19 February 2026
Japan's cryptography problem starts before quantum
Most Japan FSI firms cannot describe their certificate estate. The 47-day TLS mandate and PQC migration are both arriving. There is no comfortable sequencing between them.
Cryptographic Readiness
PKI debt, CBOM discovery, the 47-day certificate mandate, and why Japan FSI is starting its post-quantum migration from a worse baseline than most vendors assume.
Most Japan FSI organisations cannot fully describe the certificates they run. That is the baseline from which PQC migration must begin. The CA/Browser Forum’s 47-day validity mandate, the G7 PQC financial sector roadmap, and the harvest-now-decrypt-later threat are converging on a deadline that the Japan FSI cryptographic estate is not ready for. This beat tracks the gap between where Japan FSI is and where the regulatory and threat environment requires it to be, and names the vendors and approaches that are addressing it correctly.