Updated juni 28, 2026
Summary: Quantum Key Distribution protects against interception at the physical layer, while post-quantum cryptography secures data algorithmically; regulated EU organisations need both as complementary layers, supported by EuroQCI infrastructure and ETSI GS QKD 014 governance.

Quantum key distribution (QKD) is a method of generating and exchanging cryptographic keys whose security is guaranteed by the laws of quantum mechanics rather than by the assumed computational difficulty of a mathematical problem. Any attempt to intercept the key material disturbs the quantum states and is therefore detectable. For European regulated organisations, this physical-layer guarantee matters precisely because the threat horizon has lengthened: data captured today and decrypted by a future cryptographically relevant quantum computer remains a real exposure even if that computer is years away.

QKD and Post-Quantum Cryptography: Different Tools for Different Problems

QKD and post-quantum cryptography (PQC) are frequently conflated, but they operate at entirely different levels of the stack and address different adversary scenarios.

PQC replaces classical public-key algorithms (RSA, elliptic-curve Diffie-Hellman) with new mathematical constructions that are believed to resist attacks from quantum computers. In August 2024, NIST finalised its first PQC standards, including ML-KEM for key encapsulation and SLH-DSA for digital signatures. These algorithms run in software on existing hardware, can be deployed immediately across TLS, VPN and email infrastructure, and protect all data in transit regardless of network topology. Their limitation is that their security remains an assumption: a sufficiently powerful quantum computer or an unforeseen mathematical breakthrough could in principle compromise them.

QKD generates symmetric key material over a dedicated optical channel using individual photons. Its security is information-theoretically provable, not dependent on hardness assumptions. As ENISA states in its report on quantum key distribution: “Quantum communication technologies, and in particular quantum key distribution, offer a level of security that is information-theoretically provable, not dependent on computational hardness assumptions.” The practical limitation of QKD is that it requires dedicated hardware (QKD transceivers, single-photon detectors), trusted relay nodes for distances beyond roughly 100 km, and point-to-point fibre or line-of-sight free-space optical links. It cannot be deployed as a software update.

Dimension Post-Quantum Cryptography (PQC) Quantum Key Distribution (QKD)
Security basis Mathematical hardness assumption Laws of quantum physics
Deployment Software update to existing infrastructure Dedicated QKD hardware and optical links
Network scope Any network type, including internet Point-to-point fibre or free-space optical only
Operational cost Low (incremental to existing PKI) High (hardware, installation, trusted nodes)
Standardisation NIST FIPS 203, 204, 205 (finalised 2024) ETSI GS QKD 014 (interface), vendor interop maturing
Appropriate for All regulated organisations, immediately High-assurance fixed links, critical infrastructure

The ETSI Quantum Cryptography Working Group formulates the distinction operationally: “The security of QKD relies on the laws of physics rather than mathematical complexity, making it uniquely suited to protecting data that must remain confidential for decades.” For a hospital preserving patient genomic data, a central bank archiving transaction records, or a government ministry protecting classified communications, that decade-long confidentiality horizon is not theoretical. It is a compliance requirement under GDPR, NIS-2 and sector-specific frameworks such as DORA.

EuroQCI: The Sovereign Infrastructure Backbone

The EuroQCI (European Quantum Communication Infrastructure) initiative is the EU’s programme to build a pan-European QKD network covering all member states, integrating terrestrial fibre segments and a satellite component into a single sovereign key-distribution backbone.

The EuroQCI initiative aims to integrate QKD infrastructure across all 27 EU member states by 2027, forming a pan-European quantum communication backbone. National deployments are co-funded through the CEF Digital Programme, which has issued grants to member-state consortia to build domestic QKD nodes and interconnect them. Germany, France, Austria and the Netherlands are among the countries with active pilot segments, some of which include hospital-to-hospital and data-centre-to-data-centre QKD links that regulated buyers can study as reference architectures.

The terrestrial segment relies on trusted-relay architecture: QKD links span up to roughly 80 to 100 km between adjacent nodes before photon loss becomes prohibitive. At each relay, keys are decrypted and re-encrypted in hardware security modules inside physically secured facilities. This means the security model depends heavily on the physical security and sovereignty of the relay nodes themselves, which is one reason EuroQCI nodes are being built inside national public-sector facilities rather than commercial colocation data centres.

Eagle-1 and IRIS² Integration

The terrestrial fibre mesh cannot economically reach all destinations, particularly cross-border links where laying dedicated fibre is legally or financially impractical. This is where the Eagle-1 satellite QKD demonstrator, a joint ESA and SES project, becomes relevant. Eagle-1 is scheduled for launch in 2026 and will demonstrate QKD via satellite, enabling key exchange between ground stations that have no direct fibre connection. Rather than transmitting data, the satellite acts as a trusted relay in orbit, receiving quantum states from one ground station and re-emitting them to another.

Eagle-1 is designed to integrate with IRIS² (Infrastructure for Resilience, Interconnectivity and Security by Satellite), the EU’s sovereign broadband satellite constellation. IRIS² is intended to provide secure government communications independent of non-European satellite operators. The integration of QKD capability from Eagle-1 into IRIS² means that, operationally, European government and regulated-sector organisations could eventually access quantum-secured key material over the same sovereign satellite infrastructure that carries their classified and sensitive communications. The timeline for full IRIS² operational readiness extends into the late 2020s, making this a planning horizon rather than an immediate procurement option.

Let op: Eagle-1 is a demonstrator, not a production service. Procurement officers should not include satellite QKD in architecture designs before 2027 without explicit confirmation of service availability from ESA or SES. Plan for terrestrial QKD first and architect satellite QKD as a future extension point.

Connecting a Sovereign Data Centre to a National QKD Node

Connecting to a national EuroQCI node involves four distinct requirement layers that procurement and technical teams must evaluate together.

First, hardware requirements: each end of a QKD link requires a QKD transceiver capable of generating and measuring single-photon states, typically using the BB84 or continuous-variable QKD protocol. The transceiver connects to a key management system (KMS) that stores and delivers the generated symmetric keys. The KMS must be housed in a physically secured, access-controlled environment, meeting at minimum ISO 27001 physical security controls or the stricter requirements of the national node operator.

Second, the optical connection: a dark fibre run (unlit, dedicated fibre not shared with classical traffic) between your facility and the nearest national QKD node. In practice, this means negotiating a dark fibre lease from a telecom operator or national research network (such as GÉANT or a national NRN member). Distance from the nearest node is a critical pre-qualification factor.

Third, key management integration: the ETSI GS QKD 014 standard defines a REST-based application programming interface through which a QKD device delivers symmetric keys to authorised consuming applications. Any application or VPN gateway that is to benefit from QKD-supplied keys must implement this interface. Key lifecycle management, including key expiry, re-keying intervals and audit logging of all key delivery events, must be documented to satisfy NIS-2 Article 21 security-measure requirements and DORA technical risk management obligations.

Fourth, governance and personnel: operating a QKD node endpoint requires trained personnel who understand both the optical physics layer and the classical key management layer. National node operators typically require a formal interconnection agreement covering incident response, key compromise procedures and audit rights.

Let op: The average cost of a data breach globally reached USD 4.88 million in 2024, the highest figure in IBM’s report history (IBM Cost of a Data Breach Report 2024). For regulated organisations, the cost of a breach involving long-term confidential data, such as patient records or financial models, can exceed this average substantially when regulatory fines, litigation and reputational loss are included. The capital expenditure for connecting to a national QKD node should be evaluated against this risk baseline, not against the cost of a software licence.

Governance, Certification and the Road to the EU Quantum Act

Organisations deploying QKD today operate in a governance environment that is still maturing. ETSI GS QKD 014 is the operative interface standard and provides the most concrete procurement requirement: any QKD hardware under consideration must implement the standardised key delivery API to avoid vendor lock-in. ENISA has published guidance on QKD for national security communications, recommending a defence-in-depth approach that layers QKD with classical encryption rather than substituting one for the other.

The EU Quantum Act, a legislative proposal expected to be formally tabled in 2026, will establish conformity-assessment and certification frameworks for quantum technologies including QKD devices. Until it is in force, procurement officers cannot specify EU Quantum Act compliance as a requirement; they should instead reference ETSI GS QKD 014 and ENISA guidelines as the applicable standards. National cybersecurity authorities in several member states, including BSI in Germany and ANSSI in France, have issued or are developing national technical guidelines for QKD deployment that align with ENISA recommendations.

Building a Hybrid Sovereign Communications Strategy

For CISOs and procurement officers, the practical question is not QKD versus PQC, but how to sequence and layer both. The answer depends on link criticality, data longevity and operational feasibility.

PQC migration should begin immediately across all infrastructure, prioritising long-lived data and internet-facing services. ML-KEM and SLH-DSA can be deployed today in TLS 1.3 configurations, VPN gateways and email signing without new hardware. This addresses the “harvest now, decrypt later” threat for the broad attack surface.

QKD investment is appropriate for the subset of fixed, high-assurance inter-site links where data must remain confidential beyond a ten-year horizon and where the organisation has or can obtain dark fibre access to a national EuroQCI node. Reference cases from current CEF Digital Programme pilots, including hospital-to-hospital QKD links that allow secure transmission of surgical imaging and genomic data between sites, demonstrate that the operational model is viable for regulated healthcare and government environments.

The governance requirement is to document the rationale for each layer: which links use QKD, which use PQC, which use both, and why. This documentation is precisely what NIS-2 Article 21, GDPR Article 32 and DORA Article 9 technical risk management obligations require. A hybrid strategy that is explicitly documented and mapped to threat scenarios is also the format in which national competent authorities and external auditors can most efficiently verify compliance.

FAQ

Can QKD replace post-quantum cryptography for a regulated EU organisation?

No. QKD and PQC address different threat surfaces. QKD secures the key exchange at the physical layer over dedicated optical links, while PQC replaces mathematically vulnerable algorithms in software across all network types. Most regulated organisations need both: QKD for high-assurance point-to-point links between fixed sites, and PQC for everything else.

When will EuroQCI infrastructure be available for organisations to connect to?

Terrestrial EuroQCI nodes are being deployed nationally through CEF Digital Programme grants, with several member states including Germany, France and the Netherlands running pilot segments. Full pan-European coverage targeting all 27 member states is planned for 2027. The Eagle-1 satellite demonstrator is scheduled for launch in 2026 and will extend reach beyond terrestrial fibre.

What does ETSI GS QKD 014 require in practice?

ETSI GS QKD 014 defines the REST-based application programming interface through which a QKD device delivers symmetric keys to authorised applications. Compliance means your key management system must consume keys via this interface, maintain separate key stores from classical cryptographic material, and log all key delivery events for audit. It does not yet define end-to-end network interoperability between vendors.

Is the EU Quantum Act already in force?

As of mid-2025, the EU Quantum Act is a legislative proposal expected to be formally tabled in 2026. It is intended to establish certification and conformity-assessment frameworks for quantum technologies, including QKD hardware. Procurement officers should monitor the proposal but cannot yet claim compliance with it; ETSI GS QKD 014 and ENISA guidelines are the operative standards in the interim.

What is the practical first step for a CISO who wants to evaluate QKD for their organisation?

The most actionable first step is to map which inter-site links carry data that must remain confidential for more than ten years, such as patient records, classified government communications or long-term financial contracts. Those links are the candidates for QKD. Simultaneously, begin a PQC migration inventory using the NIST-standardised algorithms ML-KEM and SLH-DSA, since PQC can be deployed immediately across all existing infrastructure without new hardware.

Frequently asked questions

Can QKD replace post-quantum cryptography for a regulated EU organisation?
No. QKD and PQC address different threat surfaces. QKD secures the key exchange at the physical layer over dedicated optical links, while PQC replaces mathematically vulnerable algorithms in software across all network types. Most regulated organisations need both: QKD for high-assurance point-to-point links between fixed sites, and PQC for everything else.
When will EuroQCI infrastructure be available for organisations to connect to?
Terrestrial EuroQCI nodes are being deployed nationally through CEF Digital Programme grants, with several member states including Germany, France and the Netherlands running pilot segments. Full pan-European coverage targeting all 27 member states is planned for 2027. The Eagle-1 satellite demonstrator is scheduled for launch in 2026 and will extend reach beyond terrestrial fibre.
What does ETSI GS QKD 014 require in practice?
ETSI GS QKD 014 defines the REST-based application programming interface through which a QKD device delivers symmetric keys to authorised applications. Compliance means your key management system must consume keys via this interface, maintain separate key stores from classical cryptographic material, and log all key delivery events for audit. It does not yet define end-to-end network interoperability between vendors.
Is the EU Quantum Act already in force?
As of mid-2025, the EU Quantum Act is a legislative proposal expected to be formally tabled in 2026. It is intended to establish certification and conformity-assessment frameworks for quantum technologies, including QKD hardware. Procurement officers should monitor the proposal but cannot yet claim compliance with it; ETSI GS QKD 014 and ENISA guidelines are the operative standards in the interim.
What is the practical first step for a CISO who wants to evaluate QKD for their organisation?
The most actionable first step is to map which inter-site links carry data that must remain confidential for more than ten years, such as patient records, classified government communications or long-term financial contracts. Those links are the candidates for QKD. Simultaneously, begin a PQC migration inventory using the NIST-standardised algorithms ML-KEM and SLH-DSA, since PQC can be deployed immediately across all existing infrastructure without new hardware.