up:: The Mandates MOC

GSMA PQ.1 (Post-Quantum Telco Network Impact Assessment)

GSMA PQ.1 is the mobile industry’s consensus whitepaper on what the post-quantum transition means for telecommunications networks, published by the GSMA as Official Document PQ.01, Version 1.0, on 17 February 2023. It came out of the Post-Quantum Telco Network (PQTN) Taskforce, which the GSMA, IBM, and Vodafone established on 29 September 2022 at MWC Las Vegas. The whitepaper maps the business risks of a quantum-capable adversary, enumerates where cryptography lives inside a 5G telco stack, surveys government PQC guidance across more than a dozen countries, and lays out a five-phase migration approach that begins with a cryptographic inventory and a risk assessment. It’s planning guidance, not a specification, so it tells the industry how to think about the transition rather than dictating algorithms or binding anyone to a deadline.

The short version:

  • GSMA PQ.1 is the GSMA’s foundational impact assessment of the quantum transition for mobile networks, written to give telecom decision-makers a shared, industry-wide reference.
  • It’s Official Document PQ.01, Version 1.0, dated 17 February 2023, produced by the Post-Quantum Telco Network Taskforce that the GSMA, IBM, and Vodafone founded on 29 September 2022.
  • It’s non-normative. A GSMA whitepaper is informational strategy guidance, so PQ.1 imposes no compliance obligation on its own; its weight comes from being industry consensus.
  • It frames the migration as a five-phase program (strategy, operator planning, engineering, implementation, end-to-end quantum-safe) and names a cryptographic inventory plus a risk assessment as the first concrete deliverables.
  • It deliberately puts QKD and quantum random number generation out of scope, focusing squarely on post-quantum cryptography adoption.

Think of PQ.1 as the shared route map a whole convoy agrees on before anyone starts driving. A mobile operator, its equipment vendors, its SIM suppliers, and its regulators each own a different vehicle, and if they each plan a route alone they arrive at different places on different days. PQ.1 is the map they all read from, so the convoy moves in the same direction, in the same order, toward the same destination.

What is GSMA PQ.1?

GSMA PQ.1 is an industry impact assessment from the GSMA, the trade association that represents mobile network operators worldwide, describing the effect of the post-quantum transition on telecom networks and setting out a phased approach to migrating. Its full official title is the Post Quantum Telco Network Impact Assessment Whitepaper, and its GSMA document reference is Official Document PQ.01. The security classification on the document is Non-Confidential, and the version of record is 1.0, dated 17 February 2023.

Source: GSMA, “Post Quantum Telco Network Impact Assessment Whitepaper,” Official Document PQ.01, Version 1.0, 17 February 2023, PQ.01 whitepaper PDF.

A few facts about its origin and standing are worth being precise on, because they change how much authority to give it:

  1. It’s the output of a named industry taskforce, not a single vendor. The Post-Quantum Telco Network (PQTN) Taskforce was established by the GSMA, IBM, and Vodafone on 29 September 2022 at MWC Las Vegas, organized around three work areas of strategy, standardisation, and policy. That the founding trio pairs the industry trade body with a quantum-hardware maker and a tier-one operator is why the document reads as a consensus roadmap rather than a product pitch.
  2. It’s a whitepaper, which means it’s guidance, not a rule. GSMA publishes binding technical requirements as Permanent Reference Documents that operators are expected to implement. PQ.1 is not one of those. It’s an informational strategy document, so its force is persuasive and coordinating rather than mandatory.
  3. Its authorship is broad. The GSMA states that representatives of 35 of its members contributed to the whitepaper, and the named contributor block spans operators (Vodafone, Orange, Telefonica, EE, KT corp., SK Telecom, Verizon), plus vendors and identity firms (IBM, Kigen, IDEMIA, Arqit, Syniverse). That breadth is what lets a telecom recommendation cite “the industry, through GSMA, already agreed on this approach” rather than one company’s opinion.

Source: IBM Newsroom, “GSMA, IBM and Vodafone Establish Post-Quantum Telco Network Taskforce,” 29 September 2022, press release. Contributor detail from the PQ.01 whitepaper PDF and the GSMA resource page.

[OPERATOR VERIFY: the “35 members” figure is GSMA’s own published claim on the resource page; the whitepaper PDF names 23 individual contributors across 12 organizations, which is a count of named editors, not member organizations. Both are reported here with their sources.]

Who is GSMA PQ.1 for?

PQ.1 names its audience explicitly, and it’s aimed at decision-makers rather than implementers. The whitepaper is written for telecom-industry stakeholders (CTO, CIO, CISO), their supply-chain counterparts (vendor CTO, CIO, CISO), industry analysts, regulators responsible for security policy, and security researchers, and it states that its message is relevant for CEOs and company boards. In practice that resolves to four groups:

  1. Mobile network operators planning the PQC migration of their 5G core, radio access network, transport, roaming, and OSS/BSS systems.
  2. Network-equipment and IT vendors whose product roadmaps have to deliver PQC-capable software, since PQ.1 makes vendor roadmap collaboration a formal step in the plan.
  3. SIM, eSIM, and identity vendors, where subscriber-credential cryptography is at stake. Identity firms and the GSMA eSIM community sit inside the document’s ecosystem map.
  4. Regulators and policymakers using the whitepaper’s country-by-country survey to benchmark national telecom PQC posture.

Is GSMA PQ.1 a compliance mandate?

No. GSMA PQ.1 imposes no compliance obligation by itself, and that distinction is load-bearing. It’s a whitepaper, meaning industry-consensus planning guidance, not a GSMA Permanent Reference Document and not a law. Nobody gets audited against PQ.1 and nobody is fined for missing one of its phases.

Its influence works a different way. Because it carries the GSMA’s name and the endorsement of a broad slice of the operator and vendor community, it becomes the shared reference the whole telecom supply chain aligns to. The actual binding deadlines land elsewhere, and PQ.1 points at them: the country survey tracks national mandates, and the algorithm posture defers to the NIST standardization outputs. So the pattern is that a real regulation (a NIST deprecation date, a national directive, a procurement requirement) supplies the deadline, and PQ.1 supplies the sequence for meeting it. This is how consensus guidance and hard mandates divide the work, and it’s why a telecom program can cite PQ.1 for the “how” while citing a document like NIST IR 8547 or CNSA 2.0 for the “by when.”

What are the five phases of the GSMA PQ.1 migration approach?

PQ.1’s centerpiece is a five-phase sequence that carries an operator from an initial strategy through to an end-to-end quantum-safe network. The order matters as much as the content, because the early phases are about knowing what you have and lining up your suppliers before any code changes.

PhaseNameWhat happens in it
Phase IStrategySet the organizational strategy for becoming quantum-safe: leadership buy-in, ownership, and the framing of the program.
Phase IIOperator architecture and planningUpdate operator requirements, collaborate with vendors on their PQC roadmaps, engage the open-source community (for example Linux and OpenSSL), build a cryptographic inventory, and account for crypto-agility.
Phase IIIEngineeringPQC-enable the cryptographic estate, notably PKI, certificate authorities, and hardware security modules, with vendors and open-source components updated, then validate and test.
Phase IVImplementationRoll out the changes, prioritized by an operator-specific risk assessment so the highest-exposure systems move first.
Phase VEnd-to-end quantum-safeReach a fully quantum-safe network once standards, vendor products, and deployments have converged.

Source: GSMA PQ.01 whitepaper, migration approach section.

The through-line across all five phases is reducing “cryptographic debt” and building crypto-agility, so that the next algorithm change (and there will be one) is a routine update rather than a second multi-year program.

What does GSMA PQ.1 say to do first?

PQ.1 is unambiguous that the migration starts with knowing what you have. Before any engineering, it calls for two foundational deliverables:

  1. A cryptographic inventory. A complete accounting of every algorithm, key, certificate, and protocol in use across the estate. Most operators find their existing asset inventories don’t capture cryptography at this level, which is exactly why PQ.1 makes the inventory an explicit, named step. This maps directly onto a CBOM.
  2. A cryptography risk assessment. A prioritized view of where the exposure actually is, so implementation in Phase IV can lead with the highest-risk systems rather than migrating alphabetically.

On top of those two, the whitepaper’s operator action list adds building internal PQC expertise, supporting standardization and open-source work, engaging customers and vendors, and developing a written PQC transition plan. The surfaces PQ.1 says the inventory has to cover give a defensible, GSMA-blessed checklist for what “complete” means in a telecom context:

  1. Cryptographic systems: PKI, certificate authorities, hardware security modules, and identity, access, and privileged-access management.
  2. Computing technology: servers, firmware, operating systems, virtualization, cloud, databases, and middleware.
  3. Networking equipment: Ethernet switches and IP routers.
  4. Telecom architectures: settlement, telecom-specific network functions, radio, core, transmission, and communication services such as voice, messaging, and mission-critical services, plus OSS and BSS.
  5. Telecom-specific business processes: device activation, roaming, and settlement.

What business risks does GSMA PQ.1 call out?

PQ.1 frames the quantum threat to a telco in terms a board can act on, naming four concrete business risks:

  1. Store-Now-Decrypt-Later. The harvest-now-decrypt-later threat applied to telecom data: an adversary records encrypted subscriber and signaling traffic today and decrypts it once a cryptographically relevant quantum computer exists.
  2. Code-signing and digital-signature compromise. A quantum-broken signature scheme lets an attacker forge software updates, which is a supply-chain compromise of the network itself.
  3. Rewriting history. Compromising the integrity of already-signed data, such as contracts and records, so the authenticity of past documents comes into doubt.
  4. Key-management attacks against long-term stored data. Long-lived keys protecting archived data become a target the moment the underlying algorithm is broken.

What’s in scope, and why is QKD left out?

PQ.1 draws a sharp scope line, and it’s a deliberate one. The whitepaper’s stated purpose is to analyze the dependencies and timelines for a responsible industry transition to quantum-safe technology, using 5G wireless architecture as the baseline, and it focuses on algorithms considered capable of resisting a cryptographically relevant quantum computer, meaning the post-quantum algorithms coming out of the NIST process, plus how to introduce and maintain crypto-agility across the telco ecosystem.

What it explicitly excludes is telling. PQ.1 puts quantum computing itself, quantum networking, quantum sensing, the quantum internet, and quantum-safe mechanisms that rely on quantum physical properties (specifically QKD) out of scope. The whitepaper notes that earlier telecom quantum work concentrated on QKD and quantum random number generation, and it consciously steps away from that to focus on PQC adoption. That scoping choice matters beyond the document, because it puts the mobile industry’s flagship impact assessment on the same side as the major signals-intelligence agencies: standardized post-quantum cryptography is the general-purpose path, and QKD stays in a narrow, point-to-point lane.

How does GSMA PQ.1 relate to the NIST standards and the other mandates?

PQ.1 doesn’t specify cryptographic parameters of its own. It anchors its algorithm posture to the outputs of the NIST standardization process, so the actual algorithms a telco deploys are ML-KEM for key establishment and ML-DSA for signatures, defined by NIST rather than by GSMA. Around that, PQ.1 acts as the coordination layer that maps the standards onto telecom’s specific architecture and supply chain.

  1. Against the NIST standards, PQ.1 supplies the telecom-specific sequence and surface map that the FIPS documents leave general.
  2. Against protocol standards bodies, PQ.1 names its ecosystem partners and points the normative work toward them. It identifies 3GPP SA3 as the entry point for standardizing PQC into mobile network security, and it maps in ETSI, TM Forum, the O-RAN ALLIANCE, NGMN, ATIS, and the Linux Foundation. PQ.1 frames the why and the sequence; those bodies produce the protocol-level detail. The concrete 5G-core surfaces that detail lands on, the SUCI subscriber-privacy ECIES on the SIM, 5G-AKA, and the SEPP N32 inter-operator TLS, are in PQC in 5G and Mobile Networks.
  3. Against hard regulation, PQ.1’s country survey (covering Australia, Canada, China, the European Commission, France, Germany, Japan, New Zealand, Singapore, South Korea, the UK, and the USA) is where the binding deadlines live. PQ.1 catalogs them; documents like the national directives and NIST’s own timeline enforce them.
  4. Against its own follow-on, PQ.1 is the foundation for PQ.03, “Post Quantum Cryptography – Guidelines for Telecom Use Cases,” the more detailed use-case guidance from the same PQTN programme.

Common misconceptions

  1. “PQ.1 is a GSMA standard operators have to comply with.” It’s a whitepaper, meaning industry-consensus planning guidance. GSMA’s binding documents are Permanent Reference Documents, and PQ.1 isn’t one. Nobody is audited against it.
  2. “PQ.1 tells you which algorithms to use.” It defers algorithm selection to the NIST process and focuses on the transition approach, the risks, and the surfaces. The named algorithms (ML-KEM, ML-DSA) come from FIPS, not from PQ.1.
  3. “PQ.1 covers QKD and quantum networking.” The opposite. It explicitly scopes out QKD, quantum random number generation, quantum networking, and quantum sensing to concentrate on post-quantum cryptography.
  4. “It only matters to network operators.” Its own audience list includes vendors, SIM and identity firms, regulators, boards, and CEOs, and its phased plan makes vendor and open-source collaboration a formal step.
  5. “It’s a technical spec for engineers.” It’s a strategy and impact-assessment document aimed at decision-makers. The normative engineering work happens downstream in bodies like 3GPP SA3, which PQ.1 names as the entry point.

Questions people ask

Is GSMA PQ.1 mandatory? No. It’s a non-confidential GSMA whitepaper, which is industry-consensus planning guidance rather than a binding requirement. Its influence comes from being the shared reference the telecom supply chain aligns to, not from any enforcement mechanism.

When was GSMA PQ.1 published, and is it current? Version 1.0 is dated 17 February 2023 and remains the version of record. The GSMA has published follow-on use-case guidance as PQ.03 from the same taskforce, but PQ.1 is still the foundational impact assessment.

Who wrote GSMA PQ.1? The Post-Quantum Telco Network Taskforce, founded by the GSMA, IBM, and Vodafone on 29 September 2022 at MWC Las Vegas. GSMA reports that representatives of 35 of its members contributed, spanning operators, network vendors, and identity firms.

What’s the very first thing PQ.1 says to do? Build a cryptographic inventory and run a cryptography risk assessment. Every downstream phase depends on knowing which algorithms, keys, certificates, and protocols are actually in your estate, and PQ.1 treats that inventory as the gate to everything else. It maps onto a CBOM.

Why did PQ.1 leave QKD out? The taskforce deliberately scoped QKD and quantum random number generation out to focus on post-quantum cryptography, the general-purpose path that runs on existing networks. That mirrors the posture of agencies like the NSA and the UK’s NCSC, which treat QKD as suitable only for narrow, point-to-point circumstances.

Does PQ.1 apply if I’m not a mobile operator? It’s written primarily for operators, but its audience and ecosystem explicitly include network-equipment vendors, SIM and eSIM and identity providers, regulators, and boards. If you sell into or buy from a mobile network, PQ.1’s phased approach and surface checklist are the reference your telecom counterparts are using.

How does PQ.1 line up with the NIST standards? PQ.1 hands algorithm selection to the NIST process and layers the telecom-specific sequence, surface map, and risk framing on top. So you get ML-KEM and ML-DSA from NIST, and the “how do we roll this out across a 5G network and its supply chain” from PQ.1.

What is PQ.03, and how is it different? PQ.03 is “Post Quantum Cryptography – Guidelines for Telecom Use Cases,” the follow-on guidance from the same PQTN programme. Where PQ.1 assesses the impact and lays out the phased approach, PQ.03 goes deeper on specific telecom use cases.


Everything here is the map, given freely. When your team needs PQ.1’s five-phase approach translated into a cryptographic inventory and a migration sequenced against your own network, that’s what an alignment briefing is for.

Last verified 2026-07-09 · Maintained by Addie LaMarr, LaMarr Labs.