Adversaries are already collecting encrypted data today — to decrypt it once quantum computers are powerful enough. For organisations with long-lived sensitive data, the window to act on Post-Quantum Cryptography is already open.
Quantum computers cannot yet break today's encryption. But attackers do not need to wait.
The harvest now, decrypt later strategy means adversaries are collecting encrypted data today — financial records, patient data, communications, contracts — storing it until a sufficiently powerful quantum computer exists to decrypt it.
If your data must stay confidential for 10+ years, this problem belongs in your 2026 planning — not your 2035 planning.
Two complementary approaches to quantum-safe cryptography. PQC is the baseline for everyone — QKD adds the highest level of protection for critical infrastructure. Click each row to learn more.
PQC is the baseline — a software upgrade every organisation needs. QKD is the advanced layer for critical infrastructure where the highest security guarantees are required. For banks, energy, and government, the answer is often a hybrid approach — PQC across the board, QKD for the most sensitive links.
PQC and QKD are the most business-relevant applications today. The broader field is expanding — three adjacent technologies to watch over the next 5–10 years:
Sovereign communication across borders via EuroQCI — where fibre doesn’t reach.
Multi-node networks with quantum repeaters — precursor to a future Quantum Internet.
Already commercially available — certifiably secure randomness for any cryptographic system.
Now
Quantum risk isn't an IT problem — it affects every system that protects customer data, financial transactions, and intellectual property. Assign executive ownership and bring your CISO, CTO, and business leads to the same table. This decision can't wait for the next strategy cycle.
Effort: 1 leadership decision
2026
You likely know your critical systems — but not where cryptography is embedded across your supply chain, legacy infrastructure, and third-party dependencies. A full cryptographic inventory is more complex than most organisations expect and will be a continuous effort over the coming years, not a one-off audit.
Effort: Ongoing programme, not a project
2027 – 2030
Systems that handle long-lived sensitive data go first: customer records, financial transactions, IP. Upgrade to NIST-standardised PQC algorithms where vendor support is ready. For the highest-sensitivity links, consider adding physics-based security layers like QKD. This is a multi-year transformation — but every quarter you wait compresses the runway.
Effort: Phased, multi-year programme
In early 2026, Erste Group, A1 Telekom, and Vienna-based zerothird completed Austria's first integration of entanglement-based Quantum Key Distribution (eQKD) into live banking infrastructure — based on Austrian Nobel Prize-winning research.
The pilot runs on Erste Group's existing fibre network, demonstrating that quantum-secured encryption works in real-world banking environments.
For Austrian corporates, this means the ecosystem, the expertise, and the technology are available locally — no need to look to the US or China.
zerothird
eQKD systems · Vienna
qtlabs
Quantum communication infrastructure · Vienna
Erste Group
First corporate QKD deployment · Austria
A1 Telekom
Network infrastructure partner
NIST FIPS 203, 204, 205 published. EU Commission Recommendation 2024/1101 on a Coordinated Implementation Roadmap published.
EU Member States to submit national PQC transition roadmaps via the NIS Cooperation Group.
High-risk systems and critical infrastructure to complete PQC migration (EU target).
Full transition to post-quantum cryptography for all systems (EU Recommendation).
Note: The EU Recommendation (2024/1101) is a recommendation, not a regulation. However, NIS2 and DORA require risk-appropriate cybersecurity measures — as quantum risk becomes established, this is expected to make PQC migration a practical necessity for many Austrian organisations.
The Quantum Reality Check — Roundtable on Cryptography. A focused format for Austrian corporate innovation leaders — no physics knowledge required. The focus: what does your organisation need to do, and in what order?
Invite-only. Limited places to keep the group focused and personal.