In 2026, the achievement of Quantum Advantage will enable quantum computers to solve problems that are currently impossible for traditional technologies. This technological breakthrough, however, also introduces new risks for data protection, as today’s cryptographic solutions may no longer be secure. To truly safeguard sensitive information, organizations must act now and adopt Post-Quantum Cryptography (PQC).

Introduction

The year 2025 marked a turning point: quantum technology shifted from a distant scientific frontier to a strategic priority, with direct implications for the economy, industry, and national security.

According to experts, 2026 will be the year when quantum security takes center stage, and attention will increasingly focus onPost-Quantum Cryptography (PQC). PQC is essential not only to protect the intellectual property behind quantum technologies themselves, but also to ensure the long-term resilience of systems as these technologies move into operational use.

At the same time, regulatory frameworks such as NIS2and DORA are expected to impose much stricter requirements around crypto-agility, turning quantum security into a governance priority rather than a simple technical upgrade. As a result, security leaders must act promptly: identifying and classifying sensitive information, carefully assessing exposure risks, and precisely planning the migration toward more secure cryptographic systems.

Quantum Security Is Now a Global Concern

Quantum security has become a global issue. Digital systems and data flows cross national borders, while cryptographic standards and supply chains connect multiple countries, creating highly interdependent infrastructures. Fragmented or uncoordinated approaches can therefore generate shared vulnerabilities, with risks that can quickly propagate at an international scale. In the future, quantum security will depend as much on coordination among governments, enterprises, and global partners as on technological progress itself.

In this context, on January 12, 2026, Quantum Insider– a leading U.S. provider of information on quantum technologies – organized a major international initiative on quantum security in Washington, D.C. The event brought together government officials, industry leaders, legal experts, and international diplomats, all sharing the view that quantum security is no longer a remote technical risk, but a concrete challenge for infrastructure and governance.

Moreover, the technological transition between 2025and 2026 represents a shift in perspective. The central issue is no longer just the maturity of quantum technologies, but the complexity and duration of adaptation processes for critical systems – such as finance, communications, healthcare, and public administration – which often require timelines measured in decades.

Approaching Quantum Security: What Needs to Be Done

To protect existing cryptographic systems in the face of advancing quantum technologies, organizations must:

• Address the complexity of migrating to new cryptographic solutions
• Manage integration challenges with legacy infrastructures
• Assess the risks associated with delays in adopting adequate countermeasures

It is also important to recognize that, for vendors, the ability to guarantee data security has become essential. Without a clear and credible roadmap for transitioning to PQC, customer trust erodes and shifts toward better-prepared competitors that can offer long-term guarantees for protecting sensitive information. PQC is therefore becoming a key purchasing criterion: organizations increasingly evaluate it as part of their decision-making process, even when it is not explicitly required in tenders or requests for proposals. In short, the ability to protect data in the near future is now decisive for every vendor’s competitiveness and reputation.

As a result, the transition to quantum security must be viewed as a complex and interconnected journey that requires timely and careful planning.

Today, protecting technologies, businesses, and intellectual property – the core pillars of the quantum ecosystem – demands a strategy that goes beyond traditional cybersecurity. Two essential directions clearly emerge:

Security for Quantum

This area focuses on protecting quantum innovation itself. Global investments in quantum technologies – involving startups, multinational corporations, research labs, and academic institutions – already amount to tens of billions of dollars and rely heavily on international collaboration. While this openness accelerates progress, it also expands the attack surface. Intellectual property theft, insider risks, supply chain compromises, and data exfiltration are real and growing threats, amplified by the strategic value of quantum technologies.

A multi-layered security strategy is therefore essential. Technical controls alone are not enough: strong governance, access management, secure collaboration frameworks, and alignment with evolving regulations are all required. Protecting innovation does not mean slowing progress, but ensuring that it can advance without losing trust or competitive advantage.

Security from Quantum

This dimension focuses on the impact of quantum capabilities on today’s digital infrastructures. Many cryptographic systems underpinning the global economy were designed under the assumption that certain mathematical problems were infeasible for classical computers. As quantum technologies advance, those assumptions can no longer be taken for granted, creating a serious timing challenge.

Data encrypted today may be stored and decrypted in the future using more powerful quantum computers – the so-called “harvest now, decrypt later” (HNDL) approach. While the risk may be limited for short-lived information, it becomes critical for long-term data such as medical records, legal archives, sensitive intellectual property, and national security information.

Post-quantum cryptography was developed precisely to address this challenge, providing solutions designed to preserve data resilience over time.

Where We Stand with PQC

Organizations are currently facing the complex task of mapping cryptographic dependencies across legacy systems and supply chains. At this stage, strategic planning and coordination are more critical than immediate operational urgency. Delaying the adoption of PQC algorithms means exposing future industrial assets to the risk that, in just a few years, actors with quantum capabilities could decrypt sensitive data.

MandatoryPost-Quantum Roadmap for EU Member States

To address this challenge, the European Union has defined a roadmap for the transition to PQC (the EU Coordinated ImplementationRoadmap for the Transition to Post-Quantum Cryptography), developed by the NISCooperation Group. This roadmap requires all EU Member States to prepare:

• By the end of 2026: A comprehensive national plan for PQC implementation
• By 2030: Migration of high-risk use cases – such as those in the financial and healthcare sectors – and critical infrastructures, including energy and telecommunications, to post-quantum algorithms. Quantum-safe updates must be enabled by default, and transition plans further refined
• By the end of 2035: Completion of the migration for as many systems as possible, ensuring the resilience of Europe’s digital infrastructures

This ambitious timeline is justified by the severe consequences that weak cryptography would have on data protection and on sensitive communications vital to society, the economy, security, and prosperity across the EU and its Member States.

Image source – EU: A Coordinated ImplementationRoadmap for the Transition to Post-Quantum Cryptography

In parallel, the EU is working on the introduction ofa Quantum Act, aimed at reducing fragmentation among Member States and fostering rapid industrial growth in quantum technologies. This initiative seeks to strengthen infrastructures, develop new skills, and promote international collaboration, enabling Europe to close the gap with the UnitedStates and China, which have long invested heavily in quantum industrialization and infrastructure.

The U.S. National Institute of Standards andTechnology (NIST), for its part, has finalized three PQC standards: FIPS 203,204, and 205. In October 2025, NIST also selected the new HQC (HammingQuasi-Cyclic) algorithm as a backup for ML-KEM, the primary algorithm for general-purpose encryption, with the final version expected to be published in2027.

Conclusion

Europe must act decisively, adopting coordinated tool sand policies to secure leadership and autonomy in post-quantum security.

The deadlines set by the European roadmap provide a crucial reference point to guide investments and raise awareness among all stakeholders, serving as a political and strategic catalyst to address future challenges. However, setting a transition date alone is not enough to ensure an effective, harmonized, and secure migration to PQC at a continental scale. Cybersecurity must evolve in step with technological progress to protect sensitive data effectively.

Organizations must therefore adopt quantum security strategies immediately, in order to anticipate and mitigate emerging risks.

Ultimately, protecting technologies, businesses, and intellectual property – the beating heart of the quantum ecosystem – requires an approach that goes beyond traditional cybersecurity. Post-quantum cryptography is no longer a technical option, but a strategic necessity to ensure resilience, competitiveness, and trust in the digital future.

Tempus fugit: the time to act is now, because the future will not wait.