Quantum computers will break the RSA/ECC encryption protecting your systems — and 2025 research cut the resources to break RSA-2048 from ~20M to under 1M qubits. Migration is now mandated (US CNSA 2.0, the EU's hard 2030 deadline, NIST, India's NQM), with the first deadlines already in force. SAMAY ingests your cryptographic inventory and computes the provably optimal, dependency-safe, deadline-compliant roadmap — quarter by quarter.
Open-source · CycloneDX CBOM input · tracks CNSA 2.0, NIST IR 8547, the EU 2030 mandate & India's NQM
The 2026 regulatory landscape
Quantum-safe migration is now mandated across major jurisdictions, with the first compliance dates already in force. The roadmaps SAMAY produces track these mandates.
Regulatory data is human-curated with cited sources. Always verify against your current obligations before relying on these dates.
Software/firmware signing exclusive by 2027; networking by 2030; operating systems, applications & cloud by 2033. NIST IR 8547 deprecates RSA-2048 / ECC-P256 by 2030 and disallows them by 2035.
CNSA 2.0 ↗ NIST IR 8547 ↗A coordinated EU mandate sets a hard 2030 deadline for critical infrastructure (including finance) — five years ahead of the US. Member states begin transition by end-2026.
EU roadmap ↗A national quantum-safe roadmap: critical sectors (defence, telecom, power, government) begin implementation from 2027, with mandatory cryptographic inventories.
National Quantum Mission ↗And the threat is accelerating: only ~5% of enterprises have deployed PQC, while 2025 research cut the estimated cost of breaking RSA-2048 by an order of magnitude (from ~20M to under 1M qubits). The NIST standards are final (FIPS 203/204/205, with HQC added as a fifth algorithm in 2025). “Harvest now, decrypt later” is happening today — data captured now is read the day a quantum computer arrives.
How it works
Your scanner (IBM, Microsoft, SandboxAQ, Wiz…) emits a CBOM — an inventory of every cryptographic asset.
Provide that CBOM. SAMAY reads the assets, their dependencies, and which are quantum-vulnerable.
It computes the provably optimal quarter-by-quarter roadmap under your capacity and deadlines.
Export the plan, brief your team, and defend it to an auditor — it is optimal and meets every mandate by construction.
The planner
Choose a sample estate or upload your own CBOM. SAMAY solves it to proven optimality and contrasts it with the “highest-risk-first” approach most teams use today.
| Quarter | Assets to migrate · why · deadline status |
|---|
The evidence
Across 515 cases solved to proven optimality (the full reproducible study is in the repository):
The transferable result is feasibility: the everyday approach quietly produces roadmaps that miss mandates. The exact risk reduction depends on your estate — so SAMAY computes it for yours.
Built for
CISOs, security architects, and PQC-migration program leads at banks, government agencies, and large enterprises — anyone who must defend a migration plan to an auditor or a board.
Build your roadmap →