The development of quantum computers threatens to make certain cryptographic algorithms used to secure telecommunications networks obsolete.
Given the risks of retroactive compromise via Store-Now-Decrypt-Later attacks and potentially severe consequences on customer confidentiality and service continuity, in order to ensure compliance with the Recommendation of 11 April 2024, EU Member States are working to ensure a coordinated transition towards post-quantum cryptography (PQC).
This document translates the European expectations at national level by defining the minimum requirements for quantum risk management and transition to post-quantum cryptography, as well as by setting the sector timeline for the objectives of the Belgian telecommunications operators.
The chosen referral approach is structured into three phases. It includes:
- Inventorying cryptographic assets and analysing quantum risks;
- Planning the migration with the designation of a supervisor of the ecosystem coordination;
- Carrying out the progressive deployment of the solutions.
The sector timeline sets objectives ranging from the finalisation of inventories as from the publication of the document to the completion of the migration by 2030 for the most critical systems, with a supervision mechanism as foreseen within the framework of the Act of 13 June 2005 on electronic communications, as well as the NIS2 and CER (Directive (EU) 2022/2557 of 14 December 2022 on the resilience of critical entities) directives, to meet the European quantum resilience objectives by 2035.