June 2025 was defined by post-quantum cryptography transition planning reaching operational specificity in multiple jurisdictions simultaneously. The EU’s NIS Cooperation Group published a coordinated PQC roadmap with 2026, 2030, and 2035 milestones. Canada released its own federal PQC migration plan with parallel timelines. The United States revised its PQC posture through Executive Order 14306, retaining key deadlines while stripping procurement mandates. At the political level, the G7 issued its first leaders-level statement on quantum technologies, and EuroHPC inaugurated the first of eight planned quantum computers across Europe.
European Union: Coordinated PQC Roadmap Sets Three-Phase Migration Timeline
What happened. The NIS Cooperation Group published Version 1.1 of its Coordinated Implementation Roadmap for the Transition to Post-Quantum Cryptography, the first deliverable of a dedicated PQC work stream established in response to the European Commission’s Recommendation (EU) 2024/1101. The roadmap sets three milestone dates: all Member States should initiate national transition roadmaps and begin identification activities by December 31, 2026; high-risk use cases and critical infrastructure must be secured with PQC by December 31, 2030; and transition should be as complete as feasible by December 31, 2035. The roadmap recommends standardized hybrid solutions combining classical and quantum-safe algorithms, and a public consultation remained open until September 2025.
Why it matters. This is the EU’s first coordinated, timeline-specific PQC migration document with defined expectations for Member States. The 2030 deadline for critical infrastructure is more aggressive than the US civilian agency framework, where Executive Order 14306 targets TLS 1.3 support by January 2030 but does not mandate full PQC deployment by that date. For organizations operating across both jurisdictions, the EU roadmap may become the binding constraint. The 2026 deadline for initiating national roadmaps will also reveal which Member States have the institutional capacity to begin and which do not. Lithuania’s establishment of a national PQC working group the same month shows at least one Member State moving early.
What remains unclear. The roadmap is a recommendation, not a regulation. Its relationship to enforceable NIS2 obligations remains undefined: will Member State supervisory authorities treat it as an interpretive guide for NIS2 compliance, or will it remain advisory? The document does not specify funding mechanisms for migration, particularly for smaller Member States and for sectors with aging infrastructure. The consultation period closes in September, but there is no published timeline for a Version 2.0.
Who should care. CISOs and compliance officers at critical infrastructure operators across the EU. National cybersecurity authorities responsible for building transition roadmaps. Cryptography and cybersecurity vendors targeting European public-sector procurement. NIS2-regulated entities assessing whether PQC readiness will become an audit criterion.
G7: Kananaskis Common Vision Establishes First Leaders-Level Quantum Commitment
What happened. G7 leaders released the Kananaskis Common Vision for the Future of Quantum Technologies at the summit in Alberta on June 17, under Canada’s G7 presidency. The statement recognizes quantum computing, sensing, and communications as technologies with economic, security, and public-interest consequences. It commits members to encourage public and private investment, support commercialization, workforce development, research security, intellectual property protection, quantum-resilient security measures, and cooperation among national measurement institutes. A G7 Joint Working Group on Quantum Technologies was established with participation from industry, experts, and academia. The International Council of Quantum Industry Associations and UKQuantum issued a joint response noting they had urged quantum prioritization during the G7 in a letter to Canada’s Prime Minister in fall 2024.
Why it matters. This is the first time quantum technologies have been formally addressed at the G7 leaders’ level rather than in ministerial or working-group tracks. The statement’s scope, covering computing, sensing, and communications together, avoids the narrower framing that has characterized some national strategies. The creation of a Joint Working Group provides a standing mechanism for follow-through, though its mandate and resourcing are not specified. For the quantum industry, the ICQIA engagement model, in which a coordinated industry coalition directly influenced the G7 agenda, is worth noting as a template for future policy engagement.
What remains unclear. The statement is a political commitment, not a binding agreement. Whether it translates into coordinated action depends on the Joint Working Group’s agenda and on successor presidencies maintaining quantum as a priority. The statement does not address quantum export controls, supply chain dependencies, or the relationship between G7 members’ quantum ambitions and those of non-G7 states. No funding commitments or specific policy harmonization targets accompanied the vision.
Who should care. National quantum strategy leads in G7 countries and aspiring quantum economies. Industry associations seeking to engage multilateral policy processes. Researchers working on quantum workforce development and measurement standards.
United States: Executive Order 14306 Retains PQC Deadlines but Removes Procurement Triggers
What happened. On June 6, President Trump signed Executive Order 14306, amending the Biden administration’s January 2025 cybersecurity executive order (EO 14144) rather than revoking it. The order retained the finding that a cryptanalytically relevant quantum computer poses a threat to public-key cryptography and preserved National Security Memorandum 10 as the foundational PQC transition directive. Two key deadlines were set: CISA, in consultation with the NSA, must publish a list of PQC-ready product categories by December 1, 2025; and agencies must support TLS 1.3 by January 2, 2030. However, the order removed the provision requiring agencies to mandate PQC in procurement solicitations within 90 days of product category listing, eliminated the directive for agencies to implement PQC key establishment “as soon as practicable,” and struck provisions directing international engagement on PQC standards.
Why it matters. The net effect is that the US federal PQC framework now relies on deadlines, visibility tools (the CISA product list), and agency discretion rather than procurement mandates. For federal contractors and technology vendors, the removal of the 90-day procurement trigger reduces near-term compliance pressure but does not eliminate the market signal: agencies that want PQC can still require it in individual solicitations, and the underlying statutory framework (the Quantum Computing Cybersecurity Preparedness Act and NSM-10) remains intact. The contrast with the EU’s coordinated roadmap, which recommends procurement integration, and with Canada’s federal PQC plan, which explicitly directs departments to incorporate PQC into procurement, highlights a divergence in implementation philosophy among allied governments.
What remains unclear. Whether the CISA product category list, now advisory rather than a procurement trigger, will influence agency buying behavior in practice. How OMB will exercise its role in issuing PQC requirements for civilian systems without the original enforcement mechanism. Whether the removal of international engagement provisions will affect US participation in multilateral PQC standardization, given that NIST standards are already widely adopted globally.
Who should care. Federal IT contractors and cybersecurity vendors selling to US government agencies. CISOs at agencies preparing PQC migration plans. International partners assessing alignment between US and EU PQC transition timelines. Congressional oversight committees tracking executive-branch PQC implementation.
Canada: Federal PQC Roadmap Sets 2031 and 2035 Migration Milestones
What happened. The Canadian Centre for Cyber Security published a Roadmap for the Migration to Post-Quantum Cryptography for non-classified Government of Canada IT systems, effective June 23, 2025. The document assigns roles to the Cyber Centre, Treasury Board Secretariat, Shared Services Canada, and federal departments. Milestones include an initial departmental PQC migration plan by April 2026, annual progress reporting from that date, completion of migration for high-priority systems by the end of 2031, and completion for remaining systems by the end of 2035. Departments are required to identify cryptographic use, incorporate PQC into procurement, and plan for cryptographic agility.
Why it matters. Canada’s roadmap is now among the most specific national PQC migration plans for government systems, sitting alongside the US framework (shaped by NSM-10, OMB M-23-02, and now EO 14306) and the EU coordinated roadmap. The 2031 deadline for high-priority systems is more aggressive than the EU’s 2035 general target but less aggressive than the EU’s 2030 deadline for critical infrastructure. The explicit requirement to incorporate PQC into procurement distinguishes Canada’s approach from the US model under EO 14306, where the procurement mandate was removed. The April 2026 deadline for initial migration plans gives departments less than ten months, which will test institutional readiness.
What remains unclear. Whether “non-classified” scoping means a separate, parallel process exists for classified systems and what agency leads that effort. How Shared Services Canada, which operates shared IT infrastructure for most federal departments, will coordinate migration at the platform level versus the department level. What enforcement mechanisms apply if departments miss the April 2026 planning deadline.
Who should care. Government of Canada IT security officials and procurement teams. Canadian cybersecurity vendors preparing PQC-ready offerings. Allied PQC transition planners comparing timelines across Five Eyes jurisdictions.
European Union: First EuroHPC Quantum Computer Inaugurated in Poland
What happened. The EuroHPC Joint Undertaking inaugurated PIAST-Q in Poznan on June 23, marking the first operational deployment of a EuroHPC quantum computer. PIAST-Q is a laser-based trapped-ion system supplied by Alpine Quantum Technologies (AQT) of Austria, offering 20 physical qubits. The system cost €12.28 million, split equally between EuroHPC JU and the Polish Ministry of Digital Affairs and Ministry of Science and Higher Education. PIAST-Q is the first of eight EuroHPC quantum computers being deployed across Europe, using six different quantum computing architectures. Delivery occurred months ahead of schedule.
Why it matters. The inauguration converts EuroHPC’s quantum computing ambition from procurement into operational reality. The multi-architecture approach, with six different technologies across eight sites, is a deliberate strategy to avoid lock-in and to build comparative knowledge across quantum computing platforms. For the European quantum hardware supply chain, the fact that AQT, an Austrian company, delivered a production system on an accelerated timeline to a Polish national supercomputing center is a concrete data point on intra-European industrial capacity. The ceremony under the Polish Presidency of the Council adds a political signal about new Member States’ role in EU quantum infrastructure.
What remains unclear. At 20 physical qubits, PIAST-Q is a research and education tool rather than a system capable of delivering computational advantage over classical alternatives. EuroHPC has not published detailed access policies, pricing, or expected user volumes for PIAST-Q. The timelines for the remaining seven deployments are not public, and it is unclear whether the ahead-of-schedule delivery here is an indicator of the broader program or an outlier.
Who should care. European quantum computing researchers seeking access to trapped-ion hardware. Quantum hardware vendors competing for future EuroHPC procurement cycles. National governments participating in the remaining seven deployment sites. Policy analysts tracking European technology sovereignty initiatives.
Also in June 2025
French Defense Minister Sebastien Lecornu announced an updated sovereign quantum strategy at France Quantum on June 10, reaffirming priority areas including quantum sensors for navigation and electronic warfare, computing for defense modeling, and QKD for classified communications. The update follows the 2024 award of €500 million in framework agreements to five French startups for universal quantum computer development.
South Korea’s Ministry of Science and ICT designated quantum random number generation (QRNG) technology as a national strategic technology under the Special Act on Fostering National Strategic Technologies, the first time quantum technology received this designation among the 12 major fields. Companies with the designation gain policy financing advantages and eligibility for government programs.
Lithuania’s Ministry of National Defence hosted the first meeting of a national PQC transition working group, bringing together experts from 17 sectors with a mandate to produce a national PQC plan by Q3 2026, making it one of the first EU Member States to begin structured migration planning under the new coordinated roadmap.
Czech Technical University in Prague opened an IBM Quantum Innovation Center funded by the University of Defence, bringing seven Czech universities and the Czech Academy of Sciences into the IBM Quantum Network and deploying IBM quantum-safe cryptography tools for education and defense applications.
Detailed cross-jurisdictional analysis of PQC migration timelines, G7 quantum coordination mechanisms, and EuroHPC deployment progress is available to Quantum Policy Radar subscribers.