Welcome to the third edition of The Quantum Leap, our quarterly update on the AES Migration Program.
Each quarter, we bring you a high-level update on the progress of the program and what’s ahead. We also provide updates on developments in Australia and globally, and will focus on cyber security, cryptography and the impacts of classical and quantum computing.
Your suggestions for topics in future publications and feedback on this edition are welcomed. Please feel free to contact us by email at aesmigrationprogramteam@auspaynet.com.au.
We hope you enjoy this latest edition.
Riaz Hussain Head of Security, Standards & AES Transition
A year in review - highlights of 2025
Looking back at 2025, there have been many highlights.
We are pleased to see the Program gaining greater awareness and visibility, particularly among our Members, Government and regulators. Later in this newsletter, we cover the recent statements made and publications by the Reserve Bank of Australia (RBA) and some of the Australian Government’s security agencies.
Early adopters are mobilising well as we head towards Vanguard Industry Testing (VIT) and Pilot next year. This will provide the first opportunity to exercise the Program’s testing strategy and gain valuable learnings into the implementation challenges.
On 25 September, the Australian Competition and Consumer Commission issued its final determination granting authorisation for aspects of the Program until 24 September 2033. This authorisation is effective as of 17 October 2025 and will enable the appropriate level of industry coordination to take place.
Development of the core foundational documents for the Program is nearing completion. We will continue to maintain these documents as required throughout the Program.
Finally, engagement between our Members and the international and domestic card schemes is starting to increase now that specifications are being made available for testing and integration.
Overall, these are pleasing indicators of momentum building as we move towards commencing Pilot next year.
Current phase
The current phase of the Program concludes this year. This phase has been focused on preparation for Pilot, which is currently scheduled for 2026. Key deliverables from this phase have included:
An update to the Technical Blueprint to include amendments to the relevant Australian Standard, AS2805.
A migration handbook, which will provide further guidance to participants on how to navigate the migration process and become a repository of lessons learned as we proceed.
Industry Testing Plans and the supporting tools that participants will require.
An Information Management System (IMS) to enable the industry to track progress.
An uplift in communications and change activities as the industry mobilises.
Member insights webinar – An Introduction to the Technical Blueprint
We recently held our second Member insights webinar, which focused on the Technical Blueprint and was presented by Head of Security, Standards & AES Transition, Riaz Hussain and Technical Requirements Lead, Matt Stone.
Our team led a walkthrough of the Technical Blueprint for the Program, describing the target state for encryption across the card payments system. They also shared the considerations and choices made by the Standards & Requirements Working Group, what they mean for our Members, and how they align with Australian and international standards.
A recording of the webinar is available to AusPayNet Members on the Member Portal.
What are we seeing in Australia?
The RBA has talked about the need for migration to AES this year. Most recently, the Payments System Board considered the Program at its November meeting, issuing the following statement:
"Advanced Encryption Standard (AES). The Board received an update on industry progress to enable the transition to AES for card payments in Australia. Members reiterated their strong support for industry efforts to ensure encryption standards continue to meet the high safety standards for card payments expected by the Australian public. The Board expects industry to progress migration with sufficient urgency to enable the readiness of AES for use by December 2030. The Board agreed to consult on using the RBA’s standard-setting powers under the PSRA to support the migration."
AES was also mentioned in two recent RBA speeches:
The Australian Signals Directorate (ASD) also issued two relevant publications, highlighting both the threat of quantum computing and response available:
2026 will be an important year for the Program. Given the RBA’s recent statement, we expect to see more focus on industry mobilisation and prioritisation of the Program. Our objective is to complete migration by the end of 2030. Although five years may seem like a long time, it is a relatively short window to complete a migration of this scale and complexity.
As previously mentioned, our early adopters are planning to enter VIT and Pilot in 2026. The Pilot Phase will initially focus on acquirers, with involvement from each of the card schemes. The initial stage of the Pilot will focus on Acquirers using AES for their payment terminals. The plan will be for issuers to nominate a small number of cardholders who will be asked to make payments at nominated acquiring terminals throughout the pilot period.
From a Government and regulator perspective, we look forward to continued support from the RBA, the next version of the Government’s Strategic Plan for Australia’s Payments System, and ongoing engagement with the Department of Home Affairs and ASD on the Cyber Security Strategy and security standards more broadly.
Communications in 2026
The volume of communications will continue to increase in 2026, with a host of newsletters, webinars, open days and a range of other communications activities. Specific priorities for 2026 include:
An increased focus on Participant support, with an emphasis on identifying and resolving issues and bottlenecks.
Ongoing engagement of Government, regulators, and industry bodies, with a key focus on the mandate position for AES.
Sharing lessons learned and experiences from early adopters to inform subsequent implementations, particularly through VIT and Pilot.
Supporting Participant success through the Migration Success Framework.
Reporting and status tracking, and ongoing maintenance of industry timelines and roadmaps.
Monitoring international developments and sharing learnings where available.
Ongoing engagement with external stakeholders, particularly on the effectiveness and timeliness of the industry’s approach to the management of the security risks.
A broadening of communications activities to non-Members and other stakeholders.
Increasing the public profile of the Program, particularly in relevant media.
