FINAL WORD forgeable by quantum computers, but replacing them is far more complex than updating key exchange.
TLS handshakes use multiple signatures, certificate chains are long, and post-quantum signatures tend to be much larger.
NIST has standardised ML-DSA and SLH-DSA for signatures, but wide adoption requires updates to certificate formats, browsers and certificate authorities. We expect the first PQ certificates available in 2026, with broader adoption by 2027.
Where PQC Stands Today
By 2025, PQC entered mainstream deployment. NIST standardised ML-KEM( FIPS 203) for key exchange and ML-DSA / SLH-DSA for signatures( FIPS 204 / 205). ML-KEM is now widely supported in TLS, browsers and operating systems. ML-DSA support in certificates is progressing but not fully integrated. www. intelligentcio. com
INTELLIGENT CIO MIDDLE EAST
63