Giesecke+Devrient says post-quantum shift is urgent
Thu, 9th Jul 2026 (Today)
Giesecke+Devrient has warned that the shift to post-quantum cryptography should now be treated as an immediate priority, with the timetable for action moving forward across industry and government.
The Munich-based security technology group said advances in quantum research, rising investment, and earlier migration plans from large technology companies are changing assumptions about when current encryption methods could become vulnerable. In its view, the risks now extend beyond a theoretical future problem for operators of payment systems, digital identity platforms, mobile networks, Internet of Things deployments, and government infrastructure.
Quantum computers are expected to solve some classes of problems far faster than conventional machines, making them a major focus for researchers and investors. That same computing power has also raised cybersecurity concerns because widely used encryption systems could eventually be broken if sufficiently advanced quantum machines become available.
According to Giesecke+Devrient, a central issue is that the technical threshold for attacking today's cryptographic methods may be lower than previously thought. It pointed to recent scientific work suggesting that elliptic curve cryptosystems could be more exposed than earlier estimates implied.
It also highlighted the pace of spending in the sector, citing analysis suggesting global investment in quantum technology rose sixfold in a single year, helping to accelerate research and commercial development.
Industry planning is shifting as well. Companies including Google and Cloudflare have already set migration plans aimed at completing a move to post-quantum cryptography by 2029, much earlier than roadmaps that once assumed wider adoption would come in the middle of the next decade.
Policy shift
Governments are also beginning to set formal deadlines. Giesecke+Devrient noted that a growing number of public authorities and security agencies have published migration strategies, while the European Union has called on member states to move highly critical use cases to quantum-secure cryptography by the end of 2030.
Standards bodies are making similar changes. Groups including GSMA, 3GPP, ICAO, and the IETF are updating security protocols and technical standards so post-quantum methods can be introduced without breaking interoperability across international systems.
That matters because moving away from current cryptography is expected to take years, not months. Encryption is deeply embedded across software, hardware, networks, and connected services, so migration often requires multiple components to be replaced or redesigned at the same time.
Long-lived systems are likely to face the greatest pressure to move early. Identity documents, telecoms infrastructure, and other critical systems can remain in use for many years, leaving them more exposed if data or credentials created now must remain trustworthy well into the quantum era.
Risk priorities
Giesecke+Devrient said the transition will need to be phased because entire ecosystems cannot be changed in one step. The first priority, it said, should be high-risk areas where long data lifecycles, high criticality, and serious potential harm overlap.
In identity systems, one early application is the use of quantum-secure signatures in official documents to preserve data integrity and authenticity over long periods. In eSIM management, the company identified profile downloads - the transfer and installation of eSIM profiles onto user devices - as a priority area for protection.
The urgency is also shaped by growing concern in the security industry over so-called harvest now, decrypt later attacks. In these attacks, criminals or hostile actors collect encrypted information today in the expectation that they may be able to read it in the future, once quantum computers are strong enough to defeat current protections.
For sectors handling sensitive communications, financial records, or national identity data, that means the risk begins before a practical large-scale quantum computer exists. Data stolen now could still have value years later if the cryptography protecting it is eventually broken.
Giesecke+Devrient said it has already been working on changes to cryptographic systems and pointed to a recent joint feasibility study with the German Federal Printing Office, Bundesdruckerei. The project produced what it described as one of the first functional demonstrators of a national identity card using both classical and post-quantum cryptography under current recommendations for quantum-secure algorithms.
Gabriel von Mitschke-Collande, Chief Digital Officer at Giesecke+Devrient, outlined the company's view of the industry's next steps.
"The move toward a quantum-secure future requires early and coordinated action across the entire industry," von Mitschke-Collande said.
He added: "Companies like G+D are already working intensively to further develop cryptographic methods and security solutions so that digital infrastructures, communication systems, and sensitive data remain protected against future cyberattacks, thereby opening up new opportunities to make the digital age safer than ever. One example is the feasibility study successfully completed this year by G+D and the German Federal Printing Office (Bundesdruckerei) - one of the world's first functional demonstrators of a national ID card featuring both classical and post-quantum cryptography in accordance with the latest recommendations for quantum-secure algorithms. Preparing for the quantum era is therefore not an option for tomorrow - it has already begun."