Quantum technologies promise transformative opportunities, enabling breakthroughs in computing, unlocking new use cases across diverse sectors, driving innovation, supporting ultra-secure communications, and delivering unprecedented measurement precision, among other benefits.
However, the development of quantum computing poses a serious threat to the primary cryptographic protocols currently relied upon to ensure confidentiality and integrity.
Today’s widely used cybersecurity protocols are based on computational problems considered practically unsolvable by classical computers. However, the emergence of quantum computers, which exploit quantum phenomena, could overcome some of these challenges, posing significant risks to cybersecurity.
Quantum-related technologies as a strategic priority
According to the Global Risk Institute, there is a probability of between 19% and 34% that in slightly less than 10 years a quantum computer will exist that is capable of breaking the main cryptographic systems used on the Internet today.
And adversaries may not remain passive while waiting for it: they could intercept, copy, and archive encrypted data for future decryption, a strategy known as ‘Harvest Now, Decrypt Later’ (HNDL).
Quantum technologies, together with related high-impact technological areas, are a strategic priority for Europe. Their development will support digital sovereignty, economic security, and competitiveness across a wide range of sectors.
In this context, Europe published in June 2025 its roadmap on post-quantum cryptography, and is now preparing the Quantum Act, which is expected to be published in 2026. How can companies prepare and get ahead? And what should public policies look like around these new technologies and challenges?
Companies preparing ahead for the quantum-challenge
The EU has set quantum-safe transition deadlines. This roadmap, developed by the NIS Cooperation Group, sets out two crucial deadlines:
- By the end of 2026: All Member States must begin their transition to quantum-safe encryption. This involves establishing national quantum-safe (PQC) roadmaps and launching pilot projects for high and medium-risk use cases.
- By the end of 2030: High-risk use cases (e.g. financial, health) or critical infrastructures (e.g. energy, telecommunications) must be transitioned to quantum-safe (PQC) algorithms.
To mitigate the quantum threat and the emergence of cryptographically relevant quantum computers (CRQCs), both new classical techniques (e.g. Post-Quantum Cryptography –PQC) and quantum-based cryptographic methods (e.g. Quantum Key Distribution –QKD) can be employed.
Upgrading cryptosystems to quantum-safe cryptography is a complex task. It requires new hardware and software, updated standards, and the migration of legacy systems, while keeping existing cryptographic infrastructures running and safeguarding sensitive data. This ambitious timeline makes it urgent for European organisations to act now and build a mature cryptographic inventory.
Given the scale and duration of the effort, the transition cannot be reactive or rushed; it must be planned and integrated into proactive technology lifecycle management.
In an environment of growing technological complexity, Telefónica is an experienced strategic technology partner, well positioned to support organisations across all sectors in their quantum-safe transition.
A trusted technological partner in quantum and quantum-safe technologies
Telefónica’s early engagement in quantum technology positions it at the forefront of preparing for both the security risks and the new opportunities that quantum computing will bring.
Telefónica has established a dedicated Centre of Excellence for quantum technologies. The company is already making strides towards quantum-safe networks by integrating an additional layer of protection through quantum-resistant technologies. Telefónica is also collaborating with third parties, showcasing several use cases across healthcare, defence, and utilities, while contributing to broader efforts to build a robust quantum ecosystem.
In this context, Telefónica’s Quantum-Safe Networks offer communication and cybersecurity solutions designed to protect companies’ critical communications and data against the threats posed by quantum computing. If you are interested, contact us.
Policies shaping Europe’s quantum-safe readiness and technology leadership
To ensure leadership and autonomy in this critical domain, Europe must act decisively through coordinated instruments and policies. The defined timelines, with milestones in 2026, 2030, and 2035, is valuable for raising awareness and guiding initial investments. It is a powerful political signal and a necessary catalyst for action.
However, a transition date alone is insufficient to ensure a successful, harmonized, and secure migration across the continent. The challenge lies in technical implementation, and securing the necessary funding, not merely in compliance.
Achieving true readiness will require greater awareness, the development of European technologies and their adoption by industry, clear standards, crypto-agility, adequate funding, testbeds and detailed deployment guidance that goes well beyond calendar deadlines. Attached is our position on the EU Roadmap on Post-Quantum Cryptography.
In this regard, the Quantum Act represents an opportunity to strengthen Europe’s technological sovereignty and accelerate the market uptake of European technologies. The European framework should create the conditions for greater private-sector freedom to operate and achieve returns on investment, thereby mobilising additional private funding for advanced technologies.
At the same time, and through proposals such as the Quantum Act, public-funding governance should be streamlined and funding and public procurement procedures simplified and leveraged to bring technologies and secure infrastructures to market and scale them in Europe. This includes making better use of testbeds, public procurement, and other enabling and funding mechanisms.
But the Quantum Act cannot be developed in isolation from the cryptographic challenges posed by quantum computing. The focus should extend beyond the technology itself to tackle its broader impact. Technologies that are not strictly quantum-based, such as post-quantum cryptography (PQC), should be included within the scope of the Quantum Act, in alignment with the previously mentioned European Roadmap on Post-Quantum Cryptography. In this context, adopting a holistic approach that encompasses quantum-related technologies -moving toward greater technological neutrality- is essential to ensure coherence and effectiveness.
The EU’s timeline provides the what and when, but the true success of the quantum-safe transition will depend on the how, a process driven by technical guidance, adequate funding and continuous feedback. Organizations should not wait; the time to begin your cryptographic discovery and risk analysis is now.
