Purpose
These guidelines define how a vendor holding a current PKI Consortium PQCMM Certificate may display the PQCMM certification mark, and what wording must accompany it. The aim is to allow vendors to communicate genuine certification while preventing language that could mislead customers, regulators, or downstream supply-chain partners about what the certificate represents.
Who May Use the Mark
The PQCMM certification mark may be displayed only by:
- A vendor that currently holds a valid PKI Consortium PQCMM Certificate, in connection with the certified product or service and only at the certified level.
The mark must not be used:
- For products or services that are not certified.
- At a level higher than the level recorded on the certificate.
- After the certificate has expired, been suspended, or been revoked.
- In a way that suggests certification of the vendor’s organisation, of its other products, or of any feature outside the assessed scope.
Required Information Adjacent to the Mark
When the certification mark is displayed, the following information must appear with it (or be one click away on the same page):
- The certified product name and version.
- The certified PQCMM level.
- The PQCMM specification version against which the assessment was performed.
- The certificate identifier and a link to the entry in the PKI Consortium’s public certificate listing.
- The validity period (issue date and expiry date).
- The standard disclaimer text below.
Mandatory Disclaimer
The following disclaimer text (or substantively equivalent wording approved by the PKI Consortium in writing) must appear adjacent to any display of the certification mark:
The PKI Consortium PQCMM Certificate confirms that a third-party assessment of this product was reviewed and accepted by the PKI Consortium against version [X] of the PQCMM. It is not a guarantee of security, fitness for purpose, regulatory compliance, or absence of vulnerabilities. The PKI Consortium accepts no liability for the certified product or for any decision made in reliance on this certificate.
Permitted and Prohibited Statements
| Permitted | Prohibited |
|---|---|
| “Certified to PQCMM Level X by the PKI Consortium.” | “Certified secure” / “Certified quantum-safe” / “Certified by NIST” |
| “An independent third-party assessment of this product has been reviewed and accepted by the PKI Consortium.” | “Endorsed”, “approved”, or “guaranteed” by the PKI Consortium |
| “PQCMM Level X (third-party assessed; PKI Consortium certified, certificate #ABCD).” | “PQCMM Certified” without naming the level, certificate, or product |
| Use of the mark in product documentation, website, datasheets, and tender responses for the certified product. | Use of the mark on uncertified products, on the vendor’s general corporate marketing, or on a parent organisation. |
Misuse and Enforcement
The PKI Consortium may require correction or removal of any use of the mark or PQCMM language that does not comply with these guidelines. Persistent or material misuse is grounds for suspension or revocation of the underlying certificate.
Updates
These guidelines may be updated as the PQCMM matures. Changes that affect existing certified vendors will be communicated in writing; existing displays will be given a reasonable transition period to come into line.
