The HQC Hedge
Algorithm diversity after ML-KEM
The post-quantum migration regime is beginning to move from algorithm selection to infrastructure governance. NIST’s decision to select HQC, a code-based key-encapsulation mechanism, as an additional KEM alongside ML-KEM should not be read as a rejection of the lattice-based standard now anchoring first-wave migration. Its significance is different. HQC introduces a second mathematical family into the future standards landscape, reducing the risk that public agencies, regulated industries, cybersecurity vendors and critical infrastructure operators converge too completely on one algorithmic foundation, one implementation ecosystem and one procurement default. The strategic issue is not whether organisations should delay migration until HQC is finalised. They should not. The issue is whether current migration programmes are being designed with enough cryptographic agility to absorb future diversification without structural disruption.

