The Post-Quantum Transition:
The European Moment
When is quantum computing arriving? I keep getting that question in dialogues with European executives this year, and it is the wrong one. Encrypted traffic is being collected today, to be
decrypted the day the machine becomes reality. Harvest now, decrypt later. I spent twelve years
running threat research across seventy countries, and persistent adversaries who collect first
and wait were the norm and not the exception. So the better question is actually around the
confidentiality horizon of your data. A contract, a research file, a financial exchange that must
stay confidential after 2030 is already exposed.
Why start now
DORA has been in force since 17 January 2025, and the technical standard (Commission
Delegated Regulation (EU) 2024/1774) requires cryptographic capabilities that can progress as cryptanalysis advances. NIS2 expects essential and important entities to govern their cryptography deliberately. Only a few of them today could honestly claim to do so. The
European roadmap adds national roadmaps by the end of 2026 and transition targets in 2030 and 2035. The calendar is written, and these dates are here to stay.
A few things to pay attention to:
Post-quantum migration is not a one-time upgrade, and this is the part that boards need to understand and adapt to: it is a multi-year crypto-agility program.
Organizations that have attempted to build their crypto inventory describe it as more
difficult than the migration itself.
Then comes replacing the old stuff without breaking whatever depends on it, in addition
to proving both in audits. One blind spot deserves further attention: AI agents, which already exchange sensitive data over channels that were there before agents existed. Channel security comes inherited, from the CDN, from the gateway, from whichever provider terminates the connection. Inheriting can be
perfectly defensible, but only once someone has looked at it and confirmed the decision, with
an owner name next to it. As agentic systems spread through European businesses, the
quantum question and the AI question intersect exactly there, mostly unexamined.
Standards and vendors: the industrial stake. The post-quantum standards published by NIST are American by the authority publishing them,
though largely European by the science behind them. Eight of the ten designers of ML-KEM, the
primary encryption standard, worked at European institutions. HQC, selected in 2025 as a
backup algorithm, is largely of French origin. Europe did not import the technology, it is co-
designing it.
The economic risk is clear:
- Europe funds the research, then someone else is running what was invented. It
happened with cloud.
- The industrial value is not in the algorithms, as they are open, scrutinized and verified worldwide. The value is around them: trusted implementations, and above all the
inventory and migration work. Certification and the audit logs come after, and
regulators will ask for both.
- European providers can take that layer, but the buying decisions happen in the next two
or three budget cycles, not in 2030. Whoever is on the shortlist when a bank runs its first crypto inventory tender likely keeps the account for the decade.
What the ECA cybersecurity group is doing
The ECA cybersecurity group started from that observation. Not a manifesto, a working method:
put European researchers, vendors and the organisations that buy from them in front of cooperation scenarios concrete enough to argue over, on AI as much as on quantum. The first
scenarios are already on the table. The hard part starts now, putting names and dates against
each of them. Europe has the science. The regulation is there, more of it than in any other market. What is missing is duller: agreed priorities, and something a CISO can point to when the board asks why the European option rather than the American incumbent.
Migration is happening either way; the regulators saw to that. Who does the work, and on
whose terms, is being decided now, in procurement cycles and in working groups like this one,
not in position papers.
Amin Hasbini is an AI & Cybersecurity Executive.
He works on post-quantum maturity and AI agent security. mahasbini.org


