Regulatory Compliance Tool
Select your jurisdictions, sector, and deployed algorithms. The tool maps each combination to its regulatory status under the frameworks that apply to you: disallowed, deprecated, approaching deadline, or currently permitted. RAG-rated results with hybrid scheme guidance and recommended replacement algorithms.
This tool maps your organisation's deployed cryptographic algorithms to their regulatory status under the frameworks that apply to your jurisdictions and sector. Its output is factual: given what you are running and where you operate, these are the obligations you are subject to, these are the deadlines those obligations set (or have not yet set), and these are the algorithms you should be migrating to.
The tool covers thirteen regulatory frameworks across national and international scope, including mandatory frameworks such as CNSA 2.0, NIST SP 800-131A, and DORA, alongside advisory frameworks such as NCSC UK and BSI TR-02102-1. For each algorithm-framework combination, the tool returns one of four status designations, a deadline type, and a hybrid scheme position. Results are colour-coded by urgency.
Two distinctions are important. Deprecated and Disallowed are not the same: Deprecated means a framework has identified an algorithm for migration; Disallowed means the framework explicitly prohibits use. Advisory frameworks carry real obligations in practice. NCSC UK and BSI TR-02102-1 operate on risk-based models; their guidance defines what counts as "appropriate and proportionate" under the NIS Regulations 2018. This tool is a filtered data matrix, not a risk assessment or compliance audit.
Quantum Security and Defence does not collect, associate, or retain your name or your company name when you use these tools. All information is stored only for the duration of the browser session.
We collect only jurisdiction, sector, and results data. This information is anonymised and cannot be associated with you or your company. Such anonymised data may be used for industry-level reporting, shared with members, incorporated into our research, and provided to government departments to support lobbying activity and the communication of industry readiness.
By using this tool, you consent to the provision of results data on a strictly anonymised basis. No personal name, email address, or company name is stored.
Country is recorded anonymously for benchmarking and to tailor regulatory context to your jurisdiction.
Country is recorded anonymously for benchmarking only. No email, name, or company details are transmitted or stored.
Select all that apply. If your organisation operates under multiple regulatory regimes, select each one. Results will show the obligations from every selected framework, enabling you to identify the most restrictive requirement where frameworks overlap.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Your sector determines which sector-specific framework entries are included in your results. Some frameworks apply with greater specificity to defence, financial services, or critical infrastructure organisations.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
The Industry selection is required and recorded anonymously. Your industry may impact your score. Be sure to choose your nearest industry category.
Name and company are used only within your browser session. They are not stored or transmitted.
Name and company are used only within your browser session. They are not stored or transmitted.
Name and company are used only within your browser session. They are not stored or transmitted.
Select every algorithm in your current deployments: TLS and HTTPS, digital certificates, code signing, VPNs, key exchange, digital signatures, and data encryption at rest. If uncertain, select all that might apply.
Your answer is used to calculate your score. Results data is recorded anonymously for benchmarking. No email, name, or company details are transmitted or stored.
Asymmetric / Key Exchange
Symmetric / Hash
Our team works with defence contractors, financial institutions, and government agencies on regulatory compliance programmes. We can map your full cryptographic estate and build a migration roadmap aligned to your specific framework obligations.
Run the tool to download a PDF of your results.
