BSI Encryption Standards: Germany Sets Deadlines for Post-Quantum Transition

BONN, 12 February 2026 — The Federal Office for Information Security (BSI) has significantly updated its cryptographic guidelines, marking the beginning of the end for traditional encryption methods. As quantum computing capabilities advance, the German cyber security authority has established firm timelines for phasing out classical asymmetric procedures in favour of Post-Quantum Cryptography (PQC).

The Shift to Post-Quantum Cryptography (PQC)

In response to the growing threat posed by quantum computers—which could theoretically break current encryption standards like RSA and ECC (Elliptic Curve Cryptography)—the BSI has issued new directives within its Technical Guidelines (TR). The authority now deems the transition to PQC “without alternative” to ensure long-term data sovereignty.

Key Deadlines for Migration

According to the latest updates released this week, the BSI has outlined a phased withdrawal from classical standards:

• End of 2031: The recommended deadline for the sole use of RSA and Elliptic Curve Cryptography for key agreement (Schlüsseleinigung). After this date, these methods should only be used in hybrid configurations.
• End of 2035: The planned sunset date for the sole use of classical signature procedures.

Understanding the BSI TR-02102 Series

The BSI manages encryption recommendations through the TR-02102 series. These documents serve as the gold standard for German authorities and critical infrastructure (KRITIS) providers to ensure their digital communication remains secure against modern decryption techniques.

Hybrid Encryption: The Intermediate Step

For applications with high-security requirements, the BSI currently recommends a “hybrid approach.” This involves combining a classical algorithm (such as ECC) with a post-quantum algorithm. This ensures that even if one method is compromised, the data remains protected by the other. This strategy is particularly vital for data that must remain confidential for decades, as “harvest now, decrypt later” attacks by state actors remain a primary concern.

Impact on Software and Infrastructure

The BSI is also auditing common software to ensure compliance with these evolving standards. Recent reports indicate a focus on E-mail clients and communication platforms. Furthermore, the Telematics Infrastructure (TI) in the healthcare sector is being updated to align with the “Übergreifende Spezifikation” (Cross-sectional Specification) for cryptographic use, ensuring patient data remains secure against future threats.

Frequently Asked Questions (FAQ)

What is the BSI’s stance on RSA encryption?

The BSI still considers RSA secure for the time being, provided the key lengths are sufficient (typically 3000 bits or higher). However, due to the threat of quantum computers, its sole use for key agreement is only recommended until the end of 2031.

What is Post-Quantum Cryptography (PQC)?

PQC refers to cryptographic algorithms (usually based on mathematical problems like lattice-based cryptography) that are thought to be secure against an attack by a quantum computer. Unlike current standards, these do not rely on the difficulty of factoring large integers or discrete logarithms.

Does this affect private citizens?

While the Technical Guidelines are primarily aimed at federal agencies and critical infrastructure, they set the trend for the entire German IT market. Most commercial software providers (like Microsoft, Google, and SAP) align their encryption modules with BSI recommendations to maintain certification in the German market.

When will quantum computers be able to break current encryption?

While a cryptographically relevant quantum computer (CRQC) does not yet exist, the BSI’s proactive deadlines suggest that the window for safe “classical-only” encryption is closing within the next decade. The 2031 and 2035 deadlines are designed to ensure systems are upgraded before such hardware becomes viable.