Q-Day — the point in the future when cryptographers believe that quantum computers will be able to break current encryption — will not be announced. Adversaries will exploit this capability silently.

They’re already mounting “harvest now, decrypt later” attacks, collecting encrypted data today to decrypt once quantum computers are powerful enough. China’s quantum investment equals the rest of the world combined. The threat is already operational.

The digital battlefield is the next battlefield. At the recent Resilience Conference in London earlier this month, government and defence leaders confronted what this means.

European security will depend to a large extent on encrypted communications: real-time coordination between systems, distributed AI networks, and secure data flows across critical infrastructure. When quantum computers break this encryption, the consequences for national security and critical infrastructure will be severe.

With the advances we know about in quantum computing technology, urgency is no longer theoretical.

Europe’s speed problem

Yet European capability cycles can last more than a decade while adversaries iterate in months. The Ukraine conflict shows innovation cycles measured in weeks, not the years typical of traditional defence procurement. Europe is locked into timelines that prevent the agility we need.

Post-quantum encryption algorithms demand significantly more processing power than today’s standards. This creates bottlenecks in secure communications and defence systems where speed matters most.

Critical infrastructure operations experience delays. The US National Institute of Standards and Technology has published post-quantum encryption standards, but these will continue to evolve. Europe needs encryption solutions that can be upgraded easily without wholesale replacement – delivering security without sacrificing performance.

Proving it’s possible

The UK is now proving quantum-resistant encryption can work at carrier scale.

Recent trials at BT’s flagship Adastral testing ground — a replica of its live network — have shown these solutions can deliver high performance without the penalties previously assumed. They are already deployed with tier-one carriers globally, demonstrating the technology is ready. The question is whether procurement and deployment can match the urgency.

This demonstrates that new security technology can be tested and certified rapidly when operators create the right pathways. Traditional defence contractors bring essential scale and integration expertise. Startups bring iteration speed. When national infrastructure operators enable rigorous but fast validation, both groups work together effectively.

Building sovereign capability

Defence spending is increasing across Europe. Capital is available. The challenge is deployment.

Manufacturing capability is being built in the UK, with innovators establishing supply chains independent of foreign dependencies. Some are manufacturing entirely within the North of England, demonstrating that serious technology companies can emerge from the UK’s regions, not just London.

All of Europe needs sovereign technology champions: businesses that don’t rely on foreign supply chains or multi-year procurement cycles from overseas contractors.

Deploy now, while there’s time

Q-Day won’t be announced. The adversaries working to break our encryption won’t tell us when they succeed. Countries outspending us on quantum development won’t publish their capabilities. We have the resources and capability to deploy quantum-ready infrastructure. What we need is the collective will to act at the pace the threat demands—while we still have time to do it properly.