HID Global has released its Public Key Infrastructure (PKI) in the Age of AI and Automation market study, revealing how more than 300 IT leaders in the United States and Europe are responding to emerging PKI challenges in AI, automation and post-quantum computing.
The study identifies the trends, threats and innovations that are shaping this fast-moving market, equipping security leaders with actionable insights to align their strategies with emerging opportunities and future demands.
By minimizing the threat of human error, automation decreases the risk of certificate-related incidents, a benefit that is growing increasingly urgent as certificate lifespans shrink. This includes Transport Layer Security (TLS) certificates, the digital credentials that secure encrypted connections across websites and applications.
The CA/Browser Forum has already approved a phased reduction of TLS certificate validity—from 398 days to just 47 days by 2029—making manual certificate management increasingly unsustainable and driving automation to the top of the security agenda. In response, 67% of executives surveyed are already automating renewal processes.
Automation also enhances scalability and helps organizations secure dynamic environments like IoT devices and AI agents. Executives from organizations large and small have made it one of their top priorities, with 61% of respondents saying they plan to invest in PKI automation in the next 24 months.
PKIaaS eliminates the need for on-premise hardware and servers, ensuring seamless automation from issuance to renewal and revocation. However, while 76% of organizations have incorporated cloud components into their PKI infrastructure, only 23% use fully cloud-based deployments. Enterprises with more than 100,000 employees tend to prefer hybrid PKI deployments, suggesting that organisations seek to balance the flexibility of PKIaaS with the security and control of on-premise infrastructure.
With the growing swarm of regulations—from GDPR, Cyber Resilience Act, NIS2, HIPAA and more—compliance has become a strategic driver of PKI adoption. The cost of getting it wrong is high, as nearly half of executives (45%) list regulatory compliance among the primary business goals they hope to achieve through PKI, while 39% measure it as a formal key performance indicator.
As quantum computing matures, it poses a fundamental threat to today’s encryption: bad actors are harvesting encrypted data today, intending to decrypt it once quantum capabilities catch up. Yet despite the recognised threat, adoption remains cautious. Only 12% of surveyed respondents are piloting PQC, 25% are developing internal plans and 37% are monitoring evolving standards.
With PQC expected to be one of the most complex cryptographic transitions that the industry has ever experienced, larger enterprises and U.S.-based organisations are taking note. According to the survey, organisations with more than 50,000 employees are two to three times more likely to run PQC pilots than smaller companies.
While AI standards continue to evolve, securing both customer interactions and bot-to-bot exchanges is a pressing priority. The study finds that 34% of organisations cite AI agent certificates as a top trend, reflecting the PKI community’s proactive adaptation to AI-driven trust requirements. Adoption is slightly higher in the United States (18%) than in Europe (13%).
