The Year of Quantum Computing: 2026 – Opportunities, Risks and the Path to Quantum Security

How does a quantum computer actually work?

In December 2023, a paper was published in the journal *Nature* [2], confirming the demonstration of a fault-tolerant quantum computer with 48 qubits. In the future, quantum computers will therefore be far superior to classical computers in terms of computing power. This will enable the solving of problems that previously could only be solved very slowly, if at all.

This has sparked sheer euphoria among experts! In medicine, quantum simulations could push the boundaries of what is biologically feasible: drugs would no longer take years to develop, but would be perfected in real time – the ultimate breakthrough for biohackers and the long-awaited salvation for the terminally ill.

In logistics, a disruption on a global scale is even predicted: The ‘travelling salesman problem’ would be a thing of the past, supply chains would run in perfect synchronisation, and billions in losses due to inefficiency could be eliminated overnight.

Materials research could be revolutionised and previously unimagined materials developed. Ultra-efficient batteries for electric cars or extremely lightweight yet stable materials for space travel would be conceivable.

And the potential for artificial intelligence is particularly exciting: the training of large language models from providers such as ChatGPT and Claude is likely to become even more efficient and resource-friendly in future thanks to ‘quantum-enhanced’ methods.

Whilst huge data centres are currently required to train models iteratively at enormous energy cost, quantum computers could fundamentally accelerate optimisation processes, drastically shorten training times and thus save immense amounts of energy.

But there are legitimate concerns here too. After all, a quantum computer could just as easily read your emails.

Current regulatory framework

In January 2026, the G7 Cyber Expert Group adopted a roadmap for the transition to post-quantum cryptography. [3] The focus is primarily on the financial sector, as payment systems, central bank infrastructures and other critical financial services in particular need to be safeguarded against future cryptographic risks at an early stage.

This roadmap is particularly relevant for banks, stock exchange operators and systemically important service providers. The NIST post-quantum cryptography standards from the USA are considered of central importance for technical implementation. In 2024, the first algorithms were defined therein [4], which are also intended to provide security against future quantum computers.

The ISO (International Organization for Standardization) and the ETSI (European Telecommunications Standards Institute) are also developing supplementary standards for secure digital communication. These initiatives do not compete with the NIST guidelines, but rather act as a complement and contribute to the international harmonisation of quantum-secure cryptography. [5] [6]

In the USA, the government has been driving forward the regulatory framework for years. For example, in the National Quantum Initiative Act (NQIA) [7], some 1.275 billion US dollars were allocated as early as 2018 to promote quantum information science.

In the same year, the EU launched the Quantum Flagship programme [8], which received €1 billion in funding. This will fund more than 5,000 researchers and their collaborative work across Europe over a period of 10 years, i.e. until 2028. On the regulatory front, the EU is driving forward quantum security through the NIS2 Directive [9] and the Cyber Resilience Act (CRA) [10], which will require state-of-the-art upgrades for digital products from the end of 2027. However, experts criticise the fact that both directives only contain an implicit requirement for quantum security.

In Germany, there is a concrete action plan for quantum technologies [11] issued by the Federal Government in 2023. This sets the ambitious goal of realising a high-performance quantum computer demonstrator with at least 100 qubits, ‘Made in Germany’, by 2026. The German Quantum Strategy aims to establish Germany as a world leader in quantum technologies. To this end, funding of around 3 billion euros has been allocated to ensure competitiveness. At the end of 2025, the first 10-qubit prototype was commissioned at the Jülich Research Centre as part of the ‘QSolid’ collaborative project. [12]

Impact on businesses and society

This introduces entirely new compliance obligations for businesses in the financial sector. The EU roadmap recommends that critical systems be technically migrated by the end of 2030, with the risk of heavy fines if risk management is inadequate. However, there is no explicit penalty for failing to implement post-quantum cryptography.

The transition to the new standards is intended to follow the same process as any other: conduct a risk analysis, plan and execute the migration, and document the evidence.

Experts warn, however, that this process is too slow and point to the so-called ‘harvest now, decrypt later’ principle. Even today, large volumes of encrypted data are being systematically intercepted and stored – such as diplomatic communications, military research data, intellectual property, health data or strategically relevant financial transactions. The aim of such actors is to retain the information long-term so that it can be decrypted using powerful quantum computers in the future.

Data with long-term sensitivity is particularly critical: international treaties, security-related infrastructure data or the financial transactions of political decision-makers could remain geopolitically or economically relevant even decades from now. The potential consequences range from retrospective espionage and economic competitive disadvantages to strategic shifts in power – scenarios whose full implications are difficult to assess today.

At the same time, the new regulatory requirements are likely to lead to greater security overall, as they raise awareness of quantum-related risks and prompt companies and government bodies to take action at an early stage.

Cyber Security

The Current State of Cyber Security

Today’s cyber security relies largely on RSA and AES-256. RSA, named after its inventors Rivest, Shamir and Adleman, is an asymmetric encryption method. This means that the public key used for encryption and the private key used for decryption are not the same. The RSA algorithm is used for key exchange and digital signatures and is based on the difficulty of factoring large numbers into their prime factors.

AES stands for Advanced Encryption Standard, and the number 256 describes the key length. The data is repeatedly reshuffled using combinatorial methods and a variety of linear algebraic operations. This is a symmetric process. The key used to encrypt the data can also be used to decrypt it.

Both methods have been standardised by the NIST (National Institute of Standards and Technology) for more than 25 years [13] [14] and are now considered secure against the computing power of classical computers.

Q-Day: When quantum computers will change the rules of the game

‘Q-Day’ refers to the point in time when a sufficiently powerful quantum computer becomes available and can effortlessly overcome classical encryption methods. The attack algorithms required for this, such as the one published by Peter Shor in 1994, already exist and are simply waiting for the appropriate quantum hardware.

This means that today’s security measures, such as RSA or AES-256, will no longer be sufficient. Quantum computers could use these algorithms to, for example, calculate 2048-bit RSA keys within a few hours – a computational feat that is practically impossible for classical computers.

Lov Grover developed an algorithm for quantum computers as early as 1996 that optimises the key search. Instead of 2²⁵⁶ attempts (classical), this requires only around 2¹²⁸ quantum operations. Post-quantum, AES-256 is therefore only as strong as AES-128 is today. AES-128 would still be secure against classical computers. However, experts warn that scaling up the number of qubits could crack this as well.

Post-quantum cryptography as a solution

One could simply double the key length for AES and use AES-512, which would effectively put the quantum computer back at the same level of difficulty as AES-256 when using this algorithm. To be on the safe side, however, post-quantum cryptography (PQC) should be implemented as a technical solution. In 2025, NIST standardised encryption algorithms such as HQC and ML-KEM. However, the problem of key exchange via RSA still exists, and if an attacker knows the keys, even post-quantum cryptography cannot stop them. Yet quantum physics offers a solution here too. The promising technology is called Quantum Key Distribution (QKD). In this process, keys are exchanged via subatomic particles. Any eavesdropping would be detected immediately, and the stakeholders of the sensitive data would be informed before an attack could take place.

Practical recommendations for businesses

Those who are wary of the new PQC methods can initially use algorithms from both approaches simultaneously. This approach is known as a hybrid solution and proves beneficial during the implementation of quantum-secure systems.

To ensure quantum security, it is advisable for businesses not to wait until the end of the regulatory deadlines, but to begin implementing quantum security measures at an early stage. In the context of quantum computers, it is advisable to carry out a vulnerability analysis: Which data is particularly sensitive, even beyond the requirements of the GDPR, and could become relevant after Q-Day?

A technical migration plan for the new encryption technology should then be drawn up and tested.

Pilot projects for quantum-secure systems are already commonplace in banking and payment transactions. A recent example is Project Leap by the Bank for International Settlements (BIS) from 2025, which successfully tested post-quantum cryptography in payment systems between central banks. Such initiatives demonstrate that organisations should address the issue of quantum computer security at an early stage in order to optimally protect data and transactions in the long term. [15]

Conclusion

The path to a quantum-secure future

The path to a quantum-secure future is undoubtedly challenging – technologically, organisationally and in terms of regulation. Yet this is precisely where a great opportunity lies: if we lay the right foundations today, the next wave of disruption will not trigger uncertainty, but will instead enable progress.

Quantum computers will change our world – but it is up to us to decide how we respond to them. With a clear understanding of the risks, robust cryptography, continuous modernisation and an open attitude towards new technologies, businesses and society can enter the next era with resilience.

We may only just be coming to terms with the AI hype – yet at the same time we can develop the confidence that the next disruption need not be a threat. Rather, it is another step forward.