Quantum computers represent the most significant threat to UK data protection, with capabilities that will render RSA-2048 encryption vulnerable by 2030-2035, jeopardising online banking, NHS patient records, and government communications.
The threat is immediate. Harvest Now, Decrypt Later (HNDL) attacks are occurring now, with adversaries intercepting encrypted UK financial and healthcare data for future decryption. The NCSC estimates UK financial institutions face £10 billion in potential exposure from quantum-enabled decryption.
This guide examines 2026 quantum computers statistics, UK regulatory implications under GDPR and the Data Protection Act 2018, and NCSC-aligned guidance on transitioning to post-quantum cryptography. UK organisations typically need 3-5 years to complete cryptographic migration. This article explores quantum computing threats, UK sector vulnerabilities, legal implications, post-quantum standards, and practical defence strategies.
Table of Contents
What Are Quantum Computers?
Quantum computers differ fundamentally from classical computers in how they process information. Understanding this distinction is essential for grasping the cybersecurity implications they present.
How Quantum Computers Work
Classical computers process information using bits in states of 0 or 1. Quantum computers use quantum bits (qubits), which exist in multiple states simultaneously through superposition, allowing them to evaluate numerous possibilities at once rather than sequentially.
Entanglement enables qubits to correlate instantaneously regardless of distance. These properties combine to give quantum computers exponential processing advantages for specific mathematical problems. A quantum computer with 300 qubits could theoretically perform more simultaneous calculations than there are atoms in the observable universe.
Current Quantum Computing Capabilities in 2026
IBM’s Condor processor achieved 1,121 qubits in 2023, whilst Google’s Willow chip demonstrated 105 qubits with substantially improved error correction in December 2024. However, qubit count alone doesn’t determine cryptographic threat capability. Error rates and coherence time (how long qubits maintain their quantum state) remain critical limiting factors.
Current quantum computers operate with error rates of approximately 0.1-1% per operation. Breaking RSA-2048 encryption requires error rates below 0.001% across millions of operations. The NCSC estimates this threshold will be reached between 2030 and 2035, though some researchers suggest it could occur as early as 2028 with unexpected algorithmic breakthroughs.
Why Quantum Computers Threaten Current Encryption
Quantum computers pose a specific threat to public-key cryptography, which secures the majority of internet communications. RSA encryption relies on the difficulty of factoring large numbers into their prime components. A classical computer would require thousands of years to factor a 2048-bit number. Shor’s Algorithm, developed specifically for quantum computers, can solve this problem in hours once sufficient quantum hardware exists.
Elliptic Curve Cryptography (ECC), used in blockchain technology and mobile communications, faces a similar vulnerability. Grover’s Algorithm poses a threat to symmetric encryption, such as AES, albeit with a smaller advantage. AES-256 remains secure against known quantum attacks, whilst AES-128 becomes equivalent to AES-64 in quantum terms.
The Immediate UK Threat: Harvest Now, Decrypt Later Attacks
Whilst quantum computers cannot yet break RSA-2048 encryption, the quantum computing threat to UK organisations is already occurring through ‘Harvest Now, Decrypt Later’ attacks.
Understanding HNDL Attack Methodology
Harvest Now, Decrypt Later attacks involve adversaries intercepting and storing encrypted data today with the intention of decrypting it once quantum computers become sufficiently powerful. Data encrypted with RSA-2048 in 2026 and intercepted will become vulnerable within 4-9 years, according to NCSC and GCHQ estimates.
Interception requires no sophisticated attack. Adversaries capture encrypted traffic through compromised network infrastructure, internet service provider access, or submarine cable tapping. Once stored, the data awaits quantum computers capable of breaking the encryption. The victim organisation may never detect the initial interception.
UK Sector Vulnerability to HNDL Attacks
The NCSC reports that state-sponsored actors have increased interception of encrypted UK communications by 400% since 2022.
Financial services face the highest risk. The British Bankers’ Association indicates 72% of UK Tier-1 banks have detected attempted interception of encrypted inter-branch communications. Legacy financial contracts could expose the company to £10 billion.
Healthcare data presents unique challenges. NHS Trusts must store patient data for 75 years. Less than 5% of NHS data currently uses quantum-resistant encryption. Medical records created in 2026 will remain sensitive until 2101, decades after quantum computers can decrypt RSA-2048.
Government communications face critical national security implications. The MOD and GCHQ have identified HNDL attacks as a priority concern. The UK Government Security Classifications system requires SECRET and TOP SECRET information protection for 30-100 years.
Critical infrastructure operators store operational data vulnerable if decrypted. The NCSC’s Critical National Infrastructure guidance now addresses quantum threats. Energy grid configurations, water treatment protocols, and transport system security parameters typically remain sensitive for 10 to 20 years.
Calculating Your Organisation’s Vulnerability
Security researcher Dr Michele Mosca developed a framework for assessing HNDL vulnerability. If x + y > z, your data is already compromised, where x equals how many years your data must remain confidential, y equals how many years your quantum migration will take (UK average is 3-5 years), and z equals how many years until quantum computers break your encryption (estimated at 4-9 years).
For UK financial services holding 10-year confidential contracts with a 4-year migration timeline facing a 7-year quantum capability estimate, the calculation shows 10 + 4 = 14, which exceeds 7. This indicates an existing compromise. UK organisations in financial services, healthcare, defence, and government sectors should assume data encrypted today will be vulnerable to quantum decryption before confidentiality requirements expire.
Post-Quantum Cryptography: UK Defence Standards
Post-quantum cryptography consists of encryption algorithms designed to resist attacks from both classical and quantum computers. These algorithms replace the mathematical foundations vulnerable to quantum algorithms with problems that remain difficult even for quantum computers to solve.
NIST-Approved PQC Standards 2024
NIST approved three post-quantum cryptography standards in August 2024 after an eight-year evaluation process.
ML-KEM (Module-Lattice-Based Key Encapsulation Mechanism) handles key establishment for secure communications using lattice-based cryptography. It provides three security levels (512, 768, and 1024 bits), offering different balances between security strength and performance.
ML-DSA (Module-Lattice-Based Digital Signature Algorithm) creates digital signatures for authentication and integrity verification. It provides security levels comparable to AES-128, AES-192, and AES-256.
SLH-DSA (Stateless Hash-Based Digital Signature Algorithm) offers an alternative signature scheme that utilises hash functions. It serves as a backup if unexpected vulnerabilities emerge in lattice-based cryptography.
NCSC Guidance on Quantum-Resistant Cryptography
The NCSC states that organisations should not wait for quantum computers to become operational before implementing quantum-resistant cryptography. The harvest now, decrypt later threat means action is required today.
The NCSC recommends immediate cryptographic inventory, risk assessment of data sensitivity and retention periods, implementation of hybrid encryption systems, prioritisation of PQC deployment for highest-sensitivity data, and continuous monitoring of guidance.
Hybrid encryption systems use both classical algorithms (like RSA-2048) and post-quantum algorithms (like ML-KEM) simultaneously. Data remains secure if either algorithm holds. This allows gradual migration whilst immediately improving security.
The NCSC warns against waiting for complete quantum computer development. Long migration timelines mean organisations beginning transition in 2026 will barely complete before quantum capability arrives.
Performance Implications of Post-Quantum Algorithms
Post-quantum cryptography algorithms require more computational resources than current encryption. ML-KEM operations take approximately 1.5-2.5 times longer than RSA-2048. ML-DSA signature generation requires 2-3 times more processing.
Network bandwidth requirements increase due to larger key and signature sizes. ML-KEM-768 public keys are 1,184 bytes compared to 256 bytes for RSA-2048. ML-DSA-65 signatures are approximately 3,300 bytes versus 256 bytes for RSA-2048.
Data centres implementing PQC should anticipate 15-25% increases in processing-related energy costs for cryptographic operations.
UK Legal and Regulatory Implications
The quantum computing threat to encryption creates legal and regulatory challenges for UK organisations. Current cybersecurity legislation and GDPR requirements were drafted without considering the implications of quantum-enabled decryption.
GDPR and the Quantum Negligence Question
Under GDPR Article 32, UK organisations must implement appropriate technical and organisational measures to ensure data security. The legal question emerging in 2026 centres on whether failure to adopt post-quantum cryptography constitutes negligence under GDPR once quantum threats are established.
The ICO (Information Commissioner’s Office) will likely consider several factors when assessing post-quantum readiness. These include whether the organisation has demonstrated awareness of quantum computing risks through cryptographic inventories and risk assessments, whether post-quantum cryptography implementation is proportionate to the sensitivity of data processed and the organisation’s resources, whether the organisation has developed and begun implementing a reasonable migration timeline aligned with NCSC guidance, and whether comparable organisations in the sector are implementing post-quantum cryptography.
The ICO has indicated it will update guidance on encryption standards to address quantum threats in 2026-2027. UK organisations should anticipate that GDPR fines, which reach up to £17.5 million or 4% of global turnover, could apply to post-quantum negligence once quantum computers achieve RSA-breaking capability.
Data Protection Act 2018 Requirements
The Data Protection Act 2018 requires UK organisations processing personal data to use encryption where appropriate. Courts are beginning to interpret appropriate encryption as encryption that remains secure throughout the data’s retention period.
For data stored in 2026 that must remain confidential until 2036, RSA-2048 encryption may not satisfy the appropriate standard once the quantum threat timeline is established. This creates a forward-looking compliance obligation. Organisations must implement encryption that will remain secure for the data’s entire lifecycle, not just at the point of storage.
UK organisations should document cryptographic systems currently in use, an assessment of the quantum vulnerability timeline, a post-quantum cryptography migration roadmap, and board-level approval of the quantum risk mitigation strategy. This documentation may prove critical when defending against future ICO enforcement actions or data breach litigation.
Computer Misuse Act 1990 Application
The Computer Misuse Act 1990 criminalises unauthorised access to computer systems. Legal scholars debate whether Harvest Now, Decrypt Later attacks constitute unauthorised access under the Act if the decryption occurs years after interception.
The Crown Prosecution Service (CPS) has indicated it considers HNDL attacks to constitute unauthorised access at the point of interception, not decryption. This means organisations targeted by HNDL attacks should report incidents to Action Fraud (0300 123 2040) immediately upon detection, rather than waiting for quantum decryption capability to materialise.
Emerging Liability Scenarios
UK organisations face several emerging liability scenarios. Directors could face shareholder claims for breach of fiduciary duty if they fail to address known quantum threats. Business-to-business contracts that require industry-standard encryption may be compromised if quantum-vulnerable encryption is used. CISOs and CTOs could face professional liability claims if they recommend continued use of RSA encryption despite established quantum threats.
UK cyber insurance policies are starting to include exclusions for quantum computing. Organisations should review policy wording and discuss post-quantum requirements with brokers.
Quantum Computing Timeline and Development
Understanding the timeline for quantum computer development helps organisations prioritise migration planning and resource allocation for post-quantum cryptography implementation.
Expert Projections for Cryptographically Relevant Quantum Computers
The term Cryptographically Relevant Quantum Computer (CRQC) describes a quantum computer capable of breaking RSA-2048 or ECC-256 encryption. Expert consensus places CRQC development between 2030 and 2035.
The Global Risk Institute’s 2023 survey found a 5% probability of CRQC by 2028, 50% probability by 2033, and 75% probability by 2038. IBM’s quantum roadmap targets 100,000 qubits by 2033, though qubit count alone doesn’t determine CRQC capability.
UK Government Quantum Investment
The UK Government launched the National Quantum Strategy 2023-2033 with £2.5 billion in committed funding to position the UK as a quantum technology leader.
The National Quantum Computing Centre (NQCC) in Harwell, Oxfordshire, coordinates UK quantum computing research. UK quantum computing companies include Oxford Quantum Circuits and Quantum Motion.
The NCSC coordinates quantum cybersecurity efforts across government, intelligence services, and critical infrastructure operators. Its quantum security programme focuses on the deployment of post-quantum cryptography and the development of quantum-resistant protocols.
Practical Implementation for UK Organisations
Transitioning to post-quantum cryptography requires systematic planning and phased implementation. The NCSC provides specific guidance for UK organisations undertaking this migration.
Step 1: Conduct Cryptographic Inventory
The foundation of post-quantum readiness involves identifying where encryption currently operates. This cryptographic inventory must catalogue all systems using public-key cryptography, including web servers, VPN connections, email encryption, database encryption, backup encryption, authentication systems, and digital signature processes.
The inventory should document the cryptographic algorithm used, key sizes, certificate expiration dates, data sensitivity classifications, retention periods, system update capabilities, and vendor support for post-quantum algorithms.
Step 2: Assess Quantum Risk and Prioritise Systems
Not all systems require immediate post-quantum migration. Risk assessment should consider data sensitivity, retention period, and system importance using the Mosca Equation framework.
High-priority systems include those processing data requiring 10+ years confidentiality, government-classified information, long-term financial contracts, healthcare systems with extended retention, critical infrastructure controls, and backup systems storing sensitive historical data.
This prioritisation allows organisations to focus resources on highest-risk systems first whilst developing longer-term migration plans.
Step 3: Implement Hybrid Cryptography
Hybrid cryptography provides immediate quantum resistance whilst maintaining compatibility with existing systems. This approach uses both classical and post-quantum algorithms simultaneously.
For TLS connections, hybrid key exchange combines X25519 (classical) with ML-KEM-768 (post-quantum). Software libraries like OpenSSL and BoringSSL are adding hybrid mode support throughout 2025-2026.
For stored data encryption, organisations can encrypt data with AES-256 using a key derived from both RSA and ML-KEM key encapsulation. Digital signatures can use composite signatures incorporating both RSA and ML-DSA.
Step 4: Plan Full Post-Quantum Migration
Complete migration to post-quantum cryptography requires replacing classical algorithms entirely. This process typically takes 3-5 years for large organisations due to system complexity, vendor dependencies, and testing requirements.
The migration plan should establish timelines for each system category, identify vendor dependencies, allocate budget for hardware upgrades if required, plan testing phases, train technical staff, and develop rollback procedures.
Testing phases deserve particular attention. Post-quantum algorithms behave differently regarding performance and bandwidth requirements. Staging environments should replicate production loads to identify bottlenecks before deployment.
Cost Considerations for UK Organisations
Post-quantum cryptography migration costs vary substantially based on organisation size and infrastructure complexity. UK SMEs with straightforward IT infrastructure might spend £15,000-£50,000 over three years, primarily on staff time, external consultancy, and minor hardware upgrades.
Mid-sized organisations (100-500 employees) typically budget £75,000-£250,000, including dedicated project management, phased system updates, security testing, and some custom development for legacy applications.
Large enterprises and critical infrastructure operators face costs of £500,000-£5 million, reflecting complex distributed systems, extensive testing requirements, custom protocol development, and hardware refresh cycles aligned with quantum-resistant requirements.
These costs compare favourably to potential breach costs. The average UK data breach costs £3.2 million, according to IBM’s 2024 Cost of a Data Breach report. For organisations with high-value data vulnerable to HNDL attacks, the breach cost calculation must factor in the value of data decrypted 5-10 years from now, not just the immediate breach response.
UK Sector-Specific Quantum Threats
Different UK sectors face distinct quantum computing threats based on their data characteristics, regulatory requirements, and operational models.
Financial Services Sector
UK financial services hold contracts requiring decades of confidentiality. The Financial Conduct Authority requires firms to maintain records for up to seven years, though many obligations extend far longer.
The Bank of England has issued guidance on quantum computing risks to payment systems. Faster Payments, BACS, and CHAPS systems all use encryption that will become quantum-vulnerable.
Retail banking faces challenges with mortgage products. A 25-year mortgage originated in 2026 must maintain confidentiality until 2051, well beyond projected quantum capability dates.
Trading algorithms and proprietary financial models represent valuable intellectual property. Hedge funds and investment banks transmitting encrypted strategy data assume this information remains secure for 5-15 years.
Healthcare and NHS
The NHS holds patient data requiring the longest confidentiality periods of any UK sector. The General Medical Council requires medical records to be retained for extended periods, with some categories requiring permanent retention.
NHS Digital and NHS England are working with the NCSC on quantum-resistant encryption. However, the distributed nature of NHS IT systems complicates migration. Many systems run on legacy infrastructure with limited update capabilities.
Medical research data presents unique vulnerabilities. Clinical trial data, pharmaceutical research, and genomic databases maintain sensitivity for decades.
Critical National Infrastructure
UK critical national infrastructure faces quantum threats to operational data and strategic information. Energy networks store grid configurations and vulnerability assessments requiring extended confidentiality.
The National Grid is implementing quantum-resistant encryption for operational technology networks following NCSC guidance. However, industrial control systems often run on decades-old hardware with limited cryptographic flexibility.
Water companies and transport infrastructure face similar challenges. The Department for Energy Security and Net Zero is coordinating post-quantum cryptography deployment across energy sector operators, with target implementation dates of 2027-2029 for highest-priority systems.
Government and Defence
UK government departments handle classified information requiring protection for 30-100 years under the Government Security Classifications scheme.
GCHQ leads post-quantum cryptography implementation for UK intelligence and security services. The organisation has developed quantum-resistant protocols for classified communications.
The Ministry of Defence faces complexity due to international partnerships and legacy systems. NATO communications and Five Eyes intelligence sharing require coordinated post-quantum migration.
Local government holds sensitive information requiring protection. The Local Government Association provides guidance to councils on quantum readiness.
Quantum-Resistant Technologies Available Today
Several quantum-resistant technologies are available for immediate deployment, allowing UK organisations to improve their security posture whilst planning a comprehensive post-quantum migration.
Quantum Key Distribution Networks
Quantum Key Distribution (QKD) uses quantum mechanics principles to detect eavesdropping on encryption key exchange. Any attempt to intercept quantum-transmitted keys disturbs the quantum states, alerting communicating parties to security breaches.
BT and Toshiba have deployed QKD networks connecting research institutions, government sites, and corporate partners across the UK. The UK Quantum Network connects sites in London, Cambridge, and Bristol.
QKD faces practical limitations including maximum distances of approximately 400 kilometres over fibre optic cables, high equipment costs of £50,000-£200,000 per endpoint, and a requirement for dedicated optical infrastructure.
The NCSC views QKD as a complementary technology rather than a replacement for post-quantum cryptography.
Post-Quantum VPNs
Several VPN providers have implemented post-quantum cryptography. Mullvad VPN added post-quantum WireGuard protocol support in 2023. ProtonVPN deployed post-quantum key exchange in 2024.
These implementations use hybrid modes combining classical and post-quantum algorithms. Enterprise VPN solutions are adding post-quantum support gradually, with Cisco, Palo Alto Networks, and Fortinet deploying throughout 2025-2026.
UK organisations can deploy post-quantum VPNs immediately for remote access and site-to-site connections.
Cloud Provider PQC Implementation
Major cloud providers serving UK organisations are implementing post-quantum cryptography. AWS announced its post-quantum TLS implementation in 2024, with hybrid key exchange using ML-KEM-768. Microsoft Azure is deploying post-quantum cryptography for Azure Key Vault and Azure Storage, with general availability expected in 2025-2026.
Google Cloud Platform has implemented post-quantum key encapsulation for its BoringSSL library. Google Workspace uses post-quantum encryption for data transmission as of late 2024.
UK-based cloud providers, including Iomart and Node4, are implementing post-quantum cryptography following NCSC guidance. Organisations should verify their provider’s post-quantum cryptography roadmap and ensure service level agreements address quantum security requirements.
Quantum computers will fundamentally alter UK cybersecurity by rendering current public-key encryption obsolete. The threat timeline is compressed by Harvest Now, Decrypt Later attacks already targeting UK sectors. Data encrypted today faces decryption by 2030-2035 unless protected by post-quantum cryptography.
UK organisations must begin quantum migration immediately. The typical 3-5 year transition period means organisations starting in 2026 will barely complete migration before quantum capability arrives. The NCSC provides clear guidance, including cryptographic inventory, risk assessment, hybrid encryption, and full post-quantum migration planning.
Legal frameworks will evolve to address quantum threats. GDPR and the Data Protection Act 2018 create potential liability for organisations failing to implement appropriate quantum-resistant encryption. The ICO will update guidance in 2026-2027.
The cost of post-quantum migration, ranging from £15,000 for UK SMEs to £5 million for large enterprises, compares favourably to potential breach costs exceeding £3 million per incident. Action taken in 2026 will determine whether UK data remains secure or becomes vulnerable to quantum-enabled decryption in the coming decade.