Free Tool · Quantum Security
Algorithm Sunset Timer
Select your jurisdiction, sector, and algorithms in use. See which are disallowed, approaching their deadline, or still permitted under the frameworks that apply to you. RAG-rated results with hybrid guidance and recommended replacements.
- Runs entirely in your browser: nothing is stored or transmitted
- Covers CNSA 2.0, NIST SP 800-131A, NCSC UK, BSI, ANSSI, NIS2, and financial-sector frameworks
- Red / Amber / Green / Grey status with deadline years and replacement algorithms
Your answers are used only to filter and display results. No email address, company name, or IP address is collected as part of this assessment. Any PDF report you download is generated in your browser and is not stored on any server. If you choose to enter your email address in the newsletter form, that information is stored separately and only used to send you the updates you asked for.
What this tool collects
This tool collects your jurisdiction, sector, and algorithm selections and evaluates them against the data matrix. All of this happens in your browser. Your selections are not sent to a server for processing.
What is not collected
Your IP address is not collected or stored. Your company name is not collected unless you choose to enter it when downloading a PDF report. Your email address is not collected unless you choose to provide it to receive updates.
PDF reports
If you choose to download a PDF report, it is generated entirely within your browser using your selections. The report is not sent to or stored on any server. Once you download it, the data stays with you.
Third parties
Your data is not sold to third parties. Your data is not shared with advertising networks. Your data is not used for any purpose other than those described here.
How this tool works
The Algorithm Sunset Timer cross-references your algorithm selections against a curated data matrix of regulatory framework entries. Each entry covers a specific combination of framework, jurisdiction, sector, and algorithm, and carries a status (disallowed, not recommended, acceptable, or pending), deadline information, recommended replacement, and hybrid-mode guidance.
RAG status is assigned per entry: Red for disallowed or within two years of a mandatory deadline; Amber for within five years or carrying an implicit deprecation state; Green for algorithms permitted beyond five years; Grey for entries where status is pending or classified. Where a framework covers all sectors, it will appear for any sector selection.
Results are filtered by your jurisdiction and sector, then further filtered to show only the algorithms you selected. The table groups results by framework, with each row showing the algorithm, status, deadline, replacement, and hybrid-mode position. The PDF download captures this table alongside hybrid guidance and recommended next steps.
Which jurisdictions and frameworks apply to your organisation?
Select all that apply. If your organisation operates across multiple jurisdictions or is subject to more than one framework, select each one. Results will show entries from all selected frameworks.
Nothing is transmitted from your browser.
Which sector best describes your organisation?
Select the sector that most closely matches your primary activity. This filters sector-specific framework entries in addition to the general entries that apply to all sectors.
Nothing is transmitted from your browser.
Which algorithms does your organisation currently use?
Select all algorithms in active use across your systems. If you are unsure, include any that may appear in your cryptographic inventory. Results will show framework entries only for the algorithms you select.
Asymmetric — Key encapsulation / encryption
Asymmetric — Signatures
Symmetric — Encryption
Hash functions
Nothing is transmitted from your browser.
Need a structured PQC migration assessment?
The Algorithm Sunset Timer identifies which algorithms are at risk under your frameworks. The PQC Risk Assessment scores your organisation across all risk domains and produces an evidence base for executive decision-making.
Explore the PQC Risk Assessment