Overview
- BSI’s updated TR‑02102‑1 advises migrating from exclusively classical key exchange to post‑quantum or hybrid methods by the end of 2031, with a 2030 target for very high‑protection use.
- The revision spans core protocols and, by favoring hybrid key exchange, effectively deprecates TLS 1.2, which cannot support such combinations.
- The immediate focus is key agreement; other functions follow different schedules, with digital signatures targeted for hybridization in the mid‑2030s.
- Though formally guidance, TR‑02102 is frequently cited by sector rules—including handling of classified information and healthcare (TR‑03161)—giving it de facto regulatory weight.
- BSI highlights the ‘harvest now, decrypt later’ risk as justification, notes that vendors such as Signal, WhatsApp, Chrome, 1Password, NordVPN and Mullvad already offer PQC or hybrids, and provides transition materials to aid migration.