Post-quantum cryptography is ready, Europe can be too

The key to Europe’s digital security is clear. It lies in the strength of its cryptography, which underpins everything from the data we use to chat, shop and travel to our critical supply chain, commercial and defense systems.

IBM Research has always looked toward the future of computing. We expect quantum computers to fundamentally change the paradigms of software development and computing, but they will also have major implications for our digital lines of defence.

Today’s quantum computers are not capable of breaking traditional cryptography – yet. They are rapidly progressing toward ‘cryptographic relevance’. Meanwhile, cybercriminals may be stealing and storing data, a practice known as ‘harvest now, decrypt later’, in hopes of accessing sensitive information later with more powerful quantum machines. With data in hand that could range from personal to intellectual property or national security data, for those actors, it could be worth the wait.

The good news is that researchers around the world, including the IBM Research team in Zurich and trusted global partners, have been working proactively with governments and regulators to prepare quantum-proof cryptography for this moment. In August this year, an eight-year competition held by the United States’ National Institute of Standards and Technology (NIST) concluded with the formal publication of three standardized post-quantum encryption algorithms. These powerful new cryptographic tools will be part of the United States’ federal government’s mandatory migration to post-quantum cryptography (PQC) by 2035. This is a significant step forward for quantum safety preparedness.

IBM researchers, including many who are based in Europe, helped to lead the development of two of the three PQC algorithms selected by NIST, working alongside academic and industry collaborators who share the conviction that collaboration and interoperability together can be the lynchpin of long-term security.

In Europe there are ample efforts by member states, EU organizations and the European Commission. However, it’s imperative that these initiatives collaborate on a shared mission to drive synergy and efficient EU-wide strategies.

As the EU is currently undergoing a holistic effort to harmonize its cybersecurity standards and bring several landmark measures into practice, it should not overlook how and when to prepare for new security challenges in the quantum era. Rather, Europe must leverage this momentum and European expertise to accelerate its planning for quantum safety.

In October, the EU formally passed the Cyber Resilience Act, which will advance holistic efforts like Software Bill of Materials templates across the EU, as well as NIS 2, which placed critical infrastructure at the forefront of European national agendas. And in early 2025, the EU’s financial services-focused Digital Operations Resilience Act will officially come to life.

As Europe works to bring overlapping cybersecurity strategies together, it has the opportunity to bolster its quantum safe planning so that organizations can plan for present challenges as well as the realities they will soon face in the quantum era.

Europe is the birthplace of quantum physics, and many Europeans are shaping its future. The IBM Quantum Data Center in Europe, launched on October 1, 2024, in Ehningen, Germany – our second global quantum data center deployed worldwide – will help propel our partners’ quantum journey and soon offer access to a quantum system powered by IBM’s most-performant quantum chip to date, IBM Quantum Heron. European organizations, including over 80 in the global IBM Quantum Network in industries like government, banking, manufacturing and telecommunications, are now exploring quantum algorithms that could offer value to their industries and countries.  

European governments are more equipped than ever to adopt policies that encourage rapid adoption, while maintaining the spirit of collaboration, harmonization and leadership. Advancing PQC planning is no simple feat, but the timing has never been better for dialogue, interoperability and sharing benchmarks between trusted partners. Post-quantum cryptography is ready. Bad actors aren’t waiting. Europe shouldn’t wait either to stay one step ahead of them.