The National Cyber Security Centre (NCSC) has published new recommendations on how Sweden should carry out the transition to quantum-safe cryptography. The objective is for the transition to be completed by 2035 at the latest, while organisations handling particularly sensitive information are recommended to be ready by 2030.
According to the NCSC, encryption is used across large parts of the digital society, from electronic communications and banking services to critical infrastructure. At the same time, future quantum computers are assessed as eventually being capable of breaking parts of today's cryptographic methods, which requires a gradual transition to new quantum-safe solutions.
"We need to act in good time, as the transition will take many years to complete. It is about creating long-term security and resilience in the digital society," said Alexander Engström, professor of mathematics and employed at the National Defence Radio Establishment (FRA) to contribute to the development towards quantum-safe cryptography, in a statement from the NCSC.
The recommendations urge organisations to immediately raise the issue at management level, take stock of their cryptographic assets, and establish cooperation around the transition. It is also emphasised that not all existing cryptography needs to be replaced, and that the work should proceed in stages and be based on each organisation's risk assessments.
The published report states that the transition to quantum-safe cryptography should be completed by the end of 2035 at the latest. For information assessed as remaining sensitive for longer than ten years, such as certain health data, the transition is recommended to be completed by 2030.
The NCSC also highlights that the recommendations are in line with the NIS2 Directive and the Swedish Cybersecurity Act, in which the use of cryptography is explicitly identified as part of organisations' cybersecurity work.
"Organisations that begin preparing now will be better equipped both in terms of security and in their efforts to meet legal requirements," said Alexander Engström.

