Data encrypted today could remain sensitive for decades – but may be readable within the next 10–20 years. Germany’s Federal Office for Information Security (BSI) has set a clear direction: classical asymmetric encryption methods should no longer be used on their own after the end of 2031. BSI’s latest guidance on cryptographic methods builds on a 2024 joint statement with partners from 20 EU countries. Together, they urge businesses, critical infrastructure operators, and public authorities to begin the transition to post-quantum cryptography.
Importantly, this is not a reaction to an immediate vulnerability. Today’s encryption is still considered secure. The risk lies in what comes next: the rapid advancement of quantum computers. For companies, this raises the question of whether current or newly selected solutions can meet long-term security requirements.
The move also reflects a broader shift across Europe. While EU-level initiatives outline transition timelines for post-quantum cryptography, national approaches still vary in maturity. In this context, the BSI stands out for providing more concrete timelines and operational direction – making it a useful reference point for organizations across the region.
Why the risk is already relevant: “Harvest now, decrypt later”
Encryption underpins virtually all digital business processes – protecting sensitive data such as customer data, financial information, patient records, court files, contracts, or intellectual property. However, the lifespan of this data can exceed that of the cryptographic methods securing it.
Current estimates suggest that quantum computers may be able to break the mathematical foundations of classical asymmetric cryptography within the next 10–20 years. This includes widely used methods such as RSA and ECC, which underpin many of today’s systems and services.
Even without fully capable quantum computers, the risk is not purely theoretical. The concept of “harvest now, decrypt later” highlights a growing concern: attackers may already be collecting encrypted data and storing it for future decryption once quantum capabilities mature. For data with long confidentiality requirements, this creates a t long-term exposure risk.
Awareness is high, but implementation is lagging
Despite growing awareness, progress at the organizational level remains uneven. A joint survey by BSI and KPMG highlights a clear gap between understanding and action:
- Over 95% of respondents recognize the relevance of quantum computing
- Only about 25% incorporate the associated risks into their risk management
- Only 11% believe they will be able to transition to quantum-safe cryptography in time.
A key challenge is translating this awareness into concrete action – potentially compounded by limited visibility into which cryptographic methods are actually in use across systems and services.

What the BSI recommends
Rather than calling for an immediate overhaul, the BSI's latest guidance (“Cryptographic Methods: Recommendations and Key Lengths”) points toward a gradual transition.
At its core, the guideline signals a clear shift: classical asymmetric encryption is no longer considered sufficient on its own for long-term security. Instead, organizations are expected to move toward hybrid cryptography, combining classical and post-quantum methods. In practice, this means using multiple algorithms in parallel – for example in key exchange or key derivation – so that security remains intact even if one approach is later compromised.
Closely linked to this is crypto agility. Systems should be designed so that cryptographic algorithms can be replaced with reasonable effort, enabling organizations to adapt as standards evolve.
In summary:
- After 2031: classical asymmetric encryption should not be used on its own.
- Going forward: adopt hybrid approaches
This does not mean that all existing systems must be replaced immediately. Hybrid models allow organizations to maintain compatibility while gradually integrating quantum-resistant algorithms.
What this means for companies and vendor selection
For companies, the update is less a call to act immediately and more a signal of where encryption standards are heading. It shifts attention to the cryptographic foundations of digital services – especially in areas like cloud storage, secure collaboration, and data exchange, where encryption is deeply embedded.
As a result, encryption is becoming a more visible decision criterion – not only for IT and security teams, but also for compliance and procurement. Key questions that are likely to gain importance include:
- Which cryptographic methods are used by a provider?
- Is there a roadmap toward post-quantum or hybrid encryption?
- How transparently does the provider communicate its approach?
- How adaptable are systems to future cryptographic changes?
Beyond features, usability, and sovereign cloud capabilities, it increasingly matters whether providers are continuously evolving their cryptographic approaches and preparing for future standards.
For a closer look at how post-quantum standards are developing, this overview highlights what decision-makers should know.
Conclusion
The BSI’s recommendations highlight that encryption is not a static security component. What is considered secure today must be reassessed in light of emerging technological developments. For companies, this is a clear signal to evaluate the long-term resilience of their data protection strategies before future risks become present-day challenges.
Tresorit is already preparing for the transition to post-quantum cryptography. Learn more about its robust security architecture.
Brigitta Finta
View more articles from this author



