Release Notes

What's new in v2.95.0 — features, fixes, and improvements

View

About PQC Today

v2.95.0

PQCToday — Public Vision

Preparing the world for the quantum cryptographic transition

The algorithms that protect your data today — RSA, ECC, the cryptography behind TLS, SSH, and every digital signature you have ever trusted — will be broken by quantum computers. The question is not whether. The question is when, and whether the world will be ready.

We are not ready. Most organisations do not know which systems are vulnerable. Most practitioners have never practiced post-quantum cryptography hands-on. The tools to learn, assess, and migrate exist — but they are scattered, vendor-biased, or inaccessible to the people who need them most.

PQCToday exists to close that gap.

What we are building

PQCToday is a neutral, community-governed platform providing independent education, hands-on simulation, and migration guidance for the global post-quantum cryptography transition.

We run real cryptographic reference implementations — including SoftHSMv3, an experimental open source PKCS#11 v3.2 HSM with NIST PQC algorithm support — directly in your browser. No installation. No cloud account. No data leaving your device.

We cover every domain the transition touches: TLS, SSH, email, PKI, HSM key management, 5G authentication, digital identity, blockchain, IoT, and the regulatory frameworks — NIST, ETSI, DORA, NIS2, NSM-10, ANSSI — that are setting the deadlines.

Our Business Center provides 14 interactive planning tools for executives and compliance teams — ROI calculators, RACI builders, vendor scorecards, policy generators, deployment playbooks, and audit checklists — all adapting to your industry, geography, and regulatory context.

48 learning modules14 business planning tools14-step risk assessment385+ migration catalogPKCS#11 v3.2 simulatorFIPS 203 / 204 / 205AI assistant — runs locallyZero data collected

Our founding principles

Worldwide

Not US-centric. NIST, ETSI, GSMA, ANSSI, ASD — all regulatory frameworks treated equally.

Transparent

Open source. GitHub-governed. Every correction, contribution, and decision is publicly auditable.

Neutral

No vendor relationships. No commercial bias. We do not take sides — we provide data so you can.

Private by design

No registration. No data collection. Processing runs on your device. We never know you visited.

Free at the core

Access to knowledge must not be gated. The community edition is free. Always.

Community governed

PQC practitioners set the roadmap. The platform serves the community, not the other way around.

What we are not

Not a vendor

We have no commercial relationships with HSM, cloud, or security vendors. Our content is not for sale.

Not a standards body

We reference and empower NIST, ETSI, ANSSI, and GSMA. We do not replace them.

Not a surveillance platform

We collect zero user data. We do not know who you are. We never will.

Not US-only

The quantum transition is a global challenge. Our platform is designed for every regulatory environment.

“We seek the endorsement and support of existing standards bodies and PQC experts. We aim to empower these bodies rather than replace them — and to enable them to simplify and improve the deployment of quantum-safe best practices worldwide.”

Who this is for

Every organisation that processes sensitive data has a quantum exposure problem — whether they know it yet or not. Governments. Banks. Hospitals. Telecoms. Manufacturers. The practitioner who needs to understand ML-KEM before their next architecture review. The CISO who needs to explain quantum risk to their board. The engineer who needs to practice PKCS#11 v3.2 operations before touching production.

PQCToday is built for all of them. The platform adapts to your role, your industry, your regulatory environment, and your proficiency level — and it does so without asking you to register, share data, or trust us with anything except your time.

The open source foundation

PQCToday is built on open source. Our platform code, our cryptographic simulators, and our community corpus are all publicly available. SoftHSMv3 — an experimental PKCS#11 v3.2 HSM implementation at the heart of our simulator — is a standalone open source project available on GitHub and npm, free for anyone to use in their own applications.

We believe the infrastructure for PQC migration training should be open, auditable, and independent of any single organisation's interests. That belief is not a marketing position. It is the architecture.

The timeline is not optional

NIST published its first post-quantum cryptographic standards in 2024. US federal agencies are under NSM-10 migration mandates. European financial institutions face DORA Article 9 cryptographic control requirements. The window for “we will think about it later” has closed.

The organisations that begin their cryptographic inventory, upskill their teams, and start their migration planning now will complete the transition on their terms. Those that wait will complete it under regulatory pressure, in crisis mode, with less time and more risk.

PQCToday exists to make sure the knowledge and tools needed for that transition are available to everyone — for free, without conditions, without a sales conversation, and without compromising the privacy of the people who need them.

Connect: Eric Amador on LinkedIn

Transparency & Disclaimer

WIP

PQC Today is a community-driven educational platform built to help professionals understand and prepare for the post-quantum cryptography transition.

  • This website has not received endorsement from the organizations, standards bodies, or government agencies referenced in its content
  • All information is sourced from publicly available resources on the internet
  • Significant effort has gone into ensuring accuracy through thorough automated and manual verification processes, but the content may still contain inaccuracies
  • We are actively working to collaborate with authoritative organizations and domain experts to cross-validate and continuously improve the quality of this content
  • Industry leaders featured on this platform are included only with their written consent

If you represent a cited organization, are a domain expert, or simply want to help improve the accuracy of this platform, we welcome your involvement:

GitHub DiscussionsEric Amador

Google Drive Sync — Privacy Terms

The optional Sync to Google Drive feature allows you to back up and restore your progress across devices. Here is exactly what happens when you use it:

  • No personal data is collected. We do not request your name, email address, or profile picture. The consent screen only asks for access to your Google Drive app data folder.
  • Your data stays in your account. All progress data is saved to a hidden file in your own Google Drive — not on any server we own or control. Only you can access it.
  • No identity is transmitted. The Google access token (used to write to your Drive) is stored only in browser memory and is never sent to our servers. It disappears when you close the tab.
  • No API keys are synced. Your Gemini or other AI provider API keys are explicitly excluded from the sync payload and remain local to your device at all times.
  • Full user control. You can sign out at any time from the home page. You can permanently delete the sync file via Google Drive settings → Manage apps → PQC Today → Delete hidden app data.
  • This feature is optional. The app works fully without signing in. Declining or revoking access has no effect on any other functionality.

The scope requested is https://www.googleapis.com/auth/drive.appdata — the least-privileged Drive scope. It grants access only to a hidden app-specific folder and cannot read, modify, or delete any of your regular Drive files.

Community

Join the conversation on GitHub Discussions

Contribute

I need your help to improve pqctoday.com

PQC News

Share general information about PQC

Platform Data

Curated datasets powering every page

203
Timeline Events
80+ orgs, 50+ countries
325
Library Resources
30+ standards bodies
46
Algorithm Reference
FIPS 203/204/205/206
91
Compliance Frameworks
NIST, ACVP, CC, ANSSI
385
Migrate Products
7 infrastructure layers
79
Threat Landscape
8+ industry sectors
181
Industry Leaders
Public, Private, Academic
820
Quiz Questions
All PQC topic areas
88
Authoritative Sources
Gov, Academic, Industry
48
Learning Modules
2,400+ min of content
2,200+total curated records
Compliance data refreshed weekly

Security Audit

Last audited: March 22, 2026

0 vulnerabilities (production and dev)

All dependencies — runtime and development — have zero known CVEs. Verified via npm audit in CI on every push.

OWASP Top 10 compliant

  • No dangerouslySetInnerHTML, eval(), or innerHTML in production code
  • All 118 external links protected against tabnabbing (rel="noopener noreferrer")
  • No hardcoded secrets — all credentials via environment variables
  • Content Security Policy configured with scoped connect-src whitelist
  • ESLint security plugin active in CI

Open Source License

PQC Today is open source software released under the GNU General Public License v3.0 (GPLv3).

You are free to copy, distribute, and modify this software, provided that any modifications are also released under the same license terms. This ensures that the project remains free and accessible to the PQC community.

View Full LicenseView GitHub Repository

Cryptography Buff

Curated websites and essential reading

AI Technology Acknowledgment

This site is developed, documented, validated and deployed using advanced AI technologies including Google Antigravity, ChatGPT, Claude AI, Perplexity, and Gemini Pro. While the presented information has been manually curated, it may still contain inaccuracies.

Appearance

Choose your preferred color scheme.