The transition to Post-Quantum Cryptography (PQC) is essential to protect software systems from emerging quantum-enabled threats. Although standardised PQC algorithms are now available, developers and organisations continue to face significant challenges in integrating them into real-world software systems. While existing studies primarily focus on cryptographic performance and algorithmic security, it provides limited understanding of the broader socio-technological factors that influence successful PQC implementation. This SoK investigates PQC implementation approaches and challenges through the Human, Organisation, and Technology (HOT) dimensions. By systematically synthesising existing approaches across these dimensions, we reveal a notable imbalance in the current body of knowledge, where technological solutions dominate, while human and organisational considerations remain underexplored. Our analysis further shows that PQC implementation challenges are not isolated to individual dimensions; rather, they emerge as interconnected socio-technological constraints that span HOT contexts, collectively shaping implementation outcomes. These findings indicate that PQC implementation extends beyond cryptographic replacement and represents a broader socio-technological transformation requiring coordinated approaches across all HOT dimensions. To address this gap, we propose the PQC-HOT model, a conceptual framework that explains how interactions among HOT dimensions collectively influence PQC implementation in software. The model synthesises the implementation interventions and challenges identified in the SoK into an integrated structure that supports systematic decision-making, planning, and organisational transition strategies. Based on these insights, we outline future research directions and design implications for scalable and sustainable PQC implementation in software systems.

翻译：向软件系统中引入后量子密码学（PQC）对于抵御新兴量子威胁至关重要。尽管标准化PQC算法现已可用，但开发者和组织在将其集成至实际软件系统时仍面临重大挑战。现有研究多聚焦于密码学性能与算法安全性，对影响PQC成功落地的社会技术因素认知有限。本系统化综述通过人类、组织与技术（HOT）三维度框架，系统剖析了PQC实现方法与挑战。通过对现有方案的系统化整合，我们发现当前知识体系存在显著失衡：技术方案占据主导地位，而人类与组织维度考量尚待深入探索。进一步分析表明，PQC实现挑战并非孤立存在于单一维度，而是作为跨越HOT语境的多重社会技术约束相互关联，共同塑造实现效果。研究揭示PQC实现已超越密码替换层面，成为需协调HOT全维度的技术社会转型过程。为弥合这一缺口，我们提出PQC-HOT模型——该概念框架阐释了HOT维度间交互作用如何共同影响软件中PQC实现。该模型将本综述识别的实现干预措施与挑战整合为支持系统决策、规划及组织转型战略的集成框架。基于上述洞见，我们提出面向可扩展、可持续PQC软件系统实现的未来研究方向与设计启示。