ing conventional and PQC algorithms to ensure continuity. The challenge is as much organizational as it is technical: companies must rethink lifecycles, supply chains, and certification strategies in the face of AI- and QC-enabled hybrid threats.
Europe’ s Roadmap: Regulation, Sovereignty, and Opportunity
Europe is not blind to the challenge. The EU’ s Cyber Resilience Act, the Coordinated Implementation Roadmap for PQC, and programs like EuroQCI set ambitious deadlines. High-risk areas must be quantum-secure by 2030, medium risk by 2035.
Dr. Houdeau emphasized:“ For critical infrastructure, procurement deadlines start as early as 2027 in the United States. Europe must move in sync – otherwise certified secure products will no longer be marketable.”
For Wibu-Systems, this is also a chance for Europe to lead.“ With the European Acts, sometimes seen as a burden, we have an enormous opportunity to raise the security baseline and build trust in Europe-made solutions,” said Oliver Winzenried, CEO of Wibu-Systems.
Preparing for Tomorrow: The Role of Industry Collaboration
No single actor can solve PQC migration alone. Hardware vendors, software companies, regulators, and research institutions must coordinate. Initiatives like the Charter of Trust demonstrate the value of cross-industry collaboration, fostering shared standards and best practices.
Thomas Depeweg, SAP’ s Chief Product Manager, explained how entitlement management ties into this ecosystem:“ Entitlements are rights – whether for licenses, services, or data. By combining SAP’ s Entitlement Management System( EMS) with Wibu-Systems’ secure licensing, companies can ensure those rights are enforced all the way to the last mile.”
At Wibu-Systems, we recognize our responsibility in this chain. Both our hardware and software tools are being redeveloped to meet PQC standards – from dongles with PQC-ready security controllers to CodeMeter Protection Suite, CodeMeter License Central, and CmCloud with updated key management. The transition is already in motion, laying the foundation for a more secure digital future.
Crypto-Agility: From Brownfield Reality to Practical Migration
The transition to PQC is not a greenfield project. Most infrastructures must migrate while keeping existing systems active. This requires crypto-agility: the ability to swap algorithms without redesigning entire ecosystems. Mueller-Quade explained:“ We have to design products in a way that crypto can be safely exchanged. Digital signatures used for updates, for example, must be quantum-safe as soon as possible.”
For industry, the challenge is compounded by performance and hardware constraints. PQC keys are often ten times larger than today’ s ECC keys, stressing chips in passports, secure elements, and IoT devices. As Dr. Houdeau cautioned:“ The performance impact can double transaction times at border control or point-of-sale terminals.”
Protecting the Digital Economy: Software, Licensing, and AI Models
PQC is not only about securing state secrets; it protects the fabric of the digital economy. Software vendors, device manufacturers, and AI providers face the same risk: counterfeit licenses and tampered applications if cryptography is broken.
Oliver Winzenried stressed:“ Licensing only makes sense if the deployed licenses are secure. Otherwise, illegal third parties can generate valid licenses, and the entire monetization model collapses.”
This is especially urgent in areas like AI-driven medical devices, where models are“ frozen” under regulatory certification. PQCbased protection is required not only to prevent piracy, but to ensure the integrity and safety of critical AI models.
A Call to Action
The quantum era is not a distant prospect. Between hybrid threats, regulatory deadlines, and accelerating technical progress, the timeline for action is measured in years, not decades. Europe has the chance to turn compliance into leadership by embedding PQC into its digital backbone.
Companies cannot afford to wait. The first step is simple but critical: run an inventory, understand where your cryptography is, and prepare a migration plan. The second step is collaboration – with regulators, industry peers, and technology providers.
At Wibu-Systems, we are committed to this transition. By rebuilding our hardware and software with PQC in mind, we ensure that the licenses, applications, and digital assets our customers depend on will remain secure – not just today, but in the post-quantum tomorrow.
Quantum computing will break today’ s cryptography sooner than many expect, and adversaries are already harvesting encrypted data to decrypt later. Postquantum cryptography is therefore not optional but essential. Migration must start now: run a cryptographic inventory, map product lifecycles, and plan upgrades. With crypto-agility, cross-industry collaboration, and PQC-ready solutions from partners like Wibu-Systems, organizations can secure their licenses, applications, and digital assets against tomorrow’ s threats.
SECURITY
WIBU-SYSTEMS AG 5