NIST IR 8547, explained: the post-quantum transition timeline
NIST IR 8547 is the U.S. government's roadmap for retiring quantum-vulnerable cryptography — it puts RSA, ECDSA, ECDH, EdDSA and finite-field DH on a clock: deprecated after 2030, disallowed after 2035.
If a customer, auditor, or federal buyer has started asking about your "post-quantum readiness," NIST IR 8547 is usually the document behind the question. Here's what it actually says and what to do about it.
What it is
NIST Internal Report 8547, "Transition to Post-Quantum Cryptography Standards," is NIST's guidance for migrating off the algorithms a quantum computer will break and onto the new standards finalized in August 2024: ML-KEM (FIPS 203) for key establishment, and ML-DSA (FIPS 204) / SLH-DSA (FIPS 205) for signatures. The initial public draft landed in November 2024.
The timeline that matters
The headline is a two-step phase-out for quantum-vulnerable public-key algorithms (RSA, ECDSA, ECDH, EdDSA, finite-field DH/MQV):
- Deprecated after 2030 — allowed, but discouraged; you should be actively migrating.
- Disallowed after 2035 — not permitted for protection of federal information.
2035 sounds far off, but migrations of this size take years, and "harvest now, decrypt later" means data crossing a vulnerable channel today is already at risk. The clock for *planning* is now, not 2034.
What it means for you
Practically, getting ahead of NIST IR 8547 means three things:
- Inventory. Produce a cryptographic inventory — a list of where RSA/ECDSA/ECDH/etc. live in your systems. This is the first artifact any reviewer asks for, and you can't plan a migration without it.
- Prioritize. Key exchange first (retroactive risk), signatures next, legacy hashes (MD5/SHA-1) removed immediately.
- Plan. Map each finding to its NIST replacement, adopting hybrid constructions during the transition.
Generate a cryptographic inventory + a report mapped to NIST IR 8547 — from a real scan, free.
Get a compliance report →