White paper provides key considerations and clear milestones for the sector’s transition
Reston, VA, September 25, 2025 – In response to the global challenge of the transition to quantum-resilient cryptography, FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, today published The Timeline for Post Quantum Cryptographic Migration, detailing the importance of establishing a global transition timeline for the financial sector’s migration.
Developed in partnership with a cross-border team of experts from leading financial institutions and cybersecurity organizations across the Americas and Europe, including the Quantum Safe Financial Forum (QSFF) and the CFDIR Quantum-Readiness Working Group, the paper emphasizes the importance of proactive, unified planning to enable a smooth and efficient transition and outlines practical steps to align timelines, mitigate interdependencies, and foster global collaboration without relying on prescriptive regulation.
“Sector coordination and proactive strategies will ensure the effective transition to resilient cryptographies as we face the critical security challenge of quantum computing’s ability to break current encryption algorithms,” said Mike Silverman, Chief Strategy and Innovation Officer, FS-ISAC. “This paper, created by experts who are leading the way in quantum readiness, outlines key considerations in the process and the shared priorities of the sector, which upon migration, enables the global financial sector to safeguard the trust and resilience of our systems.”
Intended to spark constructive dialogue among regulators and financial institutions globally, the white paper urges the sector to align migration activities with clear and reasonable milestones and identify all relevant stakeholders. It details existing recommendations and timelines and offers a blueprint for action while emphasizing the benefits of cross-sector collaboration.
The paper provides insights and strategic guidance on:
The Risks of Crypto-Procrastination: Major factors for stalled progress that threaten the overall migration roadmap, including underestimating the impact, misunderstanding the complexity of migration, and treating the quantum threat as a long-term risk.
Sector-Wide Dependencies: Key dependencies on standardization bodies, technology providers, and third-party vendors, highlighting the need for synchronized planning.
Phased Transition Framework: A step-by-step guide starting with a focused transition program, followed by remediation of high- and medium-risk use cases, and concluding with considerations for financial institutions’ continued compliance with policy and regulatory requirements once quantum-vulnerable algorithms have been phased out.
A Global Action Plan: The paper outlines the benefits of adopting a plan modeled after initiatives like the NSA’s CNSA 2.0 to provide clarity, set expectations, and accelerate vendor readiness.
“The interdependencies across the financial system—from payment networks to cloud service providers—mean that a collaborative and phased transition is necessary to mitigate migration risks,” said Dr. Michele Mosca, co-founder and professor at the Institute for Quantum Computing, University of Waterloo, Chair of the CFDIR Quantum-Readiness Working Group, and CEO, evolutionQ. “The time to implement post-quantum algorithms and architect for cryptographic resilience is now and this paper helps the industry meet the milestones that will be required to make this transition.”
“There is a consensus among financial firms that quantum readiness starts with industry-aligned action plans,” said Jaime Gómez García, Banco Santander, QSFF. “The development of this global transition timeline is the first step in supporting a proactive and coordinated transition measured by defined milestones.”
“We are excited to share this important perspective and guideline on the needed, coordinated global transition for post quantum cryptography,” said Peter Bordow, FS-ISAC PQC Workgroup Chair and Distinguished Engineer & Managing Director of Quantum Security, Wells Fargo. “It’s a critical first step forward for the global financial ecosystem.”
Download the full white paper here for expert strategic guidance on migrating to post-quantum resilience in alignment with the broader sector.
About FS-ISAC
FS-ISAC is the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, protecting the financial institutions and the people they serve. Founded in 1999, the organization’s real-time information-sharing network amplifies the intelligence, knowledge, and practices of its members for the financial sector’s collective security and defenses. Member financial firms represent $100 trillion in assets in 75 countries.
Contacts for Media
+++