The third quarter of 2022 was shaped by a rapid, coordinated acceleration of the US post-quantum cryptographic transition. In July, NIST concluded six years of evaluation by selecting its first four quantum-resistant algorithms. In August, the CHIPS and Science Act extended and expanded federal quantum research authorizations. The NSA followed in September with CNSA 2.0, setting concrete migration deadlines for national security systems. Beyond the United States, the Novo Nordisk Foundation committed DKK 1.5 billion ($200 million) for a 12-year quantum computing program in Denmark, and both the UK and US imposed quantum-specific export controls targeting Belarus.
United States: NIST Selects First Four Post-Quantum Cryptographic Algorithms
What happened. On July 5, 2022, NIST announced the selection of the first four algorithms for its post-quantum cryptographic standard, concluding the third round of a six-year evaluation process. CRYSTALS-Kyber was selected for key encapsulation, while CRYSTALS-Dilithium, FALCON, and SPHINCS+ were selected for digital signatures. NIST recommended CRYSTALS-Kyber and CRYSTALS-Dilithium as primary algorithms for most use cases, with SPHINCS+ serving as a non-lattice-based backup. Four additional algorithms advanced to a fourth evaluation round, and draft standards were expected within two years. Two months later, NIST issued a separate call for additional non-lattice digital signature proposals, with submissions due by June 2023.
Why it matters. The selection is the starting point for a global cryptographic migration. Every organization relying on public-key cryptography, from banks and hospitals to defense contractors and cloud providers, will eventually need to adopt these or equivalent algorithms. That three of the four primary selections (CRYSTALS-Kyber, CRYSTALS-Dilithium, and FALCON) are lattice-based concentrates risk: a future break in lattice assumptions would compromise most of the new standard simultaneously. NIST clearly recognized this by including the hash-based SPHINCS+ and by seeking additional non-lattice signature candidates in September. The practical effect is a two-track transition: organizations can begin planning around the selected algorithms while the standards body continues diversifying its options.
What remains unclear. When draft standards will be published in final form and how the gap between algorithm selection and standard publication will affect vendor implementations. Whether the fourth-round candidates (BIKE, Classic McEliece, HQC, and SIKE) will yield a viable non-lattice key encapsulation alternative. How non-US standards bodies will respond, whether they will adopt the NIST selections directly or pursue independent evaluations.
Who should care. CISOs and IT security architects at any organization handling sensitive or long-lived data. Cryptographic library maintainers and software vendors planning product roadmaps. Government procurement officers responsible for compliance timelines. Standards bodies outside the US weighing alignment with NIST selections.
United States: CHIPS and Science Act Expands Federal Quantum Authorizations
What happened. President Biden signed the CHIPS and Science Act (Public Law 117-167) on August 9, 2022. The legislation amended the National Quantum Initiative Act and authorized new investments in quantum research, including approximately $100 million per year for DOE quantum network infrastructure and $15 million per year for NIST quantum networking R&D for fiscal years 2023 through 2027. Quantum information science was designated as one of ten key technology focus areas for the new NSF Directorate for Technology, Innovation, and Partnerships, and the act established a DOE Quantum User Expansion for Science and Technology (QUEST) program.
Why it matters. This is the largest expansion of federal quantum research authorization since the original National Quantum Initiative Act in 2018. The focus on quantum networking infrastructure and communications standards represents a shift in emphasis: earlier federal quantum investments concentrated on computing and sensing, while the CHIPS Act explicitly prioritizes the network layer. The creation of a new NSF directorate with quantum as a named focus area may channel additional funds toward translational research and industry partnerships. However, these are authorizations, not appropriations. Actual spending depends on subsequent congressional action, and the gap between authorized and appropriated levels is frequently wide.
What remains unclear. Whether Congress will appropriate funds at authorized levels in the coming fiscal years. How the new NSF directorate will coordinate with existing DOE and NIST quantum programs to avoid duplication. Whether the networking infrastructure buildout will favor particular technology approaches (for example, fiber-based versus satellite-based quantum communication).
Who should care. Quantum networking and communications researchers seeking federal grants. Quantum hardware companies targeting government contracts. University laboratories positioned to host DOE quantum network infrastructure. Congressional appropriators who will determine actual funding levels.
United States: NSA Sets Post-Quantum Migration Deadlines With CNSA 2.0
What happened. In September 2022, the NSA released the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), its first set of post-quantum cryptographic algorithm recommendations for National Security Systems (NSS). The advisory specified quantum-resistant replacements for legacy public-key algorithms including RSA, Diffie-Hellman, and elliptic curve cryptography. CNSA 2.0 set a phased transition timeline: new NSS acquisitions must be CNSA 2.0 compliant by January 1, 2027, with full migration across all NSS targeted by 2033 to 2035. The NSA encouraged vendors to begin adopting NIST SP 800-208 hash-based signatures for software and firmware signing immediately.
Why it matters. CNSA 2.0 converts the theoretical urgency of PQC migration into a binding procurement requirement for the defense and intelligence community. The 2027 compliance date for new acquisitions is less than five years out, creating immediate pressure on vendors selling into the national security market. For the broader ecosystem, the timeline functions as a signal: the US intelligence community treats PQC migration as an operational priority with fixed deadlines, not an open-ended research exercise. Allied governments that align their national security systems with US standards will face similar timelines, and defense contractors operating across multiple allied markets will need to plan accordingly.
What remains unclear. Whether defense contractors and NSS vendors can realistically meet the 2027 new-acquisition deadline given that NIST standards remain in draft form. How allied governments will set their own NSS migration timelines relative to the US schedule. Whether the phased approach will produce a prolonged period of mixed classical and post-quantum deployments, with the interoperability challenges that entails.
Who should care. Defense contractors and vendors selling into NSS environments. Allied government defense and signals intelligence agencies setting their own transition calendars. Cryptographic product manufacturers. CISOs at organizations handling classified or sensitive government data.
Denmark: Novo Nordisk Foundation Commits $200 Million for Quantum Computing
What happened. On September 21, 2022, the Novo Nordisk Foundation announced a grant of DKK 1.5 billion (approximately $200 million) over 12 years for the Novo Nordisk Foundation Quantum Computing Programme (NQCP), to be hosted at the Niels Bohr Institute of the University of Copenhagen. The programme’s stated mission is to develop fault-tolerant quantum computing hardware and quantum algorithms for life sciences applications. Part of the funding was earmarked for Quantum Foundry P/S, a dedicated fabrication facility. During the first seven years, researchers will develop materials and hardware across three quantum computing platforms, then select the most suitable platform for scale-up in the remaining five years. Anticipated international partners include MIT, TU Delft, DTU, Aarhus University, and the University of Toronto.
Why it matters. This is one of the largest single grants for quantum computing research anywhere in the world, and it comes from a private foundation rather than a government. The 12-year timeline is distinctive; most government quantum programs operate on five- to seven-year funding cycles, which can create pressure toward short-term milestones at the expense of long-term hardware development. The explicit focus on fault-tolerant hardware (rather than near-term noisy intermediate-scale applications) and the inclusion of a co-located fabrication facility represent a bet on the longer trajectory of the field. Denmark now has a quantum research program at a scale that positions it alongside much larger economies, though the life sciences application focus may shape the program’s research priorities in ways that differ from more broadly scoped national efforts.
What remains unclear. Whether the three-platform, down-selection model will produce the best outcome or create internal competition that dilutes focus during the critical first phase. How the program will interact with the EU Quantum Flagship and other European quantum initiatives, particularly given its strong ties to non-EU institutions (MIT, Toronto). Whether the life sciences application focus will attract top hardware talent or narrow the available researcher pool.
Who should care. European quantum researchers and postdoctoral candidates considering where to build careers. Life sciences companies exploring quantum computational chemistry and drug discovery. Danish and EU policymakers planning quantum infrastructure investments. University administrators at institutions considering quantum fabrication capabilities.
Belarus: United States and United Kingdom Impose Quantum Computing Export Controls
What happened. In two separate actions during the quarter, the UK and US imposed new export controls that included quantum computing as a standalone sanctions category targeting Belarus. On July 5, the UK amended its Belarus sanctions regulations to add a new Schedule 2G category covering quantum computing and advanced materials goods and technology, prohibiting export, supply, delivery, and related services. On September 15, the US Bureau of Industry and Security published a final rule extending Russia-focused industry sector sanctions to Belarus, adding quantum computing items to a new Supplement No. 6 to Part 746 of the EAR. Controlled items included quantum computers and assemblies, cryogenic refrigeration systems, ultra-high vacuum equipment, and high quantum efficiency photodetectors and sources. The same day, the Treasury Department’s OFAC prohibited US persons from providing quantum computing services to any person located in Russia and authorized the designation of entities operating in Russia’s quantum computing sector.
Why it matters. These measures mark the first time quantum computing has appeared as a standalone, named sanctions category in both US and UK export control frameworks. While the immediate policy objective is preventing circumvention of Russia-related sanctions, the practical effect is to establish a template. The itemized list of controlled technologies (cryogenic systems, vacuum equipment, photodetectors) defines a supply-chain taxonomy that could be adapted for broader quantum-specific export controls in the future. The OFAC services prohibition extends beyond hardware to potentially restrict cloud-based quantum computing access, a novel dimension that reflects the growing availability of quantum computing as a service.
What remains unclear. How effectively these controls can be enforced, given the dual-use nature of many listed items (cryogenic equipment and vacuum systems serve applications across multiple scientific and industrial domains). Whether the specific item categories will be adopted by multilateral export control regimes such as the Wassenaar Arrangement. How cloud quantum computing providers will implement screening to comply with the OFAC services ban on Russia-connected users. Whether other jurisdictions will introduce parallel quantum-specific export controls.
Who should care. Quantum hardware manufacturers and component suppliers with international sales. Cloud quantum computing providers offering services to global users. Export control compliance teams at technology companies. Participants in multilateral export control regimes considering quantum-specific categories.
Also in July–September 2022
ESA and Luxembourg-headquartered SES signed a contract for the EAGLE-1 satellite system, the first European space-based quantum key distribution system, at the International Astronautical Congress in Paris; the approximately €130 million project is co-funded by ESA member contributions and the European Commission through Horizon Europe.
The Israel Innovation Authority selected Quantum Machines to lead the establishment of the Israel Quantum Computing Center with a NIS 100 million (~$29 million) budget over three years, bringing together a consortium offering superconducting, cold ion, and photonic quantum processing technologies.
Australia’s Minister for Industry and Science established a 15-person National Quantum Advisory Committee, chaired by Chief Scientist Dr. Cathy Foley, to guide development of the country’s first National Quantum Strategy.
CISA launched a Post-Quantum Cryptography Initiative organized across risk assessment, interagency engagement, tool development, and published guidance, one day after NIST’s algorithm selection announcement.
For structured analysis of each development in this briefing, with cross-jurisdictional comparisons and sector-level impact assessments, visit the Quantum Policy Radar.