Global Roadmaps for Post-Quantum Era in Finance: Policies, Timelines, and a Pragmatic Playbook for Migration
Kuka, Colin, Muhyaddin, Sanar, Teh, Phoey Lee and Davies, Leanne (2026) Global Roadmaps for Post-Quantum Era in Finance: Policies, Timelines, and a Pragmatic Playbook for Migration. FinTech, 5 (1). ISSN 2674-1032
![[img]](https://wrexham.repository.guildhe.ac.uk/style/images/fileicons/text.png) |
Text
WURO_fintech-05-00016.pdf - Published Version Available under License Creative Commons Attribution. Download (5MB) |
Abstract
Quantum computing threatens the security foundations of global financial systems, exposing long-lived data and signed digital assets to “harvest-now, decrypt-later” attacks. While the timeline for cryptographically relevant quantum computers remains uncertain, regulatory signals from the USA, UK, EU, Canada, and Australia converge: financial institutions and payment infrastructures must begin migrating to post-quantum cryptography (PQC) now to preserve confidentiality, integrity, and systemic stability. This paper maps emerging standards and roadmaps, contrasting binding requirements like the EU’s DORA crypto-agility provisions with non-binding guidance from NIST, ENISA, and ETSI. Despite a shared intent to secure high-risk use cases by 2030–2031 and complete migration by 2035, divergences in enforcement and milestones create uncertainty for cross-border banks and financial market infrastructures. In parallel, technical adoption is advancing: major browsers, cryptographic libraries (OpenSSL/BoringSSL), and CDNs (e.g., AWS CloudFront) have deployed hybrid PQC key exchange in TLS 1.3, proving confidentiality defenses are viable at internet scale. The paper synthesizes historical transition lessons, sector-specific regulatory drivers, and operational constraints in payment infrastructures to derive a new, principle-based migration: crypto-agility, risk-prioritized scoping, hybrid deployment, vendor and supply-chain alignment, independent testing, and proactive supervisory engagement. Acting now reduces long-tail exposure and ensures readiness for imminent compliance and interoperability deadlines.
| Item Type: | Article |
|---|---|
| Keywords: | post-quantum, quantum-safe migration, crypto-agility, hybrid TLS, financial market infrastructures, operational resilience, cross-border compliance, NIST FIPS 203/204, ENISA guidance, harvest-now-decrypt-later |
| Divisions: | Applied Science, Computing and Engineering |
| Depositing User: | Hayley Dennis |
| Date Deposited: | 11 Mar 2026 10:47 |
| Last Modified: | 11 Mar 2026 10:47 |
| URI: | https://wrexham.repository.guildhe.ac.uk/id/eprint/18416 |
Actions (login required)
 |
Edit Item |