Quantum Won’t Break Your Encryption Tomorrow, But the Bill Is Already Coming Due
Quantum computing’s having a moment this summer. France’s cybersecurity agency ANSSI announced it’d stop certifying security products lacking quantum-resistant encryption starting in 2027, with full procurement compliance expected by 2030. Around the same time, Pitchbook reported that global quantum computing funding hit $3.9 billion in 2025, with Q4 alone pulling in $1.5 billion. And earlier this year, Google suggested that cryptanalytically relevant quantum computers could arrive by 2029, compressing previous timelines that put the threat at least a decade out. Keep in mind, though, that Google is also one of the largest quantum investors, so read their forecast with appropriate skepticism.
You’d be forgiven for thinking the sky is falling, because much of that money looks like it’s chasing the next hype cycle. According to Pitchbook’s Q2 2026 report, the leading investors in quantum aren’t specialist firms; they’re NVIDIA, BlackRock, JPMorgan, and sovereign wealth funds. The median quantum startup valuation sits at $32.8 million, but the average reaches $537.4 million because a handful of late-stage deals inflate the numbers. That gap is the story – a handful of companies are being showered with cash while most scrape by. In most cases, this is physics experiments looking for funding.
So why should a small or medium business (SMB) care? Because France’s procurement mandate, even if you never sell to the French government, signals where standards are heading. ANSSI certification is a practical gate for government agencies and critical operators. Vendors who can’t meet it lose the market, and global standards tend to converge. Large customers in both Europe and the US will start requiring post-quantum roadmaps from their suppliers regardless of where those suppliers are headquartered.
The US approach is more distributed but points in the same basic direction:
- NIST published FIPS 203, 204, and 205 in August 2024, covering ML-KEM, ML-DSA, and SLH-DSA
- OMB Memorandum M-23-02 directed federal agencies to inventory cryptographic systems by May 2023 and annually through 2035
- Congress codified the framework in the Quantum Computing Cybersecurity Preparedness Act (Pub. L. No. 117-260)
- CISA released product-category guidance in January 2026 to help organizations identify where post-quantum adoption matters
There’s no bright-line certification ban like France’s, but the procurement pressure is real and we’re all eventually going to have PQC algorithms through federal contractors and their supply chains. The road is slower than France’s, but it dead-ends in the same place.
The legal exposure is also slowly increasing. If data hypothetically stolen in 2026 gets decrypted in 2032 because an organization kept using known-vulnerable public-key cryptography, plaintiffs’ lawyers could argue the risk was foreseeable. The “harvest now, decrypt later” problem also scrambles the notification clock. Most state statutes trigger disclosure only once an organization determines a breach has occurred, not when the data actually left the building. So data quietly siphoned off in 2026 could generate a fresh round of 2032 breach notifications and AG investigations, six years after the fact, once the attacker finally decrypts it.
Here’s what SMBs should do in practice:
- Inventory your cryptography. Map your TLS handshakes, VPN tunnels, code signing, certificates, mobile apps, and vendor connections. Know which systems rely on RSA, ECC, or ECDSA and which ones are crypto-agile. (If this all sounds like acronym salad, a vCISO can help plan how to do this)
- Classify data by secrecy lifespan. Trade secrets, medical records, source code, merger documents, and privileged communications deserve priority. Session logs that expire in 90 days don’t.
- Ask vendors specific questions. Which algorithms are deployed and where? Do they support hybrid PQC modes? Can firmware and certificates migrate at scale? Is their roadmap aligned with NIST timelines? “We use military-grade encryption” stopped being an acceptable answer months ago.
- Update contracts. Add cryptographic agility obligations, vulnerability notice requirements, and replacement rights for non-migratable products.
- Pilot before you commit. Post-quantum algorithms affect handshake timing, certificate size, and embedded device constraints. Test quietly before declaring victory.
France’s move, the investment frenzy, and the US standards push all point the same direction. The question isn’t whether post-quantum cryptography matters. It’s whether your organization will know where to put it when the pressure arrives.