PQC vs. QKD: What Matters Now and What Can Wait

Episode notes

As regulators publish guidance and timelines tighten, organizations can’t treat quantum readiness as a “future-us” problem. Will Collison details HSBC’s approach: begin the migration now, build crypto agility into architecture, and manage both internal upgrades and external dependencies across vendors, partners, and customers. He clarifies where PQC (for everyone) and QKD (for select high-assurance links) fit, and why identity (public-key) mechanisms not symmetric crypto like AES, are the primary risk from quantum computing. Will also reframes “legacy” systems as revenue-critical systems that demand careful, early planning, and he lays out a pragmatic cost model: if you wait, you’ll lose the ability to go slow, forcing a fast (and expensive) scramble. The mandate is simple: start now, measure progress, and design for change so you can swap algorithms when needed. What You’ll Learn How early action lowers cost and risk while keeping quality high. PQC vs. QKD vs. Quantum Computing: Clear roles, overlaps, and where to invest first Why quantum threatens public-key identity mechanisms more than symmetric encryption.