Skip to content
Enterprise
🇩🇪 Deutsch 🇬🇧 English 🇫🇷 Français
Start your 90-day trial
Datargo OneEnterprise Single-pane-of-glass cockpit for enterprises. All modules from one source. Learn more
Flagships
Datargo Monitor Availability and security posture. Datargo CRM Support hub for every brand.
Operations & commerce
Datargo ID SSO and MFA for the whole suite. Datargo ERP GoBD-compliant commercial core.
Trust & crypto
NextPKINew Certificate lifecycle, 47-day ready.
Bundle of the month
Reliability Bundle

Datargo Monitor + NextPKI as a single billed package. NIS2 evidence and certificate lifecycle from one cockpit.

Learn more
By outcome
Reliability & security NIS2 evidence from monitoring + incident. Customer service hub Live chat, tickets, multi-brand. Identity & SSO One identity for all modules.
By compliance
NIS2-Evidence Evidence at the press of a button. DORA resilience Financial sector, register of information. ISO 27001 & GoBD Annex A controls and e-invoicing.
By size
Solo & indie team Productive in 5 minutes. Mid-market SSO, audit trail, multi-brand. Enterprise & public sector Hundreds of seats, region pinning.
Sovereignty Kit
NIS2 evidence package

Ready-made Datargo Monitor and Datargo CRM controls, mapped against NIS2 obligations. Start straight into the pilot.

Read the NIS2 whitepaper
Learn
Documentation Module guides, API reference, quick start. Best-practice guides NIS2 setup, multi-brand Datargo CRM, SSO rollout. Blog Release notes, compliance news, roadmap.
Trust
Trust Center Hosting, certificates, sub-processors. Status-Page Live availability of all Datargo modules. Legal & privacy DPA, sub-processor list.
Customers
Customer stories Case studies from finance, public, tech. Partner program System integrators, implementers, MSPs. Events & webinars it-sa, EIC, NIS2 roadshows.
From the cockpit
47-day TLS from 2029

NextPKI is already prepared for the new CA/B Forum reality. Whitepaper and migration guide available now.

Read the whitepaper
Platform Datargo Monitor Datargo CRM Datargo ID Datargo ERP NextPKI
Datargo One Pricing Compliance
Language
🇩🇪 Deutsch 🇬🇧 English 🇫🇷 Français
Start your 90-day trial Book a call
Skip to content
Crypto & PKI

Post-Quantum Cryptography: Why the Migration Starts in 2026, Not 2030

16.09.2025 · 3 min read

With the final NIST standards and 'harvest now, decrypt later', crypto-agility becomes an operational task. A practical start on inventory and phased migration.

Since August 2024, the first three post-quantum standards have been final. NIST published FIPS 203 (ML-KEM, derived from Kyber), FIPS 204 (ML-DSA, from Dilithium) and FIPS 205 (SLH-DSA, from SPHINCS+), concluding an eight-year selection process. Many read the headline, see the frequently cited year 2030 and put the topic back on the shelf. That is a misunderstanding: 2030 is a deadline, not a starting gun.

“Harvest now, decrypt later” makes it urgent

The threat does not wait for the first capable quantum computer. Attackers intercept encrypted traffic today and store it to decrypt later. Anything that must stay protected for a long time is therefore already exposed: contracts, health and HR data, long-lived keys, intellectual property, state and trade secrets. For this data, what matters is not when a quantum computer becomes practical, but how long the data must remain secret.

With CNSA 2.0, the NSA sets 2030 as a mandatory deadline for national security systems. Germany’s BSI has urged early migration and crypto-agility for years. Both describe a target, not a comfortable delay.

Why the migration takes years

Anyone who has tried to inventory their own cryptographic estate knows the problem: nobody knows exactly where which algorithms, keys and certificates are in use. On top of that come dependencies on libraries, hardware, protocols and partners that do not migrate to your schedule. A PQC migration is therefore not a switch but a multi-year programme.

The path is clear in its order:

  • Inventory: make visible where which cryptography sits, including embedded and forgotten usage.
  • Prioritise: the long-lived data first, the data already exposed to the harvest-now risk today.
  • Establish crypto-agility: encapsulate algorithms so they can be swapped without changing the calling system.
  • Pilot hybrid: classical and post-quantum methods in parallel, to test interoperability and performance.
  • Automate and demand: automate renewal and bind suppliers to demonstrable PQC capability.

Crypto-agility is the real lever

The most common mistake is to see PQC as a one-time swap. The algorithms will keep evolving, parameters will be tightened, individual schemes could fall. What remains is the requirement to change algorithms without touching every calling system. Whoever builds in that agility today survives not only the first PQC wave, but the next one too.

In our NextPKI module, exactly this is built in: crypto-agile from the start, RSA, ECDSA and Ed25519 today, post-quantum methods prepared, with policy per tenant. The point itself, though, is independent of any tool, namely to build agility as a property and not as a later migration.

2026 is the year in which inventory and pilot should be in place. Then 2030 is merely the finish line, not a date to fear.

Back to the blog

Datargo Datargo

The European Business Operations Platform. Monitoring, customer service, identity, accounting, and certificates in one sovereign suite. Auditable by design. Made in Germany.

EU hosting, Frankfurt GDPR-native Made in Germany
Platform
  • Datargo One
  • Datargo Monitor
  • Datargo CRM
  • Datargo ID
  • Datargo ERP
  • NextPKI
Solutions
  • Reliability & Posture
  • Customer service hub
  • Identity & SSO
  • Commerce & GoBD
  • Scaling
Compliance
  • NIS2 evidence
  • DORA resilience
  • ISO 27001 mapping
  • GoBD & e-invoicing
  • Sovereignty
Industries
  • Financial services
  • Public sector
  • Health & pharma
  • Industry & TISAX
  • SaaS & tech
Resources
  • Trust Center
  • Documentation
  • Status page
  • Customer stories
  • Partner program
  • Blog
Company
  • Datargo One for enterprises
  • Start your 90-day trial
  • Book a call
  • Contact
  • Careers
© 2026 Datargo GmbH. All rights reserved.
Imprint Privacy Terms DPA SLA Sub-processorsDORA / NIS2
Germany · English

Datargo® and Databurg® are registered trademarks of Datargo GmbH. All other product names, logos, and trademarks mentioned are the property of their respective owners.

Cookies & optional features. Datargo uses technically necessary cookies. Optionally we enable comfort features such as our live-chat support, an in-house Datargo service that processes personal data in the process. You can accept everything or keep only the necessary cookies.

More in the privacy policy