====== 2.1 Compliance ======

Regulatory conformance and standards for post-quantum cryptography.

----

===== NIST Standards =====

The library implements the final NIST standards for PQ cryptography:

^  Standard  ^  Algorithm  ^  Usage  ^  Status  ^
| FIPS 203((NIST FIPS 203: https://csrc.nist.gov/pubs/fips/203/final)) | ML-KEM | Key encapsulation | Final (2024) |
| FIPS 204((NIST FIPS 204: https://csrc.nist.gov/pubs/fips/204/final)) | ML-DSA | Digital signatures | Final (2024) |

These standards are the result of the 8-year NIST Post-Quantum Cryptography Standardization Project.

----

===== Regulatory Recommendations =====

==== BSI (Germany) ====

The Federal Office for Information Security((BSI PQC: https://www.bsi.bund.de/EN/Themen/Unternehmen-und-Organisationen/Informationen-und-Empfehlungen/Kryptografie/Post-Quanten-Kryptografie/post-quanten-kryptografie_node.html)) recommends:

  * Migration to PQ cryptography by 2030
  * Hybrid solutions for transition period
  * Priority for long-lived data (>10 years protection requirement)

==== ENISA (EU) ====

The European Agency for Cybersecurity((ENISA: https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation)) recommends:

  * Immediate evaluation of PQ solutions
  * Crypto agility as design principle
  * Inventory of cryptographic assets

----

===== Industry-Specific Requirements =====

^  Industry  ^  Relevance  ^  Rationale  ^
| Finance | High | Long-term obligations, transaction data |
| Healthcare | High | Patient data, 30+ years retention |
| Government | High | State secrets, infrastructure |
| Industry | Medium | Long-term certificates, IoT devices |

----

===== Audit Support =====

**Demonstrable Compliance:**

  * NIST FIPS 203/204 algorithms
  * OpenSSL 3.6 (FIPS-validatable base)
  * Hybrid signatures documented (X.509 extension)
  * Complete API documentation -> [[en:int:pqcrypt:api:start|API Reference]]

**Documentation for Audits:**

  * Algorithm selection justified (NIST standard)
  * Key management documented
  * Migration path traceable

----

===== Further Reading =====

  * [[.:risiko|Risk]] - Why act now
  * [[.:migration-roadmap|Strategy & Technology]] - Implementation planning
  * [[en:int:pqcrypt:konzepte:algorithmen|Algorithms]] - Technical details

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>compliance nist fips bsi enisa}}