ExeQuantum Featured in Wavestone's 2026 Post-Quantum Migration Solution Radar
Samuel Tseitkin 20 April 2026
Wavestone, the European consulting firm specialising in strategic transformation and cybersecurity, has published its 2026 Radar of Post-Quantum Migration Solutions. The radar provides a visual market overview of solutions available to support organisations through the transition to post-quantum cryptography (PQC).
ExeQuantum is featured in two of the radar's six segments: Inventory (CipherScout) and Libraries and Embedded Services (CipherForge). ExeQuantum is one of a small number of vendors appearing across multiple segments, reflecting the platform's coverage of both the discovery and implementation layers of PQC migration.
Why the Radar Matters
The Wavestone radar is one of the few structured market maps that European CISOs and security teams use when shortlisting vendors for PQC migration programs. It categorises solutions across six segments: Inventory, Network Analysis, Migration Management, PQC-compliant HSM/PKI/CLM, Libraries and Embedded Services, and Perimeter Protection.
The 2026 edition arrives at a point where multiple regulatory timelines are converging. The report highlights several developments from 2025 that are accelerating the transition from technical planning to institutional mandate: - The European Union has published a coordinated PQC migration roadmap for NIS 2 entities - G7 Finance has formally integrated post-quantum transition into its priorities - The Bank for International Settlements (BIS) has issued guidance on quantum readiness for the banking sector - The UK government has published its national post-quantum roadmap - NIST has set a draft target of 2035 for deprecating vulnerable algorithms, while the Australian Signals Directorate (ASD) has set a 2030 deadline
As Wavestone notes, the market has acknowledged that post-quantum migration must begin with systematic inventory and comprehensive risk assessment. Without visibility into which algorithms are deployed, where cryptography is used across the information system, and which data flows are exposed to harvest-now-decrypt-later threats, migration planning cannot meaningfully begin.
Where CipherScout Fits
CipherScout is ExeQuantum's cryptographic discovery platform. It scans across multiple surfaces, including TLS and certificates, APIs, source code, cloud KMS, databases, SSH, JWT fleets, and email authentication, producing CycloneDX 1.7 CBOM (Cryptography Bill of Materials) output.
The Wavestone report identifies CBOM as an emerging format for standardising cryptographic inventories, noting that organisations need to combine multiple complementary data sources to build a consolidated, actionable view of their cryptographic environment. This is the problem CipherScout is designed to solve.
Where CipherScout differs from certificate-centric discovery tools is in the breadth of its scan coverage. Most PKI vendors approach cryptographic inventory through the lens of certificate lifecycle management. CipherScout treats cryptography as a system-wide concern: JWT fleets, SSH configurations, cloud KMS policies, and hardcoded cryptographic usage in source code are all surfaces that need to be inventoried before an organisation can plan a credible migration.
From Inventory to Implementation
The dual placement in the Wavestone radar reflects a distinction that matters for organisations planning PQC migration: ExeQuantum covers both sides of the problem.
CipherScout provides the inventory layer, answering the question of where cryptography lives across the organisation. CipherForge, recognised independently in the Libraries and Embedded Services segment, provides the implementation layer: formally verified PQC algorithms (ML-KEM, ML-DSA, SLH-DSA) built on a Jasmin/C hybrid architecture, delivered through an API-native platform compliant with NIST FIPS 203/204/205. CipherWatch completes the platform with continuous monitoring and algorithm lifecycle management after migration.Most vendors on the radar address one segment. The few that appear in multiple segments tend to be the largest players in the market. ExeQuantum's presence across both inventory and implementation reflects the architectural decision to build a connected platform rather than a point solution. Discovery feeds directly into remediation, remediation is tracked through governance, and the entire chain runs on a single platform under sovereign control.
The Wavestone report makes the case that inventory is the prerequisite for migration. We agree. But inventory without a verified implementation path produces a risk register, not a migration. Having both recognised independently on the same radar validates the end-to-end approach.
