Start Here: Your PQC Migration Roadmap

If you're a CISO, compliance officer, or security architect trying to make sense of post-quantum cryptography — what it means for your organisation, what the deadlines are, and what it actually costs — this is where to begin.

We've structured the site around five pillars. Start with whichever matches your most urgent question.

1. Understanding the threat

What is PQC, why does it matter, and how urgent is it really?

Start with What Is Post-Quantum Cryptography? The Practitioner's Guide — the single best place to begin if you're new to PQC. Then read Harvest Now, Decrypt Later to understand why the clock is already running.

2. Compliance requirements

What do your specific regulatory frameworks require?

We've mapped PQC obligations to the frameworks compliance officers actually work with: HIPAA for healthcare, SOX for public companies, PCI DSS 12.3.3 for payment systems, and DORA and NIS2 for EU financial institutions.

3. Building the business case

How much will migration cost and how do you justify it?

PQC Migration Cost: A Budget Framework gives you the numbers. PQC Business Case: How to Justify Migration to Your CFO gives you the argument.

4. Planning migration

Who are the vendors, what's the technical path, and where do you start?

PQC Vendor Landscape is our independent evaluation framework. Crypto Agility explains why your migration architecture matters more than your algorithm choice.

5. Tracking deadlines

What are the actual compliance deadlines?

Federal PQC Migration Deadlines: What Agencies Actually Face is the canonical reference. CNSA 2.0 Compliance Deadlines breaks down the timeline by system type.