— May 16, 2026 · 10 min read
Post-quantum cryptography applied to EDI: 2026 roadmap
NIST published its first three post-quantum cryptography standards on 13 August 2024. For EDI architects, this starts a transition that will span the decade: AS2 and AS4 rely on RSA and ECDSA, whose resistance collapses against a cryptographically relevant quantum computer (CRQC). This article frames the roadmap.
Why quantum changes the game
Cryptographic algorithms used in modern EDI (RSA, ECDSA, ECDH) derive their security from mathematical problems considered intractable on a classical computer: large-integer factorisation (RSA), discrete logarithm over elliptic curves (ECDSA/ECDH). Shor's algorithm, published in 1994, proves that a sufficiently large quantum computer could solve both problems in polynomial time — hollowing out classical asymmetric cryptography.
No cryptographically relevant quantum computer exists at the time of this article, and serious estimates place their emergence at 10-20 years minimum. But the threat is immediate: data encrypted today and intercepted can be stored and decrypted later ("harvest now, decrypt later"). For EDI flows with long-lasting value (contracts, intellectual property, medical data over 30+ years), PQC transition is urgent even without an operational CRQC.
Impact on AS2 (RFC 4130 / RFC 6362)
AS2 relies on S/MIME for message encryption and signature. Certificates used are standard X.509, usually signed with RSA-2048 or RSA-3072 and presenting RSA public keys for session encryption. PQC transition will involve:
- Hybrid certificates: first step, certificates containing both a classical public key (RSA/ECDSA) and a post-quantum key (ML-DSA). ACME and public CAs have been experimenting with this pattern since 2024.
- S/MIME PQ evolution: IETF is working on post-quantum S/MIME extensions (drafts in progress in the LAMPS WG), with ML-KEM for key encapsulation and ML-DSA for signature. No consolidated RFC to date.
- Gateway compatibility: OpenSSL, BoringSSL and Bouncy Castle libraries have started integrating ML-KEM and ML-DSA in their development branches over 2024-2025. Commercial AS2 gateways will likely follow in 2026-2028.
Impact on AS4 (OASIS ebMS 3.0)
AS4 uses WS-Security for signature and encryption, relying on XML-DSig and XML-Encryption. The PQC trajectory here is similar to AS2 but more complex: WS-Security accepts a broader algorithm range, and integrating ML-DSA in XML-DSig requires XML-Sec standard extensions. The PEPPOL eDelivery profile, which specifies AS4 BIS, will need to publish explicit recommendations for access points regarding PQC migration.
PKI and certificate infrastructure
The major challenge of PQC transition is not algorithmic but infrastructural. A large-scale switch involves:
- Certificate authority updates: each intermediate and root CA must be able to issue PQC certificates. Current roots (DigiCert, GlobalSign, Sectigo, IdenTrust for the AS2 context and PEPPOL Authority for access points) have published PQC roadmaps stretching to 2030.
- Key and signature size management: ML-KEM-768 produces 1184-byte public keys and 1088-byte ciphertexts, versus 256-384 bytes for ECDSA P-256. Very-high-frequency EDI transactions will need to evaluate impact on latency and bandwidth.
- Certificate lifecycle: current EDI contracts typically plan renewals at 1-3 years. PQC transition will likely shorten this cycle for 2-3 years, the time it takes for the ecosystem to stabilise libraries and profiles.
Practical roadmap 2026-2030
For an EDI vendor or integrator, the reasonable sequence:
- 2026 — inventory: map cryptographic algorithms used in production (certificate signature, session encryption, payload signature), identify underlying libraries, and list partner contracts requiring a specific algorithm.
- 2026-2027 — sandbox: test ML-KEM/ML-DSA implementations in an isolated environment, on PQ-enabled BoringSSL/OpenSSL forks (notably via the Open Quantum Safe project). Measure latency and size impacts.
- 2027-2028 — hybrid: deploy hybrid certificates with CAs that allow it, starting with non-critical flows.
- 2028-2030 — production PQ-only: switch to PQ-only certificates progressively, aligned with root CA evolution and IETF standards.
Conclusion: a decade of transition
Post-quantum cryptography is no longer a prospective topic: NIST standards published in August 2024 frame an industrial trajectory that will commit the EDI ecosystem for ten years. The 2026 urgency is not to migrate in production — the ecosystem is not ready — but to map the existing situation and measure the cost of cryptographic agility in product code. Vendors neglecting this topic in 2026-2027 will pay the price of a poorly-prepared migration in 2029-2030.
To dig further, the article on modern AS2, AS4 and OFTP2 protocols details current cryptographic foundations, and the AS2 standard page specifies supported algorithms.