The impact of a future quantum computer on certain common types of cryptography is the most significant privacy concern presented by quantum computing. Without appropriate mitigations, a sufficiently powerful quantum computer could undermine the cryptography that protects the security, integrity and confidentiality of almost all private communications and information in transit 27. This includes personal information. But there are also wider risks beyond our remit, such as to critical national infrastructure, classified intelligence and intellectual property.
A sufficiently powerful quantum computer could be used to solve the mathematical problems used in asymmetric cryptography. This type of cryptography is used throughout IT systems and internet infrastructure. Organisations would not be able to rely on this cryptography to protect the future security, integrity and confidentiality of information anymore. There is also a risk that ‘malicious actors’ are harvesting highly valuable and sensitive encrypted information now in order to decrypt it when they get access to a sufficiently advanced quantum computer in the future. This is called a “harvest now, decrypt later” attack.
There is a lot of uncertainty about when such a sufficiently powerful quantum computer could emerge. It could be anywhere between five to 30 or more years away. But, to ensure communications remain safe in the short and long term, there are well-established ongoing efforts to transition to new quantum secure approaches. The main technique is post-quantum cryptography (PQC), which is endorsed by the NCSC.
Efforts to transition, or prepare for the transition, to PQC are accelerating. In particular, we are already seeing:
- examples of implementations in government and industry; and
- technical guidance to support the transition.
The US National Institute of Standards and Technology (NIST) released the first three PQC standards in August this year. The transition may take some time and implementation is likely to be an ongoing process, as with the introduction of any new cryptography standard. For some organisations, it may be as simple as a software update. For others with more complex IT infrastructures, it may be long and costly. Continuing to protect against both current and future cyber threats to personal information will continue to be important. For example, through basic cyber hygiene and keeping cryptography under regular review.
This section further explores the following key questions:
- What personal information may be at risk?
- Where are we now in the transition to quantum secure systems?
- How might the landscape develop, and what might the future ‘state of the art’ of quantum secure processing look like in 10 years?
- Given existing initiatives, what is the ICO’s remit and role in the transition? And what should organisations do?
- What challenges might organisations face during the transition that impact on personal information?
What personal information may be at risk?
Asymmetric cryptography helps protect almost all internet communications, including a wide range of personal information transfers. For example:
- Secure messages, such as emails and encrypted phone messaging services.
- Browsing information or information submitted on secure websites (ie websites protected by HTTPS). For example, when a person accesses government services online, such as benefits applications, e-voting, or passport controls.
- Information that an organisation or person sends to, or accesses from, the cloud. For example, large amounts of information processed for machine learning and data mining, or health information sent between a network of healthcare providers.
- Information sent when using a virtual private network (VPN). For example, when employees are working from home.
- Encrypted information sent by internet of things (IoT) devices. For example, sensor information, video or voice information processed by smart buildings or in smart homes.
- Encrypted information sent by autonomous vehicles, mobile phone apps (eg mobile phone ticketing), or ATMs.
- Financial transactions, online transactions and digital identity schemes.
- In some cases, information held on some blockchains and digital currencies 28.
Asymmetric cryptography is also used for authentication. For example, using a digital signature to prove who a person is on a network, or establishing that a transaction or software download is authentic, such as anti-virus. If a compromised device or user is granted access to a network via one of these routes, they may have opportunities to set up multiple different types of cyber attack.
Identifying and prioritising the information, systems and cryptography that is ‘most’ at risk is likely to be an ongoing challenge. In general, very high value information that will remain relevant for a long time is considered more at risk than others 29.
The transition to quantum secure systems: where are we now?
There has been a lot of work on ways to address the threat posed by quantum computing. This includes developing new types of “quantum resistant” cryptography (ie PQC), for example:
- The UK government has already introduced mitigations for many critical information and services 30.
- Several bodies, including the NCSC, have developed technical guidance and set out expectations for system owners and large organisations on how to approach the transition 31. NIST are also developing automated tools to help organisations identify and locate cryptography that are ‘at risk’ in their systems.
- The US government has set objectives for a public sector transition to quantum secure systems by 2035. The European Commission has also called for member states to develop a road map 32.
- Some web browsers, online messaging and cloud services, and organisations in health and finance have been exploring and implementing quantum secure technologies.
How might the landscape develop, and what might the future “state of the art” of quantum secure processing look like in 10 years?
Following the introduction of NIST standards in 2024, we anticipate growing uptake of PQC across a broad range of industries in the UK, Europe and the US. Drivers are likely to include international standards, UK government policy, rollout by major service providers, and NCSC guidance. The voice of regulators, including the ICO, will also have an important part to play.
Much as it is today, updating cryptography is likely to be an ongoing process. For example, we are likely to see new PQC algorithms added to the mix during the rollout, as NIST is encouraging their development. We may also see reports about potential discoveries of new vulnerabilities.
We are also highly likely to continue to see classical cyber breaches that impact on personal information throughout the transition period. Such developments are to be expected, and already occur during updates to classical cryptography. Ensuring crypto-agility and management of emerging risks to systems and personal information will continue to be important.
There are also various other techniques in the developing market (not currently endorsed by the NCSC) that we may see organisations adopt in a “quantum secure future” 33. For example, proponents of QKD argue that it will be a necessary complement to quantum secure encryption, as a “physical” guarantee of security. We may also continue to see examples of organisations using a mix of classical and post-quantum cryptography (also known as hybrid schemes), or products offering symmetric cryptography for protecting certain systems, such as IoT 34.
Overall, it is likely that most people and small organisations will be unaware of how different techniques are being used to secure their browsing and transactions online, such as post-quantum cryptography and QKD. It will be important for people to update their security settings on their digital devices throughout the period and for organisations to continue to encourage good cyber hygiene. For large organisations, and those that manage their own cryptographic infrastructure, updating their cryptography over the next ten years could be more complex.
What is the ICO’s remit and role in the transition?
We are not the only domestic regulator with relevant responsibilities 35, and there are also significant international dimensions to the transition. But, we have a wide, cross-economy remit to support the long-term security of personal information and to oversee compliance with information security obligations under:
- UK GDPR and the Data Protection Act 2018 (DPA);
- NIS, as it applies to cloud services and e-commerce platforms; and
- eIDAS, which applies to organisations that provide digital identity or authentication services.
In our view, organisations should consider identifying and addressing quantum risks as part of their existing legal obligations to adapt to new and emerging cyber threats to personal information.
Under UK GDPR, organisations must process personal information “in a manner that ensures appropriate security of personal data … using appropriate technical and organisational measures.” Measures must be appropriate to the risks of processing, and organisations must consider the state of the art 36. Organisations must also report personal data breaches to us.
Cloud services and e-commerce providers, organisations that provide digital identity or authentication services, and internet and telecoms providers also have security obligations under NIS, eIDAS and the Privacy and Electronic Communications Regulations (PECR) respectively. We oversee compliance with these obligations.
There are a range of actions we can take, for example:
- providing guidance, engagement and education;
- assessing and investigating breach reports;
- undertaking proactive and reactive audits;
- issuing information or enforcement notices; and
- in the most serious cases, fining organisations for breaches of their obligations under the relevant legislation.
For example, our role under NIS is to develop guidance and work with the NCSC and law enforcement to respond to security incidents affecting cloud service providers and e-commerce platforms. These may or may not involve personal information. A cloud service would have to report a breach to us as either a NIS incident, or a UK GDPR personal data breach, if they:
- were alerted to a “harvest now, decrypt later” attack that substantially affected their service or led to the disclosure of personal information; or
- made a mistake in implementing PQC that left personal information exposed, that carries a risk to people’s rights and freedoms.
We would assess factors such as the impact of the breach and the pre-existing cyber measures an organisation has in place. We would respond proportionately according to our regulatory action policy and our regulatory approach under ICO25 37. We would work closely with other competent authorities and the NCSC.
There is a risk that organisations do not adapt to the risks posed by a future quantum computer because of factors such as uncertainty or cost. For other organisations, they may still be working towards a baseline level of cyber security to respond to current and more immediate threats. Alternatively, organisations may rush to implement non-standardised solutions and in doing so inadvertently put personal information at risk.
These are examples where input from the ICO and other regulators could have an important part to play in the transition.
1. Our short term role: guidance, engagement and education
We are committed to supporting organisations to understand current and future cyber risks so that they can appropriately protect personal information. We also support efforts to encourage the transition to PQC, once standards-compliant products are available.
Under the DPA and UK GDPR, it is for organisations to determine what technical measures they need to ensure the appropriate level of security for personal information. Nonetheless, we are committed to supporting organisations to understand current and future cyber risks so that they can appropriately protect personal information.
Our encryption guidance emphasises that organisations should be crypto-agile. This means that they keep their encryption use under regular review and remain aware of updates and vulnerabilities. New standards have been developed and, at some stage in the next 10 years, PQC is likely to become an accepted and widely implemented norm in the future state of the art.
In the UK, there is currently less consensus around other quantum-secure technologies, such as QKD or quantum random number generation. Some commentators suggest that the future improvements to these technologies that are currently being developed will lead to a wider uptake.
Our immediate focus is to support existing efforts to prepare for, and encourage, the transition to standards-compliant PQC. For example, we intend to:
- continue to help raise awareness of the risks posed by a quantum computer and the importance of mitigations; and
- update our existing guidance on the security provisions of UK GDPR to reflect the new PQC standards at a later date, in line with the transition to PQC.
This will support the long-term security of personal information.
As the landscape evolves, so will our approach. We will continue to engage externally and are already using futures methodology to help inform this planning.
2. Timelines for transition
In our early engagement, some stakeholders asked whether we will set an expected date for transition to post-quantum cryptography or develop a roadmap and timeline, as some other countries have done. So far, the UK has not taken this approach. Others are interested in when we may start ‘enforcing’ a transition. We will continue to engage and consider these questions in consultation with relevant stakeholders.
What should organisations do?
Under both UK GDPR and NIS, organisations should “have regard to the state of the art” when considering the appropriate security measures that are proportionate to the risk of their processing.
1. Post-quantum cryptography
Following existing obligations and good practice, large organisations should:
- start considering their risk exposure in the immediate and near future.This could include identifying high risk information, critical systems and at-risk cryptography; and
- refer to evolving international standards and NCSC guidance, as required under existing regulations (NIS and UK GDPR).
2. Classical cyber security
Organisations must also continue to protect against the wide-ranging, short- and medium-term cyber security concerns unrelated to quantum computing. This includes basic, day-to-day cyber hygiene. Poor cyber security and classical cyber attacks continue to pose immediate, significant risks to personal information, and the potential for significant economic and personal harm 38.
For further information on managing day-to-day cyber security, see:
- ICO guidance on security, including cyber security and encryption
- ICO guidance on records management and security
- ICO NCSC joint guidance on technical measures and security outcomes
- NCSC Cyber Assessment Framework
3. Other quantum secure technologies
If an organisation is considering whether to use other quantum secure technologies, such as QKD, in addition to PQC, they may consider completing a data protection impact assessment (DPIA). A DPIA may be required, if an organisation’s processing activity is likely to result in high risk to people’s rights and freedoms. A DPIA can help an organisation:
- assess risks to people’s rights and freedoms associated with their processing of personal information; and
- document measures they are taking to address the risk and their reasons.
It should also be noted that under NIS, relevant digital service providers must also provide adequate documentation to demonstrate compliance with the legislation.
What challenges might organisations face during the transition?
It will be important that we have a good understanding of how different sectors and organisations are progressing with the transition, and the challenges different sectors are facing. While the scale of the transition, and complexity of PQC algorithms is new, we have seen many of these challenges before, in past cryptography transitions.
Some challenges that could arise include:
- Misconfiguration errors: Organisations, such as a cloud service provider, might make a mistake when transitioning to PQC that is exploited by a malicious actor, leaving personal information exposed.
Regulatory implications: If the personal data breach is likely to result in a risk to people’s rights and freedoms, the organisation would need to report the personal data breach to us. We would then decide on further action, taking into account factors such as the impact of the breach and the cyber security measures an organisation had in place. We would also engage with the NCSC where appropriate.
- Complex data processing involving multiple data controllers, data processors, devices and legacy IT systems: Organisations may want to enter into complex data sharing arrangements. An example would be councils, public and private health providers and law enforcement authorities wanting to share information to deliver better services to at-risk groups. Organisations may be subject to different constraints, such as legacy equipment or limited budgets to transition to a ‘fully’ quantum secure system. Some may not have a good working knowledge of their existing cyber-security infrastructure.
Regulatory implications: Organisations may need to work together with providers and third parties to coordinate the shift to quantum secure systems. Primary legal responsibility for implementing appropriate security measures rests with each organisation, as data controllers. Data sharing agreements and regular cyber security protocols can support risk management.
- Diverging international approaches:International standards are developing, butdifferent countries may choose to adopt different timelines and set out different expectations around which quantum secure technologies to adopt.
Regulatory implications: Navigating this intersection may be complex for organisations operating internationally, but it must not be a barrier to compliance with UK law. We are committed to working with other domestic regulators to explore the overlap, and with our international partners to maintain an interoperable data protection regime 39. International engagement on quantum standards is led by the NCSC and DSIT. We monitor relevant developments as an observing member of the British Standards Institute PQC standards working group.
- Lack of PQC for certain privacy enhancing technologies: For organisations that choose to deploy certain privacy enhancing technologies 40, it is likely there will be an overlap or delay between implementing classical versions, and the arrival of “quantum secure” versions of these techniques. This could affect, for example, the use of zero knowledge proofs in digital identity or age assurance services. The technique is used to digitally prove something about a person, such as their age, in order to access a service without disclosing the person’s actual age.
Regulatory implications: Organisations will need to consider the impact of quantum computing on privacy-enhancing technologies that they are deploying. In some cases, they may need to adapt their approach pending the arrival of “quantum secure” versions of these techniques. We will continue to monitor the impact of quantum computing on privacy-enhancing technologies.
Further reading
- NCSC blog on post-quantum cryptography: what comes next (2024)
- ETSI whitepaper on quantum safe security cryptography and security: an introduction, benefits, enablers and challenges (2015)
- NIST cybersecurity white paper on getting ready for post quantum cryptography: Exploring challenges associated with adopting and using post quantum cryptographic algorithms (2021)
- CSIRO paper on the quantum threat to cyber security: Looking through the lens of post-quantum cryptography (2021)
- European Data Protection Supervisor’s TechDispatch on Quantum Computing and Cryptography (2020)
- NCSC white paper on quantum security technologies (2020)
27 NIST video on post-quantum cryptography: the good, the bad, and the powerful; NCSC whitepaper on preparing for quantum-safe cryptography (2020); ETSI whitepaper on quantum safe security cryptography and security: an introduction, benefits, enablers and challenges (2015)
28 ETSI whitepaper on quantum safe security cryptography and security: an introduction, benefits, enablers and challenges (2015); CSIRO paper on the quantum threat to cyber security: Looking through the lens of post-quantum cryptography (2021)
29 NCSC whitepaper on the next steps in preparing for post-quantum cryptography (2023)
30 DSIT National Quantum Strategy
31 NCSC blog on post-quantum cryptography: what comes next (2024); NCSC whitepaper on the next steps in preparing for post-quantum cryptography (2023); NCSC white paper on quantum security technologies (2020); NIST article on the release of the first 3 finalised post-quantum encryption standards (2024) ; ETSI technical report on migration strategies and recommendations to quantum safe schemes (2020); Quantum Communications Hub press release on annotated NCSC technology assurance principles relevant to quantum communications (2024)
32 European Commission recommendation on a coordinated implementation roadmap for the transition to post-quantum cryptography
33 Other techniques include quantum random number generation, and hybrid cryptography schemes.
34 An existing example is ArQIT’s cloud-based symmetric key encryption platform.
35 For example, other competent authorities under the NIS regulations include Ofcom, Ofgem and The Civil Aviation Authority: NIS Guidance for Competent Authorities, Annex A. As noted in the DRCF paper, the FCA imposes a range of obligations that are related to operational resilience.
36 ICO guidance on data security
37 ICO guidance on breach response and monitoring; ICO guidance on NIS enforcement
38 See, eg, ICO media release on the growing threat of cyber attacks and our Learning from the mistakes of others report (2024); ICO data security incident trends dashboard; NCSC and NCA whitepaper on ransomware, extortion and the cyber crime ecosystem (2023), NCSC Annual Review 2023
39 DRCF quantum technologies insights paper and ICO webpage about our international work
40 Such as fully homomorphic encryption and zero knowledge proofs (ZKP).