A Post-Quantum Cryptography (PQC) migration framework is a structured plan for transitioning an organization’s cryptography from quantum-vulnerable algorithms, such as RSA and ECC, to NIST-standardized post-quantum algorithms, such as ML-KEM, ML-DSA, and SLH-DSA.
For most of 2025 and into early 2026, PQC efforts within many organizations remained focused on planning activities such as cryptographic inventory development, migration roadmap creation, algorithm selection, and dependency analysis. While these activities remain important, developments during the first half of 2026 highlighted that organizations must increasingly prepare for implementation and operational deployment challenges in addition to strategic planning.
Three specific developments drove the shift. Google announced a 2029 target for completing PQC migration across Chrome, Android, Google Cloud, and internal infrastructure. This sets a de facto ecosystem deadline ahead of the disallowance deadlines established in NIST IR 8547 (Initial Public Draft, November 2024), which prohibits new deployments of RSA and ECC after 2030 and disallows all use after 2035.
Let’s Encrypt committed to Merkle Tree Certificates (MTCs) as its path to post-quantum Web PKI, with a staging environment targeted for late 2026 and production readiness in 2027. And the FIPS 140-3 validation gap hardened from a known risk into a concrete deployment constraint: as of June 2026, no FIPS 140-3 validated cryptographic module offers PQC algorithms in approved mode, while FIPS 140-2 validations are moving to the Historical list on September 21, 2026.
Taken separately, each development is significant. Taken together, they mark the moment when PQC migration moved from preparation-phase activity into deployment-phase engineering, and exposed a set of gaps that the existing framework was not equipped to address.
The Deployment Gaps That Received Limited Attention
Before looking at what changed in Q2 2026, it helps to understand what was missing. A comprehensive review of PQC migration frameworks published through March 2026 identified a consistent pattern: the guidance that existed was well-suited to help organizations answer preparation-phase questions. Cryptographic inventory, discovery, planning, risk prioritization, pilot design, and roadmap construction were all reasonably covered by frameworks from NIST, CISA, and similar organizations.
Most published frameworks focused primarily on planning and readiness activities, with comparatively less emphasis on deployment execution. Several deployment-oriented challenges received limited coverage in published frameworks. The first was the absence of a two-track migration model. Key exchange migration and digital signature migration have different urgency drivers, different infrastructure dependencies, and different deployment readiness states.
The Harvest Now, Decrypt Later (HNDL) threat drives urgency for confidentiality protection through hybrid key exchange, and ML-KEM-based hybrid TLS is deployable today. The Trust Now, Forge Later (TNFL) threat drives urgency for signature migration, but two separate readiness gaps block it: for public Web PKI, the MTC infrastructure is not yet in production. For enterprise PKI and regulated environments, no FIPS 140-3 validated cryptographic module offers PQC algorithms in approved mode, and library support remains incomplete across several platform categories.
Treating both tracks as a single prioritized queue may cause organizations to under-invest in whichever track is not their starting focus.
The second gap was the PKI architecture fork introduced by MTCs. Let’s Encrypt’s June 3, 2026 announcement, combined with Google Chrome’s stated preference for MTCs, and Cloudflare’s active live testing, indicates that public Web PKI is moving toward a fundamentally different trust model for post-quantum certificate issuance.
Organizations managing both public TLS and internal certificate programs should monitor whether public and private PKI deployments evolve along different architectural paths as PQC technologies mature: MTC-based for publicly trusted web, and X.509 with PQC algorithms for internal mTLS, VPN certificates, 802.1X authentication, code signing, and device identity.
The remaining gaps were equally concrete. The Applied Quantum Framework v2.0 introduced a four-tier environment classification, Unrestricted, FIPS-Aware, FIPS-Required, and CNSA 2.0, to give organizations deployment sequencing guidance based on their regulatory constraints, addressing an area that had received limited attention in earlier migration frameworks. Cost estimation lacked rigor, with no framework integrating a structured taxonomy of PQC-specific cost drivers that a CISO could use to build a budget request.
Multinational organizations faced contradictory hybrid deployment guidance across BSI, ANSSI, NCSC-UK, CNSA 2.0, and ASD with no structured navigation model. And no published framework provided evidence-based responses to the organizational resistance patterns that kill PQC programs: “we’ll wait for vendors,” “we already did an inventory,” “no one in our sector has started.”
New Publications from Q2 2026 and What They Contributed
The most substantive new publication between March and June 2026 came from Meta. Published on April 16, 2026, the Meta PQC migration framework introduced a five-level maturity model running from PQ-Unaware at the bottom through PQ-Aware, PQ-Ready, and PQ-Hardened, up to PQ-Enabled at the top, and a six-step migration strategy grounded in Meta’s own production deployment experience. Meta has confirmed reaching PQ-Enabled status for portions of its internal traffic using post-quantum key exchange protections.
The value of the Meta framework is precisely that it is not theoretical: it describes choices made by an organization that has shipped PQC at hyperscaler scale and encountered real deployment constraints. The Meta framework acknowledges the two-track reality by describing PQ-Hardened as the state where an organization has deployed all currently available post-quantum protections but remains unable to fully eliminate the quantum threat because certain industry primitives do not yet exist.
Confidentiality protection through hybrid key exchange falls into the deployable category; signature migration does not, because the required ecosystem components are not yet in place. What the Meta framework does not address is the planning governance for organizations that do not control both endpoints of their traffic, have no equivalent of Meta’s centralized infrastructure, or need to manage signature migration as a formal program track with its own milestones.
The six-step Meta playbook maps roughly to the inventory, risk assessment, pilot, and deployment phases of a full migration lifecycle. Executive mandate, roadmap governance, Cryptographic Bill of Materials (CBOM) architecture, and multi-year program management are outside its scope.
The SSRN paper by Tim Williams, published on May 5, 2026, offered the quarter’s most directly useful contribution to the cost estimation gap. The paper presented a fourteen-basis cost framework organized into four methodological classes: Parametric, Theoretical, Analogical, and Judgemental, in which cross-class convergence provides stronger validation than any single class alone. Any organization building a budget case for PQC migration should reference it.
NIST also advanced nine candidates to the third round of its additional digital signature standardization process on May 14, 2026, publishing the selection rationale in NIST IR 8610. The nine advancing candidates are FAEST, HAWK, MAYO, MQOM, QR-UOV, SDitH, SNOVA, SQIsign, and UOV. These candidates are not intended for production planning on current timelines, but their advancement is direct evidence that the cryptographic algorithms will continue to evolve and that crypto-agility, the ability to update cryptographic algorithms without rebuilding underlying systems, must be a program requirement, not a future consideration.
For production-ready digital signatures today, organizations should rely on the finalized ML-DSA (FIPS 204) and SLH-DSA (FIPS 205), both standardized in August 2024, while FN-DSA (FIPS 206) is still in draft with finalization expected in late 2026 or early 2027.
As of mid-2026, at least one PQC-capable cryptographic module has entered the FIPS 140-3 validation process via the CMVP queue, with validation expected before the end of 2026. For regulated organizations, this submission defines the earliest plausible date for deploying PQC algorithms in FIPS-required environments in approved mode. Planning that assumes production PQC deployment in FIPS-required systems before that validation completes is planning against a constraint that does not yet exist.
Turning the Framework Gap into a Planning Agenda
The pattern across the frameworks reviewed through June 2026 is consistent. Preparation-phase guidance is well-developed. Deployment-phase guidance is fragmented or absent. Gartner’s Top Trends in Cybersecurity for 2026 captured the same inflection point, naming “Postquantum Computing Moves into Action Plans” as one of its six top cybersecurity trends for 2026 and calling on organizations to prioritize cryptographic agility and migration immediately. Organizations that have completed their cryptographic inventories, established a risk register, and secured executive sponsorship are now moving beyond the planning phase into implementation.
The FIPS validation gap is the most immediate constraint for regulated organizations. FIPS 140-2 validations move to the Historical list on September 21, 2026. Organizations running systems that require FIPS 140-3 validated cryptographic modules deploy PQC algorithms in approved mode until a FIPS 140-3 validated PQC module in the CMVP queue completes validation. The planning implication is not to wait but to use the interval purposefully: complete CBOM architecture, stand up hybrid key exchange on unrestricted environments, qualify vendor library support, and have production deployment plans ready to execute when validated modules are available.
The PKI architecture fork requires a classification decision that most enterprise PKI programs have not yet made. Public web-facing certificates are heading toward MTCs. Internal enterprise certificates are heading toward X.509 with PQC algorithm support, specifically ML-DSA for signatures per NIST FIPS 204.
These are not the same migration path, and conflating them in a single PKI modernization program creates planning errors. Internal PKI programs should proceed with X.509 PQC migration planning now. Public Web PKI programs should track the MTC standardization progress through the IETF PLANTS working group drafts and Let’s Encrypt’s staging timeline, and plan for the architectural divergence rather than assuming a common endpoint.
Google’s 2029 completion target deserves attention beyond its headline number. Google operates the world’s most widely deployed browser and one of the two dominant mobile operating systems. By Q3 2027, Google plans to finalize the CA onboarding requirements for the Chrome Quantum-resistant Root Store, a purpose-built trust store that supports only MTCs and operates alongside the existing Chrome Root Store during the transition.
CAs and organizations that want to serve quantum-resistant certificates trusted by Chrome will need to meet those requirements. That creates direct infrastructure preparation pressure for any organization managing publicly trusted certificate programs: the time between now and Q3 2027 is the window to qualify. Organizations that have not started certificate infrastructure modernization before that store opens will face a choice between continuing on classical PKI or scrambling to meet MTC issuance requirements under a deadline.
How Encryption Consulting Can Help
Encryption Consulting works with organizations at every stage of PQC migration, from initial cryptographic asset discovery and CBOM architecture through PKI modernization, hybrid certificate deployment, and algorithm transition planning. Organizations that begin a PQC migration quickly discover that the challenge extends beyond algorithm selection. Success depends on understanding where cryptography exists, assessing the impact of quantum-vulnerable systems, coordinating with vendors, modernizing PKI infrastructure, and building the operational capabilities required to support future cryptographic transitions.
PQC Advisory Services
Encryption Consulting’s PQC Advisory Services map to the core stages of a PQC migration lifecycle. Here is how each offering accelerates your progress.
We begin with a Cryptographic Discovery and Inventory, scanning your entire environment to identify certificates, keys, algorithms, and protocols across endpoints, applications, APIs, and infrastructure. This builds the baseline you need before any migration can begin.
From there, we conduct a PQC Assessment to evaluate your exposure to quantum threats, identify RSA- and ECC-dependent systems, and deliver a prioritized report of vulnerable assets with risk severity ratings.
With that clarity, we develop a PQC Strategy and Roadmap, a phased migration plan aligned to your risk appetite, regulatory requirements, and long-term security goals, including cryptographic agility so your systems can adapt as standards evolve.
We then support Vendor Evaluation and Pilot Testing, helping you select the right tools, run proof-of-concept tests, and validate interoperability before any full-scale rollout.
Finally, we manage Full Implementation, deploying hybrid classical and quantum-safe models, rolling out PQC across your PKI and infrastructure, and setting up monitoring for long-term cryptographic health.
With this structured approach, you move from cryptographic uncertainty to a documented, policy-driven migration program aligned to NIST timelines and your regulatory obligations.
CBOM Secure
A successful post-quantum transition begins with visibility. Encryption Consulting’s CBOM Secure provides continuous discovery and inventory of cryptographic assets across enterprise infrastructure, cloud environments, applications, and cryptographic services.
Unlike a point-in-time inventory, CBOM Secure continuously generates and consumes Cryptographic Bills of Materials (CBOMs) while tracking certificates, keys, algorithms, and cryptographic dependencies across the environment. It provides visibility into what is deployed, where it is running, and how cryptographic dependencies evolve over time.
The platform also supports policy-driven governance by validating cryptographic configurations against organizational standards, identifying deviations, and helping organizations address security, operational, and compliance risks.
For PQC readiness, CBOM Secure helps identify systems that rely on quantum-vulnerable algorithms, prioritize remediation activities, and establish the continuous cryptographic governance required to achieve long-term crypto-agility.
Whether your organization is starting from scratch with no formal inventory in place or is looking to operationalize an existing discovery effort into a continuous governance program, Encryption Consulting brings both the advisory depth and the platform capability to move you forward. To learn more about our PQC Advisory Services or CBOM Secure, visit encryptionconsulting.com or reach out to our team directly.
Conclusion
The PQC migration conversation evolved significantly during the first half of 2026. For many organizations, the focus began shifting from preparation activities such as cryptographic inventory development, risk assessment, migration planning, and budget justification toward practical deployment considerations. Organizations that spent recent years building visibility into their cryptographic environments and establishing migration programs are increasingly confronting implementation questions related to deployment sequencing, infrastructure dependencies, PKI modernization, crypto-agility, and operational readiness.
At the same time, developments across standards bodies, technology providers, certificate ecosystem participants, and cryptographic module vendors highlighted that PQC adoption is not solely a future planning exercise. Progress in protocol implementations, ongoing Web PKI modernization efforts, evolving compliance considerations, and continued advancements in cryptographic validation programs have reinforced the need for organizations to evaluate how PQC technologies will be deployed and operated within real-world environments.
As a result, organizations should view PQC migration as both a strategic and an operational challenge. Planning, governance, and inventory development remain essential, but equal attention should be given to deployment architecture, hybrid cryptographic implementations, certificate and key management processes, application dependencies, and long-term crypto-agility requirements. The organizations best positioned for successful migration will be those that continue planning while simultaneously preparing for phased implementation and operational deployment.
