Crypto-Agility and the PQC Migration Handbook

Why 2026 Is the Year to Take Action

Quantum computing is evolving rapidly. What long appeared to be a theoretical topic is becoming increasingly tangible: existing cryptographic algorithms will no longer be resilient against quantum attacks in the foreseeable future. The Dutch government is proactively addressing this challenge with the PQC Migration Handbook, a practical and strategic guide designed to help organisations prepare for the transition to post-quantum cryptography (PQC).

For organisations in the Netherlands, this is no longer a distant concern. We believe 2026 will be a pivotal year to take concrete steps towards crypto-agility and quantum resilience.

What Is the PQC Migration Handbook?

The PQC Migration Handbook published by the Dutch government provides a structured approach to preparing for post-quantum cryptography. Importantly, the handbook goes beyond purely technical considerations and addresses topics such as:

• Risk analysis: identifying where cryptography is used and understanding the impact if it is compromised
• Cryptographic inventory: gaining insight into certificates, keys, algorithms, and dependencies
• Crypto-agility: the ability to replace cryptographic algorithms in a controlled and timely manner
• Migration strategies: phased transitions, hybrid approaches (classical + PQC), and prioritisation
• Governance and policy: roles, responsibilities, decision-making, and lifecycle management

The core message is clear: organisations must start preparing now, as cryptography is deeply embedded in IT, OT, and network architectures.

Why Crypto-Agility Is Essential

The handbook rightly emphasises that crypto-agility is a key prerequisite for a successful PQC migration. This is not merely about deploying new algorithms, but about structurally designing processes and architectures that can adapt to cryptographic change.

Without crypto-agility, organisations risk:

• migrations becoming overly complex or prohibitively expensive;
• being unable to meet future compliance requirements in time;
• leaving critical systems vulnerable to “harvest now, decrypt later” attacks.

The Role of Nomios in PQC Migration

From the perspective of Nomios, we see that many organisations are looking for practical guidance to navigate this transition. With our extensive experience in cryptography, PKI solutions, and secure networking, we are well positioned to support organisations from strategy through to implementation.

We support organisations with, among other things:

• cryptographic inventories and impact assessments;
• the design of crypto-agile architectures;
• PKI modernisation and certificate lifecycle management;
• testing and implementing PQC-ready solutions.

A Strong Ecosystem of Technology Partners

Nomios collaborates with leading technology partners to deliver future-proof solutions:

• Thales, Keyfactor, and DigiCert for PKI, key management, and PQC-ready certificate solutions
• Nokia and HPE Networking, both frontrunners in Quantum-Safe Networking, including quantum-resistant protocols and hybrid cryptographic implementations within network infrastructures

Through these partnerships, we are able to develop tailored solutions that align with our customers’ specific risks, sectors, and maturity levels.

Conclusion: Start Now, Not Later

The PQC Migration Handbook provides organisations with a clear framework to prepare for a post-quantum future. The message is unambiguous: waiting until quantum computers become fully operational is not an option. Organisations that delay action until 2026 risk falling behind.

Nomios helps organisations take meaningful steps towards crypto-agility and quantum resilience today — pragmatically, in a controlled manner, and with a clear focus on the future.