Skip to content
Arqit logo on an iceberg
ArqitJul 6, 2026 10:06:04 AM4 min read

How UK telecoms can future-proof networks with quantum-safe encryption

The encryption protecting Britain's telecoms backbone has a shelf life.

Adversaries already know it, which is why they're stockpiling encrypted traffic, betting they'll be able to decrypt it within the decade. For UK operators sitting at the centre of critical national infrastructure, this isn't a future problem… It’s a now problem.

In this article, we’ll look at what UK operators should be doing today and how to do it without ripping out infrastructure that still has years of useful life left.

The regulatory landscape is changing

The UK NCSC published comprehensive PQC migration guidance in March 2025, setting out a three-phase roadmap:

  • Phase 1 (to 2028): Identify cryptographic services needing upgrades and build migration plans
  • Phase 2 (2028–2031): Execute high-priority upgrades
  • Phase 3 (2031–2035): Complete migration for all systems.

The NCSC expects telecoms companies to prioritise migration earlier than other sectors, given their role as providers of critical national infrastructure. By way of comparison, CNI providers in EU member states are expected to complete their transition to PQC by the end of 2030 at the latest.

Why telecoms are uniquely exposed

Current 5G security relies heavily on RSA and Elliptic-curve cryptography (ECC), which are vulnerable to cryptographically relevant quantum computers (CRQCs). Adversaries may already be capturing sensitive 5G signalling data to decrypt once CRQCs become available, posing long-term risk to customer data and authentication credentials.

Three factors compound the risk for telecoms specifically:

  1. Asset lifecycle. Network equipment routinely stays in service for fifteen to twenty years, far longer than cryptographic standards remain relevant.
  2. Harvest-now-decrypt-later (HNDL). Subsea cables, MPLS backbones, and inter-datacentre links carry enormous amounts of traffic that adversaries can conceivably intercept today, store cheaply, and decrypt when a cryptographically relevant quantum computer arrives. Nation-state actors are already doing this.
  3. The growing attack surface. 5G, Open RAN, edge compute, and the explosion of connected devices have pushed sensitive data into places traditional encryption was never designed to protect at scale. The NCSC has signalled that quantum-vulnerable cryptography in long-life infrastructure should be treated as an imminent problem.

In fact, nation-state actors have already been discovered to have compromised CNI providers (including telecoms companies) in the US, EU, and UK. And it has been widely speculated that these attacks were motivated by the potential for HNDL attacks.

What quantum-safe actually means

So, how can telecoms companies protect against the threat posed by CRQCs?

Shor's algorithm is a major component of the oncoming quantum threat. A sufficiently capable quantum computer could use it to break the public-key cryptography that underpins most key exchange today.

On the other hand, symmetric encryption like AES-256 survives the quantum era largely intact, but requires a secure mechanism for key exchange.

Telecoms companies effectively have three options:

  1. Post-quantum algorithms (PQAs) are new public-key schemes resistant to quantum attack. NIST has begun standardising them, but they're computationally heavier than what they replace, and none have decades of cryptanalysis behind them.
  2. Quantum Key Distribution (QKD) offers provable security based on physics, but it requires specialised hardware and doesn't scale well across commercial telecoms networks.
  3. Symmetric Key Agreement (SKA) establishes temporary symmetric keys through a trusted broker, with the quantum-resistant security benefits of symmetric cryptography and far better scalability than QKD.

Predictably, UK, EU, and US security agencies are offering the same recommendation: hybrid approaches that combine post-quantum algorithms with symmetric keying. No single method should carry the full weight of protection.

What practical migration looks like

Four steps matter most.

  1. Start with a cryptographic inventory. You cannot migrate what you cannot see, and most operators underestimate the scope of their cryptographic estate by an order of magnitude.
  2. Prioritise long-lived sensitive data flows. Subsea links, signalling traffic, anything carrying data with long confidentiality requirements (think decades, not months) should be migrated first.
  3. Design for crypto-agility, treating the ability to swap algorithms as an ongoing necessity rather than a one-time migration project. This will protect against the (quite likely) eventuality that today’s most favoured algorithms may not survive the coming years.
  4. Plan to complete your PQC migration by 2030. In effect, this means beginning immediately.

The good news is that this doesn't require a hardware refresh.

The joint BT, Fortinet, and Arqit deployment between three UK sites in London, Exeter, and Adastral Park demonstrated quantum-safe VPN tunnels running on existing FortiGate hardware, delivered as a managed service. The integration uses standards-based interfaces (RFC 8784 for IPsec, ETSI 014 for key delivery), which means it slots into existing OEM equipment rather than displacing it.

The Secure 5G and SEViN-5G projects, both backed by UK government innovation funding, have shown the same approach working at the radio access layer, including a quantum-safe Private 5G testbed using a UK sovereign supply chain.

This software-based approach is attractive for telecoms companies because it avoids the need for expensive and time-consuming hardware replacement projects.

You must know your starting point

UK operators that move first will be the ones their enterprise customers (particularly in financial services, defence, and CNI) trust with sensitive workloads in the 2030s and beyond. Those who wait for "final" standards or a clearer quantum timeline will find themselves migrating under regulatory pressure, which isn’t a great look commercially and tempts fate a bit too much for comfort.

At the outset of such a significant project, the single most important thing you can have is visibility.

You must understand what cryptography is actually running across your network today, where it's exposed, and which links would cost you most if a CRQC arrives ahead of schedule.

Encryption Intelligence gives organisations complete visibility into their use of cryptography. It identifies vulnerabilities, measures risk, and provides clear guidance to reduce exposure, helping to prioritise migration activities.

To find out how Encryption Intelligence can support your PQC migration roadmap, visit our website.

 

RELATED ARTICLES