Welcome to the first edition of QuantumGate’s monthly update. This is where we’ll share what’s shaping the future of quantum and enterprise security, alongside practical insights from what we’re building and learning along the way. In this first edition, we’re also taking a moment to reflect on the past year and how it has informed what comes next!

This Year at QuantumGate

Over the past few months, we have been active across leading security and quantum forums, where one message came through consistently: the quantum era is approaching faster than most organizations are ready for. At the Quantum Innovation Summit in Dubai, we highlighted that many organizations are behind, protecting decades of sensitive data while adversaries begin harvesting encrypted information today. The discussions reinforced a simple truth: post-quantum migration is unavoidable and starts with visibility into existing cryptography.

This theme continued at GISEC GLOBAL 2025, where QuantumGate showcased its quantum-safe security solutions, reflecting the region’s shift from awareness to implementation. Similar conversations carried into Black Hat MEA in Riyadh and CyberQ, where the focus remained on one critical question: where is your cryptography and how ready are you? Catch our CyberQ blog here.

Watch our keynote from CyberQ as CTO, Janne Hirvimies, explored the question “where’s your crypto?” and explained how organizations should approach cryptographic inventory and discovery.

Inside the Product

Since our launch in November 2024, we’ve focused on addressing three persistent data security challenges that many organizations continue to face:

• Quantum risk: Future quantum computers will break today’s asymmetric cryptography, putting long-lived digital data at risk.
• Password exposure: Compromised credentials remain one of the leading causes of breaches, leaving critical systems vulnerable.
• Unmanaged access: Employees increasingly access sensitive data from personal devices, increasing the risk of malware, data leakage, and loss.

To address these challenges, we launched four products, each targeting a specific and urgent gap.

• Crypto Discovery Tool: Before any post-quantum migration can begin, organizations need visibility. Our Crypto Discovery Tool provides a comprehensive view of cryptographic assets across environments. It enables cryptographic inventory, risk assessment, and the foundation for a realistic post-quantum roadmap.
• QSphere: Our quantum-resilient VPN, designed to protect data in transit against both current and future cryptographic threats. It supports organizations transitioning toward quantum-safe communications without disrupting existing network operations.
• Salina: Our passwordless authentication solution, removing reliance on stored passwords and shared secrets. By using cryptographic authentication instead of credentials, Salina reduces exposure to phishing, credential theft, and account takeover attacks.
• Secure VMI: Secure VMI provides a protected virtual environment for accessing sensitive data from unmanaged or high-risk devices. By isolating sessions and preventing data leakage, it enables secure access without exposing endpoints.

Key Takeaways from 2025

There were many takeaways this year, but below are some highlights:
Awareness: The Need to Start Now
Much of 2025 was about building awareness of the quantum threat and helping organizations understand that post-quantum migration is not future work. The message: don’t wait, start now.

The first real step is cryptographic discovery and inventory. Before planning any migration, teams need visibility into where cryptography exists, what protects critical data, and what will be impacted.

Along the way, we saw some challenges:

• Internal alignment across large organizations: Post-quantum cryptography affects more than security teams. Aligning business leaders, IT, cybersecurity, procurement, and risk teams remains one of the biggest hurdles.
• Vendor and ecosystem maturity: PQC technologies and standards are still evolving. Choosing partners who can navigate uncertainty, rather than promise shortcuts, proved critical.
• Integrating PQC with existing transformation programs: Many organizations are already modernizing cloud infrastructure, digital services, and core systems. PQC efforts must align with these parallel initiatives, not compete with them.
• Capability building inside the organization: Teams need to elevate internal understanding to evaluate PQC solutions, support migration, and operate systems after adoption.

Partnerships: Who We’re Building With

Advancing National Readiness with the UAE Cybersecurity Council. QuantumGate partnered with the UAE Cyber Security Council to support national preparedness for future quantum threats, strengthening post-quantum readiness across government and critical sectors. Read more.

Partnering with PwC Middle East to Strengthen Regional Cybersecurity. At GISEC 2025, QuantumGate announced a partnership with PwC Middle East to help organizations across the region assess emerging quantum risks and begin planning for quantum-safe security. Read more.

Collaborating with CPX to Advance Post-Quantum Readiness. At CyberQ this year, QuantumGate and CPX announced a collaboration to support national post-quantum initiatives, including readiness scoring, a PQC Resilience Index, and tools to assess cryptographic posture and enable national-level reporting.

Recommended QuantumGate Reads

Quantum Threat Arrives Early: Race to Protect Data Starts Now. This cover article in Security Middle East Magazine by QuantumGate’s CTO, Janne Hirvimies, challenges the idea that quantum risk is still far off. It explains why long-lived sensitive data is already exposed through “harvest now, decrypt later” threats, and why organizations need to start planning now, beginning with cryptographic visibility and risk assessment. Read more.

National security starts with local code. Janne Hirvimies argues that in the intelligence age, trust depends on who controls the technology itself. As quantum computing threatens today’s encryption, the article makes the case for moving beyond data localization toward true technology sovereignty, where cryptography, code, and infrastructure are owned and understood end to end. Read more.

News Roundup: The Quantum Technology and Security Landscape

2025 marked a shift not just in how quantum technology is built, but in how seriously governments and security leaders are planning for its impact. Below is a snapshot of what changed this year.

Quantum Technology Advancements

Designated by the United Nations as the International Year of Quantum Science and Technology, 2025 reflected a deeper transition in the field. The focus moved away from simply increasing qubit counts toward improving qubit quality, logical qubits, and error correction, signaling a shift from experimental demos to systems that can realistically scale.

Developments from this year:

• IBM unveiled a new quantum processor, Nighthawk, positioned as its most advanced system to date. Designed to scale to thousands of gates and qubits, Nighthawk is aimed at achieving quantum advantage on specific problem classes.
• IBM also demonstrated a record-breaking 120-qubit entangled “cat state,”, the largest fully coherent multi-qubit entanglement achieved so far. Large-scale entanglement is a critical requirement for fault-tolerant quantum computing and remains one of the hardest challenges to solve.
• Microsoft advanced new four-dimensional quantum error-correction codes, designed to work across multiple qubit types. These codes aim to improve logical qubit reliability and highlight the growing focus on error correction as a first-class engineering problem.
• Google reported a major physics simulation result, demonstrating a claimed 13,000× speedup over classical supercomputers for a narrowly defined task.

The focus in quantum computing has shifted from headline qubit numbers to control and error correction, the step that turns lab experiments into systems governments and enterprises can no longer ignore.

Quantum Security Progress Around the World

UAE: Post-Quantum Security and National Migration Planning

The UAE Cybersecurity Council continues to oversee national efforts to prepare for post-quantum threats, positioning the country among the earliest governments to move from awareness into migration planning.

In 2025, the UAE approved its National Encryption Policy and issued the accompanying executive regulation, formally calling on government entities to transition from traditional encryption methods to post-quantum cryptography (PQC). The policy requires entities to develop clear, well-defined, and officially approved transition plans.
Key elements of the UAE’s post-quantum approach include:

• A comprehensive national strategy for post-quantum encryption, led at the federal level and aligned with critical infrastructure protection and long-term data confidentiality.
• Regulatory requirements for compliance-critical entities to begin transitioning to PQC-ready security standards, including mandatory submission of migration plans in 2026.
• Cryptographic inventory and risk assessment as a prerequisite, recognizing that organizations cannot migrate what they cannot see.
• Phased compliance enforcement, with near-term deadlines for priority sectors and longer-term milestones aligned with operational complexity and data sensitivity.

The Wider GCC and Global Post-Quantum Security

Kingdom of Saudi Arabia

• The National Cybersecurity Authority (NCA) enforces strong cryptography practices through the Essential Cybersecurity Controls and National Cryptographic Standards, including requirements for encryption strength, key management, secure protocols, and lifecycle governance.
• While formal post-quantum cryptography (PQC) migration deadlines have not yet been codified, existing compliance frameworks implicitly support the transition by requiring robust cryptographic hygiene, algorithm governance, and long-term data protection practices aligned with global guidance such as NIST’s PQC recommendations.
• As global PQC standards mature and international mandates become clearer, Saudi policy is expected to further define PQC migration expectations within its broader cybersecurity and national resilience framework.

Qatar, Kuwait, Bahrain, and Oman: These countries are pursuing a measured and strategic approach to post-quantum readiness, embedding quantum security considerations within broader national cybersecurity modernization and digital transformation efforts. While formal post-quantum cryptography migration mandates and timelines have not yet been publicly codified, national authorities are increasingly addressing quantum risk through policy statements and capability-building initiatives.

The USA: The U.S. approach is driven by federal policy, agency-level implementation requirements, and NIST standardization.

• Federal mandate to transition vulnerable cryptography: National Security Memorandum NSM-10 establishes post-quantum cryptography migration as a national priority and frames it as a multi-year transition across federal systems.
• Mandatory cryptographic inventory and prioritization: OMB Memorandum M-23-02 requires federal agencies to develop and maintain a prioritized inventory of cryptographic systems that rely on quantum-vulnerable public-key algorithms.
• Discovery and inventory as a recognized bottleneck: U.S. guidance acknowledges cryptographic discovery and inventory as a core challenge and emphasizes the need for scalable approaches to support post-quantum migration.

The EU: The EU approach is coordinated across Member States, focused on synchronized readiness, roadmap development, and ecosystem-wide awareness and standard alignment.

• Coordinated transition planning: The European Commission has published coordinated roadmaps and policy guidance to support the transition to post-quantum cryptography, aiming to harmonize national approaches and reduce fragmentation across the Single Market.
• Emphasis on awareness and preparedness: The guidance pushes organizations to start with understanding exposure, building discovery, and creating a migration roadmap before attempting technology replacement at scale.
• Alignment with standards and mitigation guidance: ENISA has published PQC and quantum mitigation guidance to support consistent understanding of risks, algorithms, and transition considerations across Europe.

The UK

• National guidance with defined migration milestones: The UK NCSC has published PQC migration timeline guidance with staged milestones and an end-state target of full migration by 2035.
• Early requirements focus on discovery and planning: EU guidance treats stakeholder awareness and readiness as core elements of the transition, alongside technical planning.
• Phased approach to reduce operational risk: The roadmap is structured to avoid rushed transitions by sequencing identification, prioritization, and execution over multiple years.