About PQC Today

v4.15.0

PQCToday — Public Vision

Preparing the world for the quantum cryptographic transition

The algorithms that protect your data today — RSA, ECC, the cryptography behind TLS, SSH, and every digital signature you have ever trusted — will be broken by quantum computers. The question is not whether. The question is when, and whether the world will be ready.

We are not ready. Most organisations do not know which systems are vulnerable. Most practitioners have never practiced post-quantum cryptography hands-on. The tools to learn, assess, and migrate exist — but they are scattered, vendor-biased, or inaccessible to the people who need them most.

PQCToday exists to close that gap.


What we are building

PQCToday is a neutral, community-governed platform providing independent education, hands-on simulation, and migration guidance for the global post-quantum cryptography transition.

We run real cryptographic reference implementations — including SoftHSMv3, an experimental open source PKCS#11 v3.2 HSM with NIST PQC algorithm support — directly in your browser. No installation. No cloud account. No data leaving your device.

We cover every domain the transition touches: TLS, SSH, email, PKI, HSM key management, 5G authentication, digital identity, blockchain, IoT, and the regulatory frameworks — NIST, ETSI, DORA, NIS2, NSM-10, ANSSI — that are setting the deadlines.

Our Command Center provides 34 interactive planning tools for executives and compliance teams — ROI calculators, RACI builders, vendor scorecards, policy generators, deployment playbooks, and audit checklists — all adapting to your industry, geography, and regulatory context.

62 learning modules34 business planning tools13-step risk assessment800+ migration catalog1,600+ PQC patentsPKCS#11 v3.2 simulatorFIPS 203 / 204 / 205AI assistant — local or cloudZero data collected

Our founding principles

Worldwide

Not US-centric. NIST, ETSI, GSMA, ANSSI, ASD — all regulatory frameworks treated equally.

Transparent

Open source. GitHub-governed. Every correction, contribution, and decision is publicly auditable.

Neutral

No vendor relationships. No commercial bias. We do not take sides — we provide data so you can.

Private by design

No registration. No data collection. Processing runs on your device. We never know you visited.

Free at the core

Access to knowledge must not be gated. The community edition is free. Always.

Community governed

PQC practitioners set the roadmap. The platform serves the community, not the other way around.


What we are not

Not a vendor

We have no commercial relationships with HSM, cloud, or security vendors. Our content is not for sale.

Not a standards body

We reference and empower NIST, ETSI, ANSSI, and GSMA. We do not replace them.

Not a surveillance platform

We collect zero user data. We do not know who you are. We never will.

Not US-only

The quantum transition is a global challenge. Our platform is designed for every regulatory environment.


“We seek the endorsement and support of existing standards bodies and PQC experts. We aim to empower these bodies rather than replace them — and to enable them to simplify and improve the deployment of quantum-safe best practices worldwide.”


Who this is for

Every organisation that processes sensitive data has a quantum exposure problem — whether they know it yet or not. Governments. Banks. Hospitals. Telecoms. Manufacturers. The practitioner who needs to understand ML-KEM before their next architecture review. The CISO who needs to explain quantum risk to their board. The engineer who needs to practice PKCS#11 v3.2 operations before touching production.

PQCToday is built for all of them. The platform adapts to your role, your industry, your regulatory environment, and your proficiency level — and it does so without asking you to register, share data, or trust us with anything except your time.


The open source foundation

PQCToday is built on open source. Our platform code, our cryptographic simulators, and our community corpus are all publicly available. SoftHSMv3 — an experimental PKCS#11 v3.2 HSM implementation at the heart of our simulator — is a standalone open source project available on GitHub and npm, free for anyone to use in their own applications.

We believe the infrastructure for PQC migration training should be open, auditable, and independent of any single organisation's interests. That belief is not a marketing position. It is the architecture.


The timeline is not optional

NIST published its first post-quantum cryptographic standards in 2024. US federal agencies are under NSM-10 migration mandates. European financial institutions face DORA Article 9 cryptographic control requirements. The window for “we will think about it later” has closed.

The organisations that begin their cryptographic inventory, upskill their teams, and start their migration planning now will complete the transition on their terms. Those that wait will complete it under regulatory pressure, in crisis mode, with less time and more risk.

PQCToday exists to make sure the knowledge and tools needed for that transition are available to everyone — for free, without conditions, without a sales conversation, and without compromising the privacy of the people who need them.


Connect: Eric Amador on LinkedIn

Release Notes

What's new in v4.15.0 — features, fixes, and improvements

Deployed: Jul 9, 2026, 7:44 PM CDT

View

Transparency & Disclaimer

WIP

PQC Today is a community-driven educational platform built to help professionals understand and prepare for the post-quantum cryptography transition.

  • This website has not received endorsement from the organizations, standards bodies, or government agencies referenced in its content
  • All information is sourced from publicly available resources on the internet
  • Significant effort has gone into ensuring accuracy through thorough automated and manual verification processes, but the content may still contain inaccuracies
  • We are actively working to collaborate with authoritative organizations and domain experts to cross-validate and continuously improve the quality of this content
  • Industry leaders featured on this platform are included only with their written consent

If you represent a cited organization, are a domain expert, or simply want to help improve the accuracy of this platform, we welcome your involvement:

Google Drive Sync — Privacy Terms

The optional Sync to Google Drive feature allows you to back up and restore your progress across devices. Here is exactly what happens when you use it:

  • No personal data is collected. We do not request your name, email address, or profile picture. The consent screen only asks for access to your Google Drive app data folder.
  • Your data stays in your account. All progress data is saved to a hidden file in your own Google Drive — not on any server we own or control. Only you can access it.
  • No identity is transmitted. The Google access token (used to write to your Drive) is stored only in browser memory and is never sent to our servers. It disappears when you close the tab.
  • No API keys are synced. Your Gemini or other AI provider API keys are explicitly excluded from the sync payload and remain local to your device at all times.
  • Full user control. You can sign out at any time from the home page. You can permanently delete the sync file via Google Drive settings → Manage apps → PQC Today → Delete hidden app data.
  • This feature is optional. The app works fully without signing in. Declining or revoking access has no effect on any other functionality.

The scope requested is https://www.googleapis.com/auth/drive.appdata — the least-privileged Drive scope. It grants access only to a hidden app-specific folder and cannot read, modify, or delete any of your regular Drive files.

Platform Data

Curated datasets powering every page

249
Timeline Events
80+ orgs, 37 countries
688
Library Resources
30+ standards bodies
98
Algorithm Reference
FIPS 203/204/205 (+206 draft)
170
Compliance Frameworks
NIST, ACVP, CC, ANSSI
838
Migrate Products
9 infrastructure layers
110
Threat Landscape
8+ industry sectors
332
Industry Leaders
Public, Private, Academic
909
Quiz Questions
All PQC topic areas
187
Authoritative Sources
Gov, Academic, Industry
62
Learning Modules
2,800+ min of content
1647
PQC Patents
USPTO, EPO, WIPO
5,000+total curated records
Compliance data refreshed weekly

Security Audit

Last audited: June 21, 2026

0 vulnerabilities (production and dev)

All dependencies — runtime and development — have zero known CVEs. Verified via npm audit in CI on every push.

OWASP Top 10 compliant

  • No dangerouslySetInnerHTML, eval(), or innerHTML in production code
  • Every external link protected against tabnabbing (rel="noopener noreferrer")
  • No hardcoded secrets — all credentials via environment variables
  • Content Security Policy configured with scoped connect-src whitelist
  • ESLint security plugin active in CI

Open Source License

PQC Today is open source software released under the GNU General Public License v3.0 (GPLv3).

You are free to copy, distribute, and modify this software, provided that any modifications are also released under the same license terms. This ensures that the project remains free and accessible to the PQC community.

Cryptography Buff

Curated websites and essential reading

AI Technology Acknowledgment

This site is developed, documented, validated and deployed using advanced AI technologies including Google Antigravity, ChatGPT, Claude AI, Perplexity, and Gemini Pro. While the presented information has been manually curated, it may still contain inaccuracies.

Appearance

Choose your preferred color scheme.

Pick a starting point

Tell us a bit about your role and we will route you to the page that fits you best — takes about 30 seconds.

Find my starting point