That power could unlock major advances in medicine, climate science, and research. But it also comes with a downside: the risk of breaking the encryption systems that protect our data every day, from bank transactions and health records to industrial secrets and sensitive communications. This potential turning point, often referred to as Q-Day, could arrive as early as 2030. And it raises a simple but critical question: how do we secure our systems before today’s protections become obsolete? One of the answers lies in post-quantum cryptography (PQC), which is a new generation of encryption designed to stand up to quantum computing and protect data for the long term. Here’s more.
What is the quantum threat and why does it matter for today’s cryptography?
A quantum computer isn’t just a faster version of a traditional one. It operates under the laws of quantum physics, using concepts like superposition and entanglement, which allow it to tackle problems that are simply out of reach for classical machines.
That’s exactly why current encryption methods are under threat. Today’s digital security relies on mathematical problems that classical computers can’t realistically solve. Quantum computers, however, could change the game and crack these protections far more easily.
From around 2030 onward, today’s encryption could start to break down. Some attackers are already preparing for this future by harvesting encrypted data now, using a “store now, decrypt later” strategy. The idea is simple: collect data today, then decrypt it later once quantum capabilities are available, before post-quantum cryptography becomes widespread.
The good news? We still have a window of opportunity. Roughly five years to make the shift to PQC.
Post-quantum cryptography today: where do we stand on international initiatives and standards?
The move toward post-quantum cryptography is already well underway, guided by solid and widely recognized international standards.
In 2024, the U.S. National Institute of Standards and Technology (NIST) finalized its first PQC standards, validating algorithms such as Kyber for encryption and Dilithium for digital signatures. These selections followed years of rigorous testing and global competition, ensuring they are robust against quantum attacks.
In Europe, agencies like ENISA and ANSSI are also calling for a proactive approach. France’s national cybersecurity agency, ANSSI, emphasizes the need to map cryptographic usage to identify vulnerabilities and adopt crypto-agility, the ability to switch quickly between cryptographic algorithms as standards evolve.
These PQC standards aren’t just recommendations. They’re a roadmap, which is essential for building the post-quantum security we’ll need tomorrow.
Since 2017, our research teams have been working on two complementary pillars of quantum-safe security: Post-quantum cryptography (PQC), which is essential for large-scale migration Quantum key distribution (QKD), designed for the most sensitive use cases.
Through projects like ParisRegionQCI and FranceQCI, as well as bilateral partnerships, we’ve already demonstrated how these technologies can be integrated into existing networks. This work directly feeds into Orange Business solutions and Orange Cyberdefense’s approach, combining crypto-agility, network interoperability, and practical quantum-safe roadmaps for our customers.
- Anticipate. Start now with a comprehensive risk assessment and define a clear, budgeted roadmap for the transition to post quantum cryptography.
- Raise awareness and mobilize. Raise awareness and mobilize. This is also a cultural challenge. Leadership teams and business units must understand why this transition matters. That requires mobilizing post quantum security experts who can translate technical complexity into clear strategic value.
- Inventory and map. Identify all cryptographic assets across the organization, including keys, certificates, signatures, and protocols, as well as how they are used internally and with partners.
- Integrate crypto-agility. Adopt a flexible approach that makes it possible to replace an algorithm quickly when it becomes vulnerable, without disrupting operations.
- Remediate. Integrate hardware and software that are compatible with post quantum cryptography, reduce existing cryptographic debt, and rely on networks and services that already embed this level of protection.
What does this look like in practice?
In the Greater Paris metropolitan area, Orange Cyberdefense has deployed a secure network called Ring. This network enables public authorities, private organizations, and strategic companies to protect their most critical communications against both current and future threats.
We support leading organizations as they move toward controlled and sustainable post quantum security.
Our strengths
- Recognized expertise in cybersecurity and post quantum cryptography.
- Research teams developing robust, ready to deploy solutions.
- Secure infrastructures supported by a sovereign European cloud.
- Tailored support for every sector, whether healthcare, public administration, or strategic industries.
Turning the quantum revolution into a strategic opportunity
When anticipated early, the transition to post quantum cryptography turns the risk of Q Day into three major benefits:
- Long-term protection of critical assets. Sensitive data is protected proactively, hidden vulnerabilities in legacy systems are reduced, and crypto agility ensures lasting resilience.
- Regulatory readiness and stronger digital sovereignty. Organizations can prepare now for future European regulations and reinforce digital sovereignty, particularly through the use of Orange’s sovereign cloud.
- Gain a Competitive advantage. Organizations that move early will lower future compliance costs and position post quantum security as a powerful driver of trust and innovation.
