The Charter of Trust is a non-profit alliance of global companies that are thought leaders and pioneer practitioners in cybersecurity and digital trust.

The Charter of Trust has launched its Cyber Deterrence Working Group to address a central gap in today’s cybersecurity landscape: the disconnect between strong defensive investments and the persistent economic attractiveness of cybercrime. The group brings together industry partners to develop and validate practical deterrence methods that raise attacker cost and risk across sectors and borders.

The transition to post-quantum cryptography is not a future problem — it is a present one. The threat of adversaries harvesting encrypted data today for decryption once quantum computing matures means that organizations with long-lived data and systems are already exposed. Waiting for cryptographically relevant quantum computers to arrive before acting is not a viable risk management strategy.



Exposure is not uniform across sectors. Financial services, government and defense, operational technology, and healthcare face the sharpest quantum risk, driven by decades-long data retention obligations, slow system replacement cycles, and the societal consequences of cryptographic failure. For these sectors, PQC readiness has moved from best practice to strategic imperative.



Globally, the direction of travel is clear. The United States, European Union, United Kingdom, Singapore, and Australia have each established structured PQC transition frameworks, with mandatory deadlines converging around the late 2020s and 2030. Organizations operating across jurisdictions should expect compounding compliance requirements and align migration plans accordingly.



At the same time, the geopolitical dimension of PQC standardization is becoming increasingly salient. The emergence of a “splinternet” infrastructure, characterized by regionally fragmented digital ecosystems, suggests that cryptographic standards diverge along political and strategic lines. As a result, organizations must not only manage technical migration but also navigate a politically charged landscape in which interoperability, regulatory alignment, and long-term cryptographic agility become critical strategic considerations.



This paper offers a comparative overview of regional PQC transition frameworks and identifies the business and systemic risks associated with quantum-vulnerable cryptography, providing insights for organizations preparing for the transition to post-quantum cryptography. Overall, PQC migration is a strategic transformation, not a technical patch. Cryptographic inventory, governance structures, crypto-agility, and supply chain engagement are as central to success as algorithm selection — and organizations that treat PQC readiness as an architectural and organizational challenge will be best positioned as quantum risks continue to mature.

On February 13, the Charter of Trust hosted its annual Thematic Dinner on the sidelines of the Munich Security Conference. This year’s discussion focused on "Rethinking Cyber Trust: Building Resilience in the Age of AI".

Leading transatlantic voices from government, military, industry, law enforcement, and cybersecurity came together for a critical discussion on the evolving threat landscape. Key themes emerged:
o the urgent need for harmonized regulation,
o the reality that it takes networks to defend networks,
o and the recognition that energy infrastructure represents our next major cyber risk frontier as AI drives exponential growth in energy consumption.

A powerful reminder that there is no security without cybersecurity, and no cybersecurity without active cyber defense. The path forward requires accelerated standards development, stronger public-private information sharing, and moving from reactive postures to coordinated defense strategies.

We are grateful for the engaged dialogue and look forward to continued collaboration as we work together to build cyber resilience in the age of AI.