Post-Quantum encryption with Actalis: protect your data for the quantum era
Quantum computers will make today’s standards obsolete. Actalis, a leading certification authority in Europe, guides you through the PQC transition with compliant solutions and a step-by-step approach.
The future of security is now: quantum risk in plain English
The quantum computing revolution is no longer science fiction: these machines can perform calculations that are unfeasible for classical computers, including breaking today’s asymmetric encryption systems such as RSA and ECC.
Algorithms such as RSA and ECC rely on mathematical problems that are hard for classical computers to solve. Quantum computers, however, will be able to solve these problems much more efficiently, potentially rendering today’s encrypted data and communications insecure.
In other words, what is considered securely encrypted today could be breached tomorrow.
In 2024, almost 2% of all TLS 1.3 connections established via Cloudflare were already protected by post-quantum encryption. This figure is expected to grow rapidly.
How encryption is evolving and how to defend against an HNDL threat
How encryption is evolving and how to defend against an HNDL threat
The threat known as of Harvest Now, Decrypt Later (HNDL) means that sensitive data encrypted today can be recorded and stored by attackers, then decrypted in the future once quantum computers become powerful enough.
Imagine a perfectly sealed safe that is secure today, but opens on its own in a few years because the technology behind its lock has changed. This is the core idea behind HNDL: attackers intercept and store encrypted data – such as emails, backups, application traffic, or B2B exchanges – with the expectation of decrypting it later, when advances in computing, including quantum technologies, make currently unfeasible attacks practical.
This threat is particularly relevant for systems that handle sensitive data with long-term confidentiality requirements, including:
- healthcare and medical records
- financial systems and government infrastructures
This is not scaremongering: it is a call to action
How encryption is evolving and how to defend against an HNDL threat
The threat known as of Harvest Now, Decrypt Later (HNDL) means that sensitive data encrypted today can be recorded and stored by attackers, then decrypted in the future once quantum computers become powerful enough.
Imagine a perfectly sealed safe that is secure today, but opens on its own in a few years because the technology behind its lock has changed. This is the core idea behind HNDL: attackers intercept and store encrypted data – such as emails, backups, application traffic, or B2B exchanges – with the expectation of decrypting it later, when advances in computing, including quantum technologies, make currently unfeasible attacks practical.
This threat is particularly relevant for systems that handle sensitive data with long-term confidentiality requirements, including:
- healthcare and medical records
- financial systems and government infrastructures
This is not scaremongering: it is a call to action
Actalis's response: quantum-readiness and crypto-agility
Organisations managing PKIs (Public Key Infrastructures), networks, digital identities, communications or compliance – including banks, insurers, public administrations, utilities, telecom operators, healthcare providers and ecommerce platforms – cannot afford to wait.
The most pragmatic way to address emerging quantum threats is a hybrid approach*: introducing, where appropriate, certificates and protocols that combine classical cryptography with post-quantum components (PQC). This approach reduces long-term data exposure while preserving operational continuity and existing systems.
Dowload the guide on the PQC transition
As a European QTSP, Actalis adopts a lab-first approach – combining tools, methods and support – to help organisations and public sector infrastructure transition towards quantum-resistant security.
As a leading European Certification Authority, with fully EU-owned data centers and governance, Actalis can help you:
Map encryption systems most vulnerable to post-quantum risks
Establish a progressive, compliant roadmap aligned with NIST standards heh and eIDAS / EU regulations
Integrate PQC keys and certificates either side-by-side or through
heha hybrid deployment
Enable future-ready digital identity and secure communications
Map encryption systems most vulnerable to post-quantum risks
Establish a progressive, compliant roadmap aligned with NIST standards and eIDAS / EU regulations
Integrate PQC keys and certificates either side-by-side or through a hybrid deployment
Enable future-ready digital identity and secure communications
It's not about changing everything today, it's about adapting.
Our guide shows you how to progressively deploy PKI infrastructures that align with emerging NIST standards.
*Some tools, features or services described – including test environments, hybrid certificates and interoperability procedures – may still be experimental and not yet aligned with specific standards. Performance and results may vary depending on client configuration.
It's not about changing everything today, it's about adapting.
Our guide shows you how to progressively deploy PKI infrastructures that align with emerging NIST standards.
*Some tools, features or services described – including test environments, hybrid certificates and interoperability procedures – may still be experimental and not yet aligned with specific standards. Performance and results may vary depending on client configuration.
Actalis PQC Lab: experience post-quantum encryption in practice
Actalis PQC Lab: experience post-quantum encryption in practice
See how post-quantum encryption works with a guided demo
Move from theory to practice. Test hybrid certificates and PQC in a controlled sandbox environment.
As a European Qualified Trust Service Provider (QTSP), Actalis operates within a framework of trust governance, certified supply chains and regulatory oversight.
Throughout the transition to quantum-resistant security, we follow a lab-first approach: first we test, then we extend.
The PQC Lab (beta) offers a controlled environment to: issue and verify hybrid certificates, execute X.509 chain linting, measure latency and interoperability on common use cases (TLS/mTLS, S/MIME, code-signing).
Don't give quantum threats a free pass: build your post-quantum cryptography (PQC) defences with Actalis and safeguard your future.
Don't give quantum threats a free pass: build your post-quantum cryptography (PQC) defences with Actalis and safeguard your future.
A European CA for digital and quantum sovereignty
We bring the best global practices to the local context.
European CA
EU-owned data centers, native eIDAS compliance and strong data and digital identity protection.
Pragmatic approach
Not just theory, but real projects, demos, and regulatory and technical support at every stage of the PQC transition.
Consolidated experience
TLS/SSL, digital signing, timestamping, complex PKI environments and tailor-made solutions for highly regulated sectors.
A European CA for digital and quantum sovereignty
We bring the best global practices to the local context.
European CA
EU-owned data centers, native eIDAS compliance and strong data and digital identity protection.
Pragmatic approach
Not just theory, but real projects, demos, and regulatory and technical support at every stage of the PQC transition.
Consolidated experience
TLS/SSL, digital signing, timestamping, complex PKI environments and tailor-made solutions for highly regulated sectors.
FAQ
What is a Harvest Now, Decrypt Later attack?
The threat known as of Harvest Now, Decrypt Later (HNDL) means that sensitive data encrypted today can be recorded and stored by attackers, then decrypted in the future once quantum computers become powerful enough.
When will post-quantum cryptography become compulsory?
There is currently no fixed deadline requiring organisations to transition to post-quantum cryptography (PQC). However, the transition must take place before Q-Day – the point at which quantum computers capable of breaking traditional asymmetric encryption become widely available.
Taking action early is essential to protect today’s data from "harvest now, decrypt later" attacks. Quantum readiness is the solution and should be initiated by 2026.
Will current certificates stop working?
No. A sudden switch to post-quantum-only certificates would break compatibility with existing systems and legacy applications. Instead, hybrid certificates, which combine classical and post-quantum cryptography, allow both current and future systems to operate securely and without disruption.
Do we need to change everything right away?
No. The priority should be systems that handle long-term confidential data and sensitive communication channels. A hybrid approach enables organisations to start addressing quantum risks while maintaining operational continuity.
Will cryptographic standards continue to change?
It's possible. This is why crypto-agility is critical: to protect processes and platforms that may evolve over time.
Is there a significant impact on end users?
When deployments are introduced gradually – for example through internal pilots, feature flags and rollback mechanisms – the impact on end users is minimal. Wider deployment typically follows only after successful testing and validation.
Why can't we wait until everything is fully defined?
Delaying action increases exposure to HNDL risks, as data collected today may be decrypted in the future. Starting now allows organisations to manage risk, costs and complexity in a controlled way.👩💻👨🏻💻
European Certification Authority and member of the CAB Forum
Actalis is Europe's leading Certification Authority, qualified in line with eIDAS regulations for the provision of trust services and globally recognized for issuing SSL server certificates.