The European Payment Council (EPC) has issued its yearly update of the Guidelines on cryptographic algorithms usage and key management. The objective of this document is to provide guidance to the European payments industry in the field of cryptographic algorithms, security protocols, confidentiality and integrity protection and related key management practices. It has been written mainly for payment service providers, specifically for security officers, risk managers, system engineers and system designers. Although its reading does not assume expertise in cryptology, an understanding of key concepts of cryptography is assumed and some sections require basic mathematical knowledge.
In producing these guidelines, the EPC aims to provide a reference basis to support payment service providers. However, it needs to be recognised that cryptology research and development are constantly evolving. Therefore, the EPC annually reviews and updates the document to reflect the state of the art in light of major new developments and to keep it aligned with the documents referenced.
Relevant developments in cryptography since the publication of the previous version of these guidelines in March 2025, have been reflected in the new version of this document, specifically the information and considerations on Post-Quantum Cryptography computing received a significant update. Since the previous version, the team also revised the document structure and updated the bibliography.