Europol released a report aimed at financial institutions, advising stakeholders to take a structured approach toward preparing for the transition to post-quantum cryptography.
A critical first step is to take an inventory of all business use cases that rely on public key cryptography. This inventory enables the creation of a prioritized transition roadmap by assessing the Quantum Risks associated with each use case, based on three parameters:
- Shelf Life of Protected Data: How long the data remains sensitive.
- Exposure: The extent to which data is accessible to potential attackers.
- Severity: The business impact of a potential compromise.
When the Quantum Risk is assessed, organizations can prioritize actions based on the complexity and timeline required to achieve Quantum Safety for a use case (each use case’s migration time). As part of this activity, organizations can identify, for example, actions that can be launched immediately and the use cases that require coordination with long-term asset lifecycles.
- Solution Availability: Maturity of PQC standards, and their general availability in products and services.
- Execution Cost: The effort, cost, and complexity of implementing the quantum-safe solutions within the organisation.
- External Dependencies: Execution complexity due to coordination required with third parties and their transition roadmaps (standardisation bodies, vendors, peers, regulators, and customers).
Examples of use cases that financial organisations can begin implementing today include:
- Integration of post-quantum requirements into the long-term roadmap for hardware-intensive use cases aligned with financial asset lifecycles.
- Enhancement of confidentiality protection for transactional websites.
- Identification and elimination of cryptographic antipatterns to reduce future technical debt.
Why it matters
While Europol’s recommendations and evaluation criteria are aimed at financial industries, where any compromise to secure digitial infrastructure could mean the direct loss of money – not to mention the loss of business and customer data which can be turned against that business – stakeholders in the media and entertainment market space have exactly the same concerns.
Also, these evaluation criteria can be applied to the adoption of any new technology-based solution and can just as easily be used to justify traditional anti-piracy solutions: Potential losses, cost of losses, costs of solutions, the value of mitigated risks, time needed to implement mitigation techniques, and external dependencies.
Advances in quantum computing are expected to challenge the long-term security of today’s encryption standards. While real projects must be sponsored and approved, quantum computing providers including IBM and Google offer cloud-based simulators that are openly available. Investors in quantum technologies are already witnessing game-changing breakthroughs.
Since most media and entertainment content that is created, produced, distributed and consumed is premium (paid for), anything that might enable bad actors to decrypt content or penetrate hardened software for illegal distribution and use represents a threat.
Any protections that are penetrated by defeating encryption translates into a loss of revenue for distributors and rights-owners; not to mention the rising concern over content used in deepfake campaigns.
Further reading
Prioritising post-quantum cryptography migration activities in financial services, Landing page (to download the report). January 21, 2026. Publications Office of the European Union, Luxembourg. Europol
