Hybrid PKI Migration Challenges and Solutions

In this study we have categorised the identified challenges for PQC migration of PKIs within four sectors. Many challenges relate to a dependency on external organisations to provide software, hardware, other services, policies or standards. For hardware dependencies, cryptographic agility can prevent vendor lock-ins and its corresponding risks. The same holds for dependencies on service providers, like managed CAs. Unfortunately, no clear solution is available for the strong dependency on the EJBCA open-source software library within the PKI field. Collaboration is likely the most effective way forward. For policies, some guidance has been provided by the European Commission with respect to timelines. Sector-specific policies might differ, but it is best to already start the first steps of migration.