Light golden Rlogo of Finnish AI Region (FAIR EDIH). In is written FAIR - FINNISH AI REGION, EDIH
European union flag wth blue background and golden stars.

The Encryption Endgame: Why the World Faces a Quantum Reckoning

As sufficiently powerful quantum computers edge closer to reality, cybersecurity experts warn the window to protect sensitive data is rapidly closing. From Helsinki to Brussels, the message is clear: organisations must act now—not in five years’ time.

Post-quantum encryption UI concept illustrating advanced cryptographic techniques designed to withstand quantum computing threats.

Text by Martti Asikainen, 30.10.2025 | Photo Adobe Stock Photos

Nauha, jossa FAIR:in yhteistyökumppanien logot.

As sufficiently powerful quantum computers edge closer to reality, cybersecurity experts warn the window to protect sensitive data is rapidly closing. From Helsinki to Brussels, the message is clear: organisations must act now — not in five years’ time.

In the arcane world of cryptography, a quiet but urgent revolution is underway. Across government departments, financial institutions, and critical infrastructure worldwide, organisations are being told they must fundamentally overhaul the encryption systems that underpin modern digital life, and they have roughly a decade to get it right.

The threat comes from quantum computers, which are machines that exploit the peculiar properties of quantum mechanics to perform calculations exponentially faster than conventional computers. Whilst today’s quantum machines remain error-prone and experimental, experts increasingly believe that within 10 to 20 years, quantum computers powerful enough to crack current encryption will exist.

When quantum computers break current encryption — and experts agree it’s a matter of when, not if— the cryptography protecting banking transactions, government secrets, and countless other secure communications will become obsolete. This threat has already spurred action. For example, the crypto industry and cybersecurity experts are actively developing quantum-resistant cryptographic methods to stay ahead of this vulnerability.

The Harvest Now, Decrypt Later

Finland’s state technical research centre VTT, a leading actor in quantum-safe cryptography research heading national projects including PQC Finland and the “Beyond the Limits of PQC” research initiative, has been blunt about the scale of the challenge. 

In a recent analysis published on their website, researchers Markus Rautell and Mari Muurman warn that “the PQC transition is no longer a future goal but today’s necessity,” referring to post-quantum cryptography, an encryption designed to withstand quantum computer attacks.

The reason for urgency is a phenomenon cryptographers call “harvest now, decrypt later”. Adversaries can intercept and store encrypted data today, then decrypt it once quantum computers become available. For information requiring confidentiality over decades, like state secrets, medical records, infrastructure blueprints, the clock is already ticking.

According to VTT’s analysis, most public-keycryptography (PKC) algorithms in use today will be vulnerable to sufficiently powerful quantum computers. PKC underpins secure websites, digital signatures, and encrypted communications — essentially the entire security infrastructure of the internet. The solution is post-quantum cryptography are new algorithms designed to resist both quantum and classical computer attacks. 

And after nearly a decade of work, the first such standards are now emerging.

America Leads the Standardisation

In August 2024, the U.S. government took a major step toward protecting data from future quantum computer attacks. The National Institute of Standards and Technology (NIST) released the first three approved encryption methods designed to withstand quantum threats.

Two of these new methods called ML-KEM and ML-DSA work by solving extremely difficult math puzzles involving something called “polynomial lattices.” Think of it like a complex maze that even quantum computers can’t easily navigate. The third method, SLH-DSA, uses a different approach based on “hash functions,” a technique that scrambles data in a way that’s hard to reverse.

These weren’t created overnight. NIST began this process in 2016, inviting cryptography experts worldwide to submit and test potential solutions. After years of rigorous analysis, these three emerged as the strongest candidates. As NIST put it, they represent “a vital first step” in preparing our digital infrastructure for the quantum era.

The work isn’t finished. In March 2025, NIST added a fourth method called HQC, which uses yet another mathematical approach based on “coding theory.” This variety is intentional. Meaning, if hackers find a weakness in one method, backups exist. NIST is also evaluating 14 additional methods and expects to finalise more standards by 2027.

Europe Sets the Timetable

Whilst American researchers drove the technical standardisation, European regulators are setting the implementation deadlines. In April 2024, the European Commission published a recommendation for a coordinated roadmap for the transition to post-quantum cryptography. This was followed in summer 2025 by the Network and Information Security Cooperation Group (NIS CG), which issued a detailed timetable with three key milestones.

The roadmap establishes three critical deadlines. By the end of 2026, all EU member states must have completed the initial steps defined by NIS CG, drafted national plans, and begun planning and piloting for high and medium-risk use cases. By the end of 2030, high-risk systems must have completed the transition, medium-risk use case planning and piloting must be finished, and quantum-safe software updates should be deployed by default. Finally, by the end of 2035, medium and low-risk systems must have completed the transition where realistically achievable.

As VTT’s documentation emphasises, these are backstop dates, not targets. “The roadmap stresses that deadlines are back-stops: the transition should start as soon as possible to minimise long-term risks,” the Finnish research centre notes. VTT puts it starkly: “The PQC transition is no longer a future goal but today’s necessity. The time for waiting is over; now is the time to act.”

Who's Most at Risk?

Organisations handling data requiring long-term confidentiality face the gravest risks. According to VTT’s analysis, several critical sectors are particularly vulnerable: government (both central and local), defence, financial services, healthcare, logistics, and the energy, telecommunications, and aviation sectors.

As VTT states in their article: “These sectors process data whose sensitivity and confidentiality make them particularly vulnerable to the quantum threat.” The organisation emphasises that these industries must now take action, beginning comprehensive assessments of their cryptographic systems and moving rapidly towards hybrid models or quantum-safe solutions.

The threat is particularly acute for what VTT calls “high-risk use cases”—systems protecting information whose disclosure even decades hence could cause significant harm. Risk classifications, according to the NIS CG roadmap, are determined by data retention periods and sensitivity. A stolen patient record might enable blackmail. Intercepted infrastructure blueprints could facilitate future attacks. Compromised state communications might reveal sources or methods.

The Cryptographic Agility Imperative

Central to both American and European guidance is the concept of “cryptographic agility”—the ability to swap encryption algorithms quickly as threats or standards evolve.

On 17 July 2025, NIST published a second draft version of its guidance titled “Considerations for Achieving Cryptographic Agility”. As NIST states in this document, the issue is not simply about swapping encryption algorithms: “It’s also about building flexible and resilient systems that evolve with the cryptographic operating environment.”

The guidance acknowledges that historically, changing cryptographic algorithms has proved painfully difficult. As VTT notes in their analysis: “Many systems were not originally designed with changes in mind. Tightly integrated system components make updates slow, expensive, and prone to disruption.”

The quantum transition offers a chance to rebuild systems as modular and flexible. The recommended approach involves deploying hybrid schemes first—combining traditional encryption like RSA and ECDH with quantum-resistant algorithms—before eventually retiring classical methods entirely.

This staged migration is necessary because organisations will upgrade at different rates, and it allows time for confidence in new algorithms to build before full deployment. Critically, systems must remain interoperable throughout the transition to prevent communications breakdowns.

Even after migration completes, organisations must expect ongoing changes. VTT warns: “Over time, new vulnerabilities will inevitably be revealed as computing power grows, new methods advance, and technology develops.” Systems designed for what NIST calls “agility-aware design” will handle future transitions far more gracefully.

International Response Gains Momentum

The global response has been coordinated across multiple jurisdictions. In December 2024, security agencies from 18 EU member states issued a joint statement urging organisations to transition to international standards such as NIST’s algorithms.

For organisations beginning the journey,  recommends that high-risk sectors conduct comprehensive cryptographic inventories, assess vulnerability to quantum threats, test NIST-approved algorithms in controlled environments, deploy hybrid solutions, coordinate with supply chain partners, and align internal policies with evolving guidance. 

As VTT’s Markus Rautell and Mari Muurman concludes: “Whether you are drafting your own migration plan or already well advanced in the PQC transition, VTT offers expertise and practical support to help your organisation move forward with confidence into the quantum-safe era.”

Question remains

Significant uncertainties persist. Nobody knows precisely when a cryptographically relevant quantum computer will arrive. Optimists suggest 15-20 years; pessimists warn it could be sooner. Google, IBM, and numerous well-funded start-ups are racing towards quantum supremacy, alongside state-backed efforts in China and elsewhere.

Meanwhile, the new quantum-resistant algorithms remain relatively untested compared to cryptographic methods refined over decades. Subtle implementation errors could introduce vulnerabilities. The mathematics underpinning lattice-based cryptography, whilst appearing robust, hasn’t faced the decades of scrutiny that classical encryption has endured.

Yet despite these uncertainties, the consensus is clear: acting now is far less risky than waiting. As VTT states in their documentation: “Migration will happen, globally. It will not be possible to avoid PQC migration, so preparing and planning now will mean you can migrate securely and in an orderly fashion.”

For the world’s critical infrastructure, government departments, and financial institutions, the quantum reckoning is no longer theoretical. The encryption protecting today’s sensitive data may have only years of useful life remaining. The question is whether organisations act swiftly enough to stay ahead of the quantum curve, or whether they’ll find themselves scrambling to secure systems already compromised by adversaries with very long memories and very powerful computers.

Read VTT’s article “Agile by design: securing systems for the post-quantum era and beyond” by Markus Rautell and Mari Muurman here.

White logo of Finnish AI Region (FAIR EDIH). In is written FAIR - FINNISH AI REGION, EDIH
Euroopan unionin osarahoittama logo

Finnish AI Region
2022-2025.
Media contacts

Follow us on social media

Twitter Facebook-f Youtube Linkedin-in