The next five years will reward governments that treat trust like infrastructure. By 2030, the public will expect services that are instant, portable across borders, private by default and secure against tomorrow’s threats. You get there by converging three pillars: Digital Public Infrastructure (DPI), post-quantum cryptography (PQC) and digital identity wallets.
What Changes the Game Right Now
- Standards are set. The National Institute of Standards and Technology (NIST) approved three PQC standards, FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), FIPS 205 (SLH-DSA), to protect data against future quantum attacks. These became effective in August 2024, giving procurement and platform teams a clear target. The United Kingdom’s National Cyber Security Centre (NCSC) has laid out its next steps in preparation for PQC, as has the National Security Agency (NSA).
- Timelines are public. National guidance (e.g., NSA’s CNSA 2.0) maps out transition windows into the early 2030s, and program addenda detail milestones for when PQC becomes preferred and then mandatory, critical signals for your vendor contracts.
- Identity is getting portable. The European Union’s eIDAS 2.0 requires each member state to offer at least one EU Digital Identity (EUDI) Wallet by end-2026, a policy marker that is already influencing global identity programs and cross-border trust frameworks.
- DPI is a policy frame, not a product. Multilateral bodies now define DPI (identity, payments, data exchange, and their safeguards) as the shared rails on which whole-of-government services run.
Why This Convergence Matters for Every Nation
Deploying any one pillar helps; integrating all three compounds value. DPI gives you common rails; wallets give people and businesses user-controlled, verifiable credentials; PQC future-proofs records and transactions with cryptography that’s built for the quantum era. The result: interoperable services that are cheaper to build, safer to operate, and easier to trust, whether you’re a small island state digitizing permits or a G20 economy modernizing tax and benefits.
A 2030 Reference Architecture (Leader’s Blueprint)
- Publish the stack. Declare a 2030 target architecture with three core layers: DPI rails (ID, payments, data exchange and consent), trust services (PQC, public key infrastructure, key management services, code-signing, audit logging) and wallet-led experiences (citizen, business, official). Make it vendor-neutral and open-standards-first.
- Prioritize long-lived secrets. Direct agencies to inventory cryptography, tag anything needing confidentiality for 10 years or more(health, tax, IP, national security), and plan migration to FIPS 203/204/205, hybrid first (classical and PQC), then PQC-only per policy.
- Launch a wallet pilot that proves value. Start with two high-demand, low-controversy use cases (e.g., professional licensing and business registration) and enable cross-border verification where feasible. Align with eIDAS-style assurance levels even if you are outside the EU; it signals maturity to markets and partners.
- Procure for the future, not the past. Update RFPs and master contracts to require: (a) PQC roadmaps (with dates), (b) DPI-compatible APIs and data schemas, (c) wallet-ready verifiable credentials, and (d) exit and interoperability clauses to avoid lock-in.
- Stand up a trust board. Put CIO, CDO, CISO, treasury, and justice at one table. Mandate privacy-by-design, red-team evaluations, and incident transparency across the stack.
- Design for low-resource realities. Mobile-first, offline-capable wallets; small-footprint cryptography on constrained devices; human-assisted flows for people without smartphones, so the rail works for everyone.
- Fund the migration, not just the destination. Budget line items for PKI refresh, hardware security model/KMS upgrades, testbeds, and talent.
- Measure trust, not just transactions. Track: percent services on DPI rails; percent endpoints on PQ/hybrid; percent credentials issued to wallets; time-to-benefit; and user-reported confidence.
A 12-Month Action Horizon (Start Now)
- Quarter 1: Publish the 2030 reference architecture; create the crypto inventory; select two wallet use cases; establish the trust board.
- Quarter 2: Pilot Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) handshakes on one public service; issue a test certificate authority for post-quantum signatures; issue first verifiable credentials to a controlled cohort; finalize procurement clauses.
- Quarter 3: Expand pilots across one citizen-facing and one business-facing service; publish a public dashboard on PQC progress and wallet adoption.
- Quarter 4: Lock vendor PQC dates in contracts; onboard two ministries to DPI rails; run a cross-border verification exercise with a partner jurisdiction.
The Leadership Ask
This isn’t about chasing hype. It’s about protecting records that must outlive today’s cryptography, reducing integration cost across governments and giving people control over their credentials. Publish the architecture, fund the migration and make your progress public. Governments that move now will set the rules of interoperability and earn the public’s confidence to match.
Dr. Rhonda Farrell is a transformation advisor with decades of experience driving impactful change and strategic growth for DoD, IC, Joint, and commercial agencies and organizations. She has a robust background in digital transformation, organizational development, and process improvement, offering a unique perspective that combines technical expertise with a deep understanding of business dynamics. As a strategy and innovation leader, she aligns with CIO, CTO, CDO, CISO, and Chief of Staff initiatives to identify strategic gaps, realign missions, and re-engineer organizations. Based in Baltimore and a proud US Marine Corps veteran, she brings a disciplined, resilient, and mission-focused approach to her work, enabling organizations to pivot and innovate successfully.
Leave a Reply
You must be logged in to post a comment.