The European Payments Council (EPC) is the primary decision-making body for the European banking industry regarding payments. It carries significant weight when setting the rules by which money is moved digitally, and as a result their voice matters when it comes to transaction security.
The EPC’s 2026 Guidelines on Cryptographic Algorithms Usage and Key Management is a technical manual, offering formal recommendations for payment service providers on the selection of cryptography, particularly with the need for cryptographic agility and secure key lifecycles. It’s a fascinating deep-dive, focusing in Chapter 4 on the quantum threat, and the eventuality of cryptographically relevant quantum computing (CRQC). In summary:
- - Progress in CRQC is advancing significantly
- - Standardized PQC algorithms are required
- - HNDL (Harvest Now Decrypt Later) is a real threat
- - Cryptographic agility is now an essential requirement
- - Establish a comprehensive cryptographic inventory
- - Assess and progressively ensure crypto agility by design
- - Adopt a risk-based approach towards replacing cryptography primitives
This clarity resounds with our approach at PQShield. We’ve developed IP with cryptographic agility at its heart, particularly when it comes to the difficult question of future-proofing systems that need to be in place for the next 10-20 years.
And in the finance sector, the stakes could not be higher. These guidelines are likely to impact security policies, facilitate greater interoperability, and promote future-readiness. The EPC are urging organizations to review current cryptographic strategies and are clearly pushing towards flexible, future-proof solutions such as those offered by PQShield, ahead of the quantum threat.
- Read the full report from the EPC here
- Find out more about PQShield’s PQC solutions
Link to Press Release