Post-Quantum Cryptography (PQC) will significantly impact trust services, foundational for Electronic Identification and Trust Services (eIDAS). ABI Research says disparities in funding for PQC across regions pose risks to regulatory implementation. For instance, France invests over 200 times more in PQC research than countries like Bulgaria and the Czech Republic. This funding gap could exacerbate inequalities in PQC deployment, yet there remains strong vendor confidence in eIDAS compliance, as adhering to security standards is essential for market entry.
According to Georgia Cooke, a digital security research Analyst, the PQC market is still developing, and it is uncertain whether current leaders will maintain their positions or if new entrants will disrupt the status quo. The urgency lies in the need for adaptability—vendors must align technical crypto agility with operational flexibility to navigate an evolving threat landscape.
For vendors, the challenge of establishing dominance in the projected $500 million PQC market by 2028 is considerable. Companies across technology sectors must evolve to meet new encryption standards. For example, Hardware Security Modules (HSMs) must be optimised to support new algorithms, a task critical for firms like Entrust and Utimaco. Likewise, smart chips used in electronic ID cards and passports will require redesigning to accommodate longer and multiple cryptographic keys, a responsibility falling on vendors such as NXP Semiconductors and HID Global.
Moreover, companies like IDEMIA and IN Groupe are charged with upgrading and digitising physical credentials to ensure mobile access, crucial for a seamless transition to PQC readiness.
To gain a competitive edge, vendors should engage in thought leadership, positioning themselves as pioneers of best practices in PQC. Thales, for instance, has taken a proactive approach by co-developing the Falcon algorithm, recognised by the U.S. National Institute of Standards and Technology (NIST) as a post-quantum-resistant digital signature standard.
Ultimately, achieving a unified eIDAS experience necessitates a harmonised Post-Quantum Readiness strategy across regions, technical domains, and vendor partnerships. As the ecosystem evolves, CISOs must stay informed and agile to ensure their organisations are prepared for the impending quantum threat landscape.