Europe's Multi-Layer Approach
Europe's post-quantum infrastructure planning does not follow a single top-down mandate equivalent to NSM-10. Instead, it operates through a combination of EU-level agencies and directives, national cybersecurity bodies with significant independent authority, and technical standardization bodies with strong industry influence. Understanding the European landscape requires mapping this multi-layer structure and the specific requirements that emerge from each layer.
The primary actors are ENISA (European Union Agency for Cybersecurity), the NIS2 Directive, the EU Cyber Resilience Act, and national agencies including BSI (Germany), ANSSI (France), and NCSC (UK, now post-EU but highly influential). Together these bodies are constructing a regulatory environment that will require cryptographic agility and post-quantum readiness from digital infrastructure operators across Europe.
ENISA's Post-Quantum Cryptography Guidance
ENISA published its first post-quantum cryptography guidance in 2021 and has updated it with NIST's standardization progress. ENISA's guidance covers algorithm selection, migration planning, and cryptographic agility requirements for EU operators. A key difference from the U.S. approach is that ENISA explicitly recommends a multi-algorithm strategy, not relying solely on lattice-based schemes, citing concerns about the relative maturity of lattice cryptanalysis compared to hash-based alternatives.
ENISA's 2024 post-quantum report updated its recommendations to align with the finalized FIPS standards, endorsing ML-KEM and ML-DSA as primary algorithms while recommending SLH-DSA or XMSS as hash-based alternatives for high-assurance applications. ENISA specifically noted that organizations with data sensitivity lifetimes exceeding 10 years should prioritize migration immediately, citing the harvest-now/decrypt-later threat as an active risk, not a future concern.
ENISA also published a dedicated guidance document on cryptographic agility, arguing that algorithm flexibility is a prerequisite for regulatory compliance across jurisdictions. For companies operating in both U.S. and EU markets, cryptographic agility is essential: U.S. regulators will require CNSA 2.0 parameter sets while EU recommendations may differ on specific parameter levels, making hardcoded algorithm choices architecturally risky.
NIS2: The Compliance Directive
The NIS2 Directive (Directive on Security of Network and Information Systems, revised version) came into force across EU member states in October 2024. NIS2 substantially expands the scope of entities required to maintain cybersecurity risk management measures and report significant incidents. It covers operators in 18 critical sectors including banking, financial market infrastructure, digital infrastructure, and digital services.
NIS2 does not specify post-quantum cryptography by name in its articles, but its requirements for "appropriate and proportionate technical measures to manage cybersecurity risks" and "state of the art" security practices create a regulatory basis for requiring PQC preparedness. EU regulators, following NIS2's implementation, have begun interpreting "state of the art" cryptographic practice as including PQC migration planning given the published NIST standards and explicit ENISA guidance.
For NIS2-covered entities, the practical implication is that cryptographic risk management programs that do not address quantum computing risks may fail to meet "state of the art" requirements under enforcement review. ENISA has indicated that NIS2 supervisory authorities should use ENISA's technical guidelines, including PQC guidance, as reference documents for assessing compliance. This creates a de facto PQC requirement for NIS2-covered entities even without explicit statutory language.
The EU Cyber Resilience Act
The EU Cyber Resilience Act (CRA), which entered into force in December 2024, imposes cybersecurity requirements on products with digital elements sold in the EU market. The CRA requires that products handle cryptographic operations in ways that maintain security over the product's expected lifetime. For connected hardware and software products with multi-year lifetimes, this means that cryptographic agility for post-quantum transitions is effectively a product compliance requirement.
CRA's most significant implication for blockchain and fintech developers is the requirement for security updates throughout the product support period. A blockchain node software that cannot be updated to support post-quantum algorithms will fail CRA's ongoing security requirement. Developers building products for EU deployment must plan for post-quantum algorithm updates as part of their product lifecycle management.
BSI: Europe's Most Detailed Technical Guidance
The German Federal Office for Information Security (BSI, Bundesamt fur Sicherheit in der Informationstechnik) has published the most technically detailed post-quantum cryptography guidance of any European national agency. BSI's Technical Guideline TR-02102, updated in 2024, provides specific algorithm recommendations, parameter size requirements, hybrid mode specifications, and migration timelines for German federal agencies and critical infrastructure operators.
BSI's recommendations largely align with NIST standards but include specific guidance on parameter choices that goes beyond NIST minimums. For ML-KEM, BSI recommends ML-KEM-768 as the minimum, with ML-KEM-1024 for high-security applications, aligning with CNSA 2.0 conservatism. For digital signatures, BSI recommends ML-DSA-65 as a minimum, with ML-DSA-87 for high-assurance applications. BSI also explicitly endorses hybrid mode during the transition period, requiring that hybrid deployments maintain security against both classical and quantum adversaries.
BSI's guidance carries practical weight beyond Germany because the BSI TR-02102 series has been widely adopted as a reference by financial institutions across the EU/EEA for their internal cryptographic standards. An institution that meets BSI TR-02102 requirements is well-positioned for regulatory compliance across most European jurisdictions.
ANSSI and NCSC Positions
France's ANSSI published post-quantum recommendations in 2022 that were somewhat more conservative than NIST's in their algorithm endorsements, reflecting ANSSI's traditional preference for algorithm diversity and caution about lattice cryptography's relative novelty. ANSSI's 2025 guidance updated its position to endorse FIPS 203 and FIPS 204 for deployment while maintaining its recommendation for hash-based backup schemes in high-assurance applications.
The UK's NCSC published post-quantum migration guidance in 2023 that closely tracks NIST recommendations. Post-Brexit, the NCSC operates independently of ENISA but maintains close technical alignment. NCSC guidance is relevant to UK-regulated financial institutions and is often adopted by multinational firms as part of their global cryptographic standards framework.
The Quantum Flagship and Standardization
The EU Quantum Flagship, a 10-year, EUR 1 billion research initiative, has a significant post-quantum cryptography component focused on both algorithm development and standardization. The Flagship's PQC work feeds into ETSI (European Telecommunications Standards Institute) standardization, which in turn influences product certification and procurement requirements across European markets.
ETSI's Quantum Safe Cryptography working group has published technical specifications that align with NIST FIPS standards while adding European-specific interoperability profiles. These profiles matter for financial infrastructure because EU payment systems, including SEPA and TARGET2, reference ETSI standards in their technical requirements.
What Fintech and Blockchain Companies Must Do by 2027
For a fintech or blockchain company operating in the EU, the combination of NIS2, CRA, and ENISA guidance creates a coherent set of requirements that should be addressed by the end of 2027. Complete a cryptographic inventory covering all products and services deployed in the EU market. Develop a documented post-quantum migration roadmap with specific milestones and algorithm targets. Implement cryptographic agility in all products with multi-year support lifetimes. Begin hybrid mode deployment for transport layer cryptography. Document the migration plan and make it available for NIS2 supervisory authority review upon request.
Companies that complete these steps by 2027 will be aligned with the NIST migration timeline and ahead of formal EU enforcement action. Those that do not will face increasing regulatory scrutiny as NIS2 supervisors develop enforcement precedents around cryptographic "state of the art" requirements.
