Practical preparedness for the PQC transition with quantum cybersecurity
The transition to post-quantum cryptography (PQC) is inevitably ahead of us. This is not about a single technology, but a broad change that affects nearly all systems and especially data stored or in transit. Preparations for the cybersecurity impacts of quantum computing have progressed slowly in domestic private companies, so efforts are being made to accelerate them through various means. As part of a program supported by the National Emergency Supply Agency, Digipool is now conducting a pilot project with companies in the financial sector.
In a project funded by the National Emergency Supply Agency (NESA) and carried out by the NESO (National emergency supply organization) Digipool, we provide concrete information and practical steps for organizations to prepare in advance for the cybersecurity impacts of quantum computing. Through this pilot project, we support banking and financial sector actors, as well as other critical organizations, in anticipating quantum-related risks. For these organizations, a controlled and proactive implementation of the PQC transition is critical for both business continuity and preparedness.
PQC – What it’s about
As quantum computing advances and current encryption algorithms will be broken. Post-quantum cryptography (PQC) is a timely and inevitable change in cybersecurity. In practice, this means updating existing encryption solutions and their management methods to address future threats across all systems and devices.
PQC is not a single technology or project, but a broad transition that affects nearly all digital data transmission and many IT systems. The change is driven by the development of quantum computing, which is expected to be able to break currently used encryption significantly faster in the future. Part of the risk already exists today, as encrypted data can be stored and later decrypted using more powerful methods.
Future-proof PQC algorithms provide a way to protect against these threats. In Finland, companies’ preparedness for the PQC transition is still in its early stages, which is why efforts are being made to promote and accelerate the shift in cooperation with industry.
KvanTiVaPi – practical continuation of the 2024 study
KvanTiVaPi is not a savannah animal, but a pilot project launched in December 2025 with the goal of bringing preparedness for the cybersecurity impacts of quantum computing to a practical level. Our motto is: “Quantum security does not require a quantum computer.”
The project continues the work of the 2024 study “Cybersecurity Impacts of Quantum Computing – Recommendation to Prepare” and focuses on how organizations can in practice start their PQC transition journey.
What the pilot project involves?
What the pilot project involves?
During the pilot project:
- Kick-off and closing events will be organized
- Two workshops will be held, including remote assignments
- Concrete preparations will be made for launching the actual transition project
- Communication will be produced to anticipate upcoming national and EU transition plans
This first pilot targeted at the financial sector will conclude in February 2026. As a result, organizations will have a clearer picture of the impacts of the PQC transition and an understanding of how to initiate the change project.
Why is preparedness important right now?
Why is preparedness important right now?
The PQC transition will be complex and extensive. It will affect nearly all systems, and initially, especially data transmission. For such a complicated technological change in systems that are critical for national security and heavily regulated, early planning is essential:
- Before the risk level becomes intolerable
- Before regulation forces rapid solutions
- Before current technologies, such as TLS 1.3, are phased out
Planning for the transition can already begin. A significant yet cost-effective first step is a crypto BoM (bill of materials, similar to a software bill of materials, SBOM). This is an inventory of your own systems and devices where encryption is used, helping to identify areas that require prioritization and resources. It guides the progression of the change. The project provides guidance for this and for outlining the transition path. When implemented correctly, the change is not just an obligation—it also brings identifiable opportunities.
See the reasons for starting the PQC transition journey in the recording of the kick-off event below.
PQC and data sovereignty
One of the key benefits of PQC-level protection is improved security and sovereignty for data stored in the cloud.
Stronger algorithms protect data both during transmission and at rest. Combined with enhanced key management, they increase confidence that data cannot be exploited without authorization—even with future computing technologies.
Critical financial sector actors for national emergency preparedness participating
Critical financial sector actors for national emergency preparedness participating
Several critical financial sector actors have signed up for the pilot project to advance the PQC security of their systems. Participants include banks, insurers, and other major players in the financial sector.
Quantum computing preparedness
Pilot project is carried out by
The Digipool of the National Emergency Supply Organization and CGI Finland, supported by CGI’s global quantum expertise center. CGI plays a significant role in financial sector systems and is part of the Finnish quantum ecosystem. In addition, CGI participates in international PQC initiatives, including high-security expert work in national quantum cybersecurity projects.
More information on the subject:
NCSC-fi: Post-Quantum Crypto -aikaan valmistautuminen on käynnissä myös Suomessa
World Economic Forum: Quantum Security for the Financial Sector
Europol quantum safe finance sector forum: Quantum Safe Financial Forum – A call to action
FI-ISAC materials: Post Quantum Cryptography Resources
ENISA – quantum migration: Post-Quantum Cryptography: Current state and quantum mitigation | ENISA
NIST PQC-quide: Transition to Post-Quantum Cryptography Standards
NIST PQC-standards project: Post-Quantum Cryptography
France central bank: Securing Central Bank Regulatory Files Transfers With Post-Quantum Cryptography (PQC)
BIS: Project Leap: quantum-proofing the financial system
CGI: Kvanttiteknologia – Kvanttiuhista huomisen teknologiaksi
VTT: Kvanttilaskenta – Käytännön matkaopas tulevaisuuteen
CGI: Finanssiala varautuu uuteen kyberuhkaan – Kvanttiaika mullistaa salausjärjestelmät
