.
However, given the ambitious timelines outlined in the report, practical implementation will require a holistic and coordinated approach across a wide range of sectors, in addition to significant investment and the training of a skilled workforce. As such, the PQC migration timelines set by the strategy may be somewhat too stringent. Moreover, although the report mentions a hybrid approach incorporating both PQC and Quantum Key Distribution, it does not provide sufficient clarification regarding the latter.
Modern cryptography is based on asymmetric algorithms such as Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC), which rely on the premise that certain well-understood mathematical problems, such as prime factorisation and discrete logarithms, are extremely difficult and time-consuming for classical computers to solve. In contrast, Cryptographically Relevant Quantum Computers (CRQCs) could utilise Shor’s algorithm to break such classical encryption algorithms in a matter of seconds. Furthermore, the security offered by symmetric ciphers such as the commonly used Advanced Encryption Standard (AES), as well as hash functions like Secure Hash Algorithms (SHA), could also be compromised by virtue of Grover’s algorithm, which offers a quadratic speedup for brute-force key searches.
While this may therefore appear to be a distant threat, it is not really the case, thanks to the “Harvest Now, Decrypt Later (HNDL)” approach, wherein threat actors can hack into databases and store valuable data until CRQCs become practically feasible.
However, CRQCs require millions of logical qubits to implement Shor’s and Grover’s algorithms and are likely decades away. While this may therefore appear to be a distant threat, it is not really the case, thanks to the “Harvest Now, Decrypt Later (HNDL)” approach, wherein threat actors can hack into databases and store valuable data until CRQCs become practically feasible. Precedents for HNDL operations do exist, with the US Signal Intelligence Service’s Project VENONA serving as a particular standout.
There are two possible ways to address this dilemma: employing Quantum Key Distribution (QKD), which utilises the principles of quantum mechanics to provide fundamental information-theoretic security across physical transmission channels; or employing novel classical algorithms such as lattice-based cryptography, which even quantum computers are not capable of breaking, now collectively known as PQC algorithms.
Following the constitution of a task force on PQC migration involving relevant stakeholders under the National Quantum Mission (NQM), the Department of Science and Technology (DST) released a report titled “Implementation of Quantum Safe Ecosystem in India” in February 2026. The report is broadly divided into two sections, based on submissions by two sub-groups constituted under the task force.
Standardisation, Testing, and Certification
Annexure B consists of the “Draft Framework for Testing and Certification of PQC-based Quantum-Safe Products and Solutions” report, prepared by Sub-Group 1, led by the Telecommunication Engineering Centre (TEC). It lays out a comprehensive testing and certification framework intended to serve as a uniform reference for all relevant stakeholders, including government agencies, industry, sectoral regulators, testing laboratories, and certification bodies.
The testing requirements are based on four assurance levels (with Level 2 further subdivided into three levels), categorised on the basis of risk category and usage type as given below.
Table 1: Assurance Levels
| Level | Name | Risk Category | Usage Type | Primary Focus |
| 1 | Basic conformance of PQC implementation | Low Risk | Non-sensitive consumer grade environment | Basic PQC adoption with compliance, interoperability and performance checks |
| 2A | Secure Software Assurance | Medium Risk | Sensitive data consumer grade environments | Secure software including cloud-integrated implementations |
| 2B | Secure Hardware Assurance (IoT/IT) | Medium Risk | Hardware resilient consumer grade | IT/IOT Edge deployments with hardware resilience |
| 2C | Secure Hardware Assurance (OT) | Medium Risk | Hardware resilient consumer grade | Operational technology environments |
| 3 | Enterprise Infrastructure Security | High Risk | Enterprise Grade | Long-term enterprise security for sectors like finance, telecom, health etc. |
| 4 | Critical Infrastructure Security | Very-High Risk | Sovereign Grade | Critical information infrastructure protection |
Source: Implementation of Quantum Safe Ecosystem in India (2026)
Based on the assurance level hierarchy, the framework further proposes a three-tier national laboratory system, as presented below.
Figure 1: Three-tier National Laboratory Model
Source: Implementation of Quantum Safe Ecosystem in India (2026)
Testing labs must comply with both internationally accepted standards such as IS/ISO/IEC 17025, as well as domestic regulations such as the Digital Personal Data Protection (DPDP) Act. Provisions for designation and auditing by nodal agencies, including the TEC, the Bureau of Indian Standards (BIS), and the Ministry of Electronics and Information Technology (MeitY), have also been included. The framework calls for the upgradation of existing TEC/BIS laboratories, as well as the creation of new laboratories and testbeds.
Lastly, the framework provides for a comprehensive end-to-end certification process involving submission and pre-assessment, testing and evaluation, review by the certification authority, certificate issuance, and post-certification surveillance.
PQC Migration Roadmap
Annexure C contains a report titled “Strategic Roadmap for Quantum Safe Migration – Timelines”, prepared by Sub-Group 2 of the task force. It establishes three well-defined and ambitious milestones for PQC migration, providing more stringent timelines for Critical Information Infrastructure (CII) sectors such as defence, telecom, and power, while recommending less demanding timelines for general enterprise sectors.
Table 2: Quantum Safe Migration Milestones
| Milestones | Provisions |
| Milestone 1 – Build Foundations/Preparatory Stage (CII: By 2027; Enterprises: By 2028) | • Establish leadership, governance, and cross-functional quantum risk management. • Inventory cryptographic assets and assess quantum risk. • Initiate pilot projects and early migration of high-priority systems. • Begin adopting PQC/hybrid signatures for critical software and systems. • Introduce PQC readiness requirements in procurement, including phased adoption of Cryptographic Bills of Materials (CBOMs) • Conduct quantum risk analysis, adopt crypto agility as a guiding principle, and mandate CBOM submissions from vendors starting FY 2027–28. |
| Milestone 2 – Migrate High-Priority Systems (CII: By 2028; Enterprises: By 2030) | • Convert pilots into full migration programmes with Key Performance Indicators (KPIs). • Enforce “no new classical-only deployments.” • Upgrade Public Key Infrastructure (PKI), Hardware Security Modules (HSMs), Key Management System (KMS), and libraries to PQC-ready versions. • Mandate PQC-capable digital signatures. • Ensure supplier accountability and continuous monitoring. • Contain classical-only systems within controlled enclaves where immediate migration is not feasible. • Develop cryptographic incident response playbooks and integrate PQC training into cybersecurity, DevOps, and IT programmes. |
| Milestone 3 – Full PQC Adoption (CII: By 2029; Enterprises: By 2033) | • Complete enterprise-wide PQC/hybrid adoption. • Operate PQC-only trust chains and ensure all digital signatures are quantum-safe. • Maintain long-term vendor oversight, audits, and continuous algorithm updates. • Implement layered risk management for the remaining legacy systems |
Source: Implementation of Quantum Safe Ecosystem in India (2026)
Furthermore, the report defines “PQC Personas” — namely, Urgent Adopters, Regular Adopters, and Technology Providers and Enablers — to help enterprises prioritise their responses through categorisation based on risk exposure. It also prioritises crypto agility[1] as one of the key tenets of India’s PQC migration journey. Moreover, it addresses challenges and technology considerations such as interoperability, ecosystem readiness, performance overheads, skill and capacity limitations, hardware constraints, vendor dependence, and investment continuity, while suggesting interim measures such as quantum gateways, quantum VPNs, quantum proxies and tunnels, and Quantum Random Number Generators (QRNGs).
While the task force report constitutes a critical step towards strengthening India’s digital security against the impending threat posed by quantum computers, it nevertheless represents only a foundational increment in a much broader global technological shift. As the report itself notes, executing standardisation, testing, and evaluation procedures across such a diverse range of sectors will require an unprecedented level of coordination, investment, and workforce training. Moreover, it will require organisations to take individual responsibility towards implementing PQC transition. As such, most nations around the world have opted for 2035 as the target year for complete migration, despite, in many cases, possessing more developed standardisation and testing infrastructure. India’s decision to set 2033 as the deadline may therefore be a bit too aggressive and optimistic, placing undue pressure on organisations to accelerate the process. Consequently, India’s strategy could benefit from a less demanding timeline.
India’s decision to set 2033 as the deadline may therefore be a bit too aggressive and optimistic, placing undue pressure on organisations to accelerate the process. Consequently, India’s strategy could benefit from a less demanding timeline.
India could also benefit from incorporating elements from other international strategies to refine its overall PQC migration approach. For instance, the National Institute of Standards and Technology (NIST) has adopted a public-private partnership approach by inviting technology vendors to sign Cooperative Research and Development Agreements and serve as “Technology Partners.” The Post-Quantum Cryptography Coalition (PQCC) has developed a “PQC Inventory Workbook” alongside its migration strategy to enable individual organisations to inventory and catalogue systems based on their migration requirements. Given the arduous task of PQC migration that lies ahead for India, these steps could help ease the overall burden of transition.
Furthermore, while the report mentions a hybrid approach employing PQC and Quantum Key Distribution (QKD) complementarity, it fails to provide specific demarcations. If India intends to implement this complementary approach, it will need to conduct a careful examination of QKD use cases and identify optimal protocols and sectors for deployment. QKD implementation will require its own standardisation, certification, testing requirements, and migration timelines, similar to those laid out for PQC migration in the report. Constituting a separate task force on QKD migration would help in this regard by bringing clarity to the intended target sectors while minimising implementation redundancy.
While the report mentions a hybrid approach employing PQC and Quantum Key Distribution (QKD) complementarity, it fails to provide specific demarcations. If India intends to implement this complementary approach, it will need to conduct a careful examination of QKD use cases and identify optimal protocols and sectors for deployment.
While PQC migration is primarily aimed at addressing the impending threat posed by quantum computers, it could also serve as a valuable opportunity for India to strengthen its overall digital security architecture against non-quantum attacks. For instance, upgrading symmetric ciphers to AES-256 from earlier iterations such as AES-64 or AES-128 not only provides enhanced security against quantum computers but also helps augment overall cybersecurity more broadly.
With the average cost of a data breach rising to US$4.4 million in 2025, alongside the increasing employment of Artificial Intelligence to conduct more sophisticated cyber-attacks, cyber-resilience and crypto agility have acquired an unprecedented level of importance across sectors and organisations. Consequently, India’s PQC migration initiative presents an opportune moment to address existing cybersecurity vulnerabilities and gaps while simultaneously laying the groundwork to counter future threats.
Prateek Tripathi is an Associate Fellow with the Centre for Security, Strategy and Technology (CSST) at the Observer Research Foundation.
[1] Crypto agility refers to an organisation’s ability to respond to novel cyber threats by rapidly updating algorithms, keys, and protocols without business disruption.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.
Prateek Tripathi is an Associate Fellow at the Centre for Security, Strategy and Technology. His work focuses on an emerging technologies and deep tech including quantum ...
Read More +
PREV
