On October 21, quantum leaders gathered in London for a hands-on discussion on post-quantum readiness as part of DigiCert’s World Quantum Readiness Workshop series. The focus: what enterprises can implement now.

From building cryptographic inventories to automating TLS certificates and preparing applications for new post-quantum cryptography (PQC) standards, the discussion centered on practical steps forward. The energy in the room—and the connections made—showed that organizations are ready to turn plans into action.

What we covered (and why it matters)

Martin R. Albrecht, Chair of Cryptography | King’s College

The workshop opened with Martin R. Albrecht, Chair of Cryptography at King’s College London, outlining the path to PQC adoption and the computer science realities behind it. Beyond the math, the journey to implementation comes down to bigger keys and signatures, protocol support, and the added complexity of hybrid approaches. 

Martin’s takeaway was clear: Plan ahead, stay aligned with NIST recommendations, pressure-test systems for larger artifacts, and treat “hybrid forever” as a stepping stone, not an end state.

Leon Molchanovsky, Post-Quantum Lead | HSBC

HSBC’s Post-Quantum Lead, Leon Molchanovsky, made the case that an executive-endorsed, usable, and living cryptographic inventory is the foundation for any migration. It starts with knowing which algorithms, keys, and protocols you run—where they live, who owns them, and how critical they are to the business. 

Leon outlined practical challenges like heterogeneous sources, third-party dependencies, and blind spots, along with the most important inventory principles: secure executive sponsorship, scale through automation, capture context, and design for actionable insights.

Romana Hamplová, Data Security Consultant Lead | Thales

The talks wrapped up with a unique perspective on crypto-agility from Romana Hamplová, Data Security Consultant Lead at Thales. She emphasized why PKI, certificate lifecycle management (CLM), and strong key management should sit alongside code signing. With policy-driven encryption and HSM-backed abstractions, organizations can swap algorithms without refactoring applications, moving crypto changes out of the application code path. 

The TLS validity countdown: A forcing function for the PQC journey

Independently of PQC, the CA/B Forum has approved a step-down to shorter TLS certificate lifetimes: 200 days as of March 15, 2026; 100 days in 2027; and 47 days by March 15, 2029, with tighter limits on validation data reuse. This was a hot topic in the room, as it makes automation non-negotiable.

The guidance is straightforward: If you can automatically discover, renew, and deploy certificates at 200 days—and later at 47 days—you’re building the same muscle needed to rotate algorithms, keys, and policies during any PQC rollout. DigiCert’s automation capabilities in Trust Lifecycle Manager address exactly this shift, enabling inventory, policy enforcement, and API/ACME-driven issuance and renewal across web servers, load balancers, cloud endpoints, and more.

Key takeaways from the workshop

The London workshop surfaced three clear priorities for teams accelerating their quantum and cryptographic readiness:

• Inventory is your accelerant. Establish a single “golden source” of cryptographic assets and owners. Include suppliers, and capture context like asset criticality, vulnerabilities, and regulatory ties.

• Automate the routine to enable the hard. Humans can’t sustainably manage 200- or 47-day certificate lifecycles—put renewals and installations on automation rails now.

• Design for swapability. Prioritize PKI + CLM + HSM patterns and policy-driven encryption so you can change algorithms without rebuilding applications.

Actions to take before March 15, 2026

Readiness means acting now. Here are three practical steps to accelerate your journey:

1. Run a cryptographic inventory sprint: Catalog where cryptography is used, who owns it, and what’s at risk if you change it. Use these findings to prioritize PQC-sensitive systems.
2. Turn on automation where TLS lives today: Start with ACME/API enrollment and policy-enforced renewals for internet-facing services, extending to private PKI as needed.
3. Pilot PQC-ready patterns: Validate protocol support for larger keys and signatures, and test hybrid modes where required—keeping a clear path to PQ-only operations.

True readiness will come from aligning a PQC-aware inventory with certificate automation built for 200- and 47-day lifetimes—a foundation that ensures compliance in 2026, resilience in 2029, and preparedness for what comes next.

Watch DigiCert's World Quantum Readiness Day on-demand for more insight into post-quantum readiness. And keep an eye out for our next PQC Readiness Workshop to join the debate.