DEP – Standardisation and awareness of the European transition to post-quantum cryptography

Between the Deployment Actions in the area of Cybersecurity (DIGITAL-ECCC-2024-DEPLOY-CYBER-06), we found this call for the Standardisation and awareness of the European transition to post-quantum cryptography
Call for Proposal Grant.
Programme: Digital Europe Programme (DIGITAL).
Status: Open for submission.
Expected Outcome:
Outcomes and deliverables
  • Contributions to European and international standards and regulations in PQC
  • Workshops, white papers and other activities to support synergies between different sectors transition to PQC
  • A European PQC migration roadmap, which can be the basis for sector-specific roadmaps
  • Actions supporting the European PQC community
  • Development of standards for hybrid cryptographic systems (pre- and postquantum encryption systems) for encryption, key encapsulation mechanisms, digital signatures, etc. and for the PQC integration in the existing digital infrastructure .
  • Support for participation of relevant European experts in European and international cross-topical standardisation bodies in order to integrate PQC whenever new cryptographic standards are developed or existing ones are updated especially for critical sectors like energy, transport, health, and finance.
Proposals should aim to strengthen Europe’s efforts on the transition to PQC by supporting European and international standardisation activities, delivering a comprehensive European PQC industrial migration roadmap and raise awareness regarding PQC endeavours. This should be achieved in particular through the following strategic actions:
  • Organisation of events, workshops, stakeholder consultations, and production of white papers to fostering the development of harmonised standards on PQC.
  • Support for participation of relevant European experts in European and international standardisation fora relating to PQC.
  • Community-Based PQC Migration Roadmap: Foster a collaborative process involving research and industry stakeholders to formulate a robust European PQC migration roadmap, which can be the basis for sector-specific roadmaps.
  • Widespread Dissemination of PQC Outcomes: Promote broad awareness and understanding of European PQC achievements through extensive dissemination efforts spanning various platforms, including social media. This includes outreach events and structured dialogues with the general public, exploring ethical and societal dimensions of PQC, especially in terms of privacy, security, public trust, and acceptance.
  • Research Dissemination Services: Provide specialised dissemination services targeting relevant communities, such as European cybersecurity providers and users, effectively sharing research insights.
  • Identifying Training and Infrastructure Needs: Identify crucial requirements for training, education, and infrastructure to advance PQC development.
Proposals are expected to engage in concrete standardisation efforts within both European and international standardisation forums, where PQC will play a pivotal role in the near future and where progress in standardisation will augment existing cybersecurity capabilities and create a competitive edge upon Europe. Also, in alignment with projects resulting from the topic “Transition to Quantum-Resistant Cryptography” (call HORIZON-CL3-2022-CS-01-03) and the topic Deployment of Post-Quantum Cryptography (PQC) systems in industrial sectors (in this work programme), the proposals will incorporate practical strategies to coordinate and synergise European research and innovation endeavours with PQC standardisation initiatives.
To this end, proposals should establish a proactive presence and take on leadership roles in orchestrating and shaping international standards and regulations for PQC. This can either be in existing standardisation activities and bodies or, where relevant, by contributing to creating new standardisation activities in existing groups and/or creation of new groups.
Proposals should cultivate a cohesive European PQC community, fostering collaboration among academic and industrial stakeholders, and engage in a structured dialogue on various fora. This will entail harmonising activities across European, national, and regional programs and projects, and pave the way for synergetic innovation efforts in PQC to help unlock use-cases for practical cybersecurity applications in Europe.
Proposals should bring together key stakeholders across the entire PQC value chain. This holistic approach should encompass researchers, standardisation experts and representatives from industry sectors. A comprehensive outline should be provided in the proposal, detailing the stakeholders to be engaged and the methodologies to efficiently coordinate their efforts at the European level in order to achieve impactful outcomes that effectively promote European interests in PQC standardisation.
Furthermore, the proposals will strive to establish constructive dialogues with international PQC programmes and promote international cooperation activities. Emphasis should be placed on collaborative exchanges between key international participants, including the EU and countries such as the USA, exploiting complementary strengths and challenges and fostering mutually beneficial outcomes in standardisation efforts.
This action aims at supporting stakeholders dealing with technologies that will be used to protect the cybersecurity of critical industrial assets with a new paradigm that is set to be a game changer in encryption. The control of such tools is of utmost importance for governments and industry alike, as they could be exploited by malicious actors. As such, they must be protected against possible dependencies and vulnerabilities in cybersecurity to pre-empt foreign influence and control. Participation of non-EU entities entails the risk of highly sensitive information about security infrastructure, risks and incidents being subject to legislation or pressure that obliges those non-EU entities to disclose this information to non-EU governments, with an unpredictable security risk. Therefore, based on the outlined security reasons, the actions relating to these technologies are subject to Article 12(5) of Regulation (EU) 2021/694.
€ 750 000