top of page

Actively preparing for future threats from quantum computing: Swiss companies are accelerating their migration to PQC algorithms

Cool color dramatic cinematic style film-like composition and lighting blues greens purples depicting active preparation for future threats of quantum computing Swiss companies accelerating migration to PQC algorithms.jpg

The post-quantum era: a critical priority


Quantum computing is reaching a major technological milestone: quantum computers powerful enough to break classical asymmetric cryptography are not yet here, but experts are highlighting an imminent danger: the "harvest now, decrypt later" scenario. In this scenario, malicious actors capture encrypted data today in order to decrypt it tomorrow, when quantum power becomes accessible. Faced with this threat, Switzerland is taking action: banks, public institutions, and multinationals are all working to protect their assets for decades to come.



Switzerland, a hotbed of PQC and QKD innovation


Unparalleled expertise in quantum cryptography


Switzerland enjoys a historical advantage: it is one of the cradles of quantum cryptography. As early as 2007, IDQuantique (Geneva) implemented a first secure line using quantum key distribution (QKD) to protect elections. Since then, the company has continued to innovate, whether through QKD, quantum random number generators (QRNGs), or hybrid solutions combining QKD and post-quantum. Other players such as Securosys are also integrating PQC into their HSMs, guaranteeing renewed security for the banking and financial sectors.



Pioneering companies: Migros, SEALSQ, etc.


The Migros Cooperative exemplifies the Swiss avant-garde: for more than two years, it has been planning its migration to PQC, setting up a competence center, working on hybrid solutions (VPN, signatures) in collaboration with IBM Rüschlikon, and has decided that, starting in 2025, it will purchase only "quantum-safe" hardware.


For its part, SEALSQ (a subsidiary of WISeKey) has already deployed its PQC technology in sovereign data centers in Switzerland and France, using resilient HSMs and PKIs to meet regulatory requirements. The firm is also behind the first quantum-resistant secure hardware, embedded in semiconductors and IoT solutions.



PQC Standards: A Solid Foundation for Adoption


NIST reached a decisive milestone in August 2024 by publishing its first PQC standards (FIPS 203, 204, 205), including CRYSTALS-Kyber (KEM) and Dilithium (signature). These algorithms, co-developed with Swiss researchers from IBM Zurich, now constitute the global benchmark for post-quantum security.


However, standards do not always equate to maturity: HSMs and KMSs are rarely compatible with production-grade PQC. The major cloud providers (AWS, Azure, Google Cloud) offer PQC primitives in beta or preview only.




Technical and Organizational Challenges of Migration


Complexity of the Cryptographic Ecosystem


The PQC transition is not limited to a simple algorithmic replacement: each layer, from the TLS/SSH/VPN protocol to HSMs, PKIs, and business applications, must be adapted to support larger keys and hybrid formats. A PQC project must be holistic, covering version control, interchangeability between partners, and exhaustive testing.


Crypto-agility and Preliminary Inventory


To ensure a smooth migration, Swiss companies recognize the need to:


  1. inventory the use of existing keys and protocols,

  2. develop "crypto-agility" capabilities (switching from traditional algorithms to PQC as needed),

  3. integrate PQC-compatible HSMs and PKIs today,

  4. engage in dialogue and testing with technology providers.


These steps are encapsulated in several recognized methodological frameworks (PMMP, Aleron frameworks).



Roadmaps: Phased Approaches


Companies are opting for progressive strategies:


Phase 1: Audit & POC (2025–2028)

Evaluation of cryptographic uses,

Hybrid POCs (classic + PQC) in non-critical environments,

Adjustments to cryptographic tools (OpenSSL, libs).


Phase 2: Pilot deployment (2028–2031)

Extension to critical systems (internal PKI, VPN, signatures),

Update of HSM/KMS,

Interoperability testing.


Phase 3: Full migration (2031–2035)

Full adoption of PQC across the entire infrastructure,

Migration of legacy certificates,

Regular key rotation and renewal cycles.


A digital painting depicting a dramatic split screen one side shows the Swiss flag in bold red on a modern background, the other showcases a stormy sky with intense weather. The style is bold, high tension, with distinct sections.jpg

Swiss Case Studies & Specific Applications


Migros: Pragmatic Pioneer


Migros' strategy includes the creation of a dedicated competence center, collaborations with IBM, the integration of PQC HSMs, and the training of development teams. The company now imposes a tacit "quantum-safe" criterion on its future IT acquisitions.


SEALSQ & WISeKey: Sovereign Solutions


SEALSQ has deployed PQC HSMs in Swiss data centers, guaranteeing sovereignty and NIS2 compliance. The company even produces PQC semiconductors for the IoT and automotive industries, complemented by the deployment of six quantum satellites to secure M2M communications.


IDQuantique: Integrated Expertise


IDQ, a leading Geneva-based company, markets PQC, QKD, and QRNG appliances and collaborates with Securosys to strengthen HSMs. It relies on Swiss talent that participated in the development of CRYSTALS-Kyber and Dilithium.



Economic and Regulatory Challenges


  • Massive investments: Global PQC markets are expected to grow from $356 million in 2023 to $1.9 billion by 2029 (+44% annually).

  • Regulatory incentives: The G7 already recommends that financial institutions prepare for their migration, and European directives (NIS2) require quantum-resistant security levels.

  • Competitive advantages: Swiss companies can demonstrate their robustness through "quantum-safe" labels, an antidote to long-term reputational or legal risks.




A strategic and large-scale effort

Switzerland stands out as one of the most proactive countries in the face of the imminent arrival of quantum computing. Thanks to its unique ecosystem—comprised of companies such as Migros, SEALSQ, IDQuantique, and Securosys, and institutions such as IBM Zurich and ETH/EPFL—it is already developing real, pragmatic, and sovereign solutions.


The migration to post-quantum algorithms will not be a simple cryptographic substitution: it requires a systemic and methodical transformation. Swiss companies have clearly understood this: they are auditing their infrastructures, developing cryptographic agility capabilities, testing hybrid solutions, adopting NIST standards, adapting their PKIs and HSMs, and training their teams.


This gradual transition (audit, pilot, production) guarantees a controlled adaptation over the next decade, while the PQC market and regulation support this dynamic.




Sources:

Comments

Rated 0 out of 5 stars.
No ratings yet
Add a rating
bottom of page