Quantum-Safe Cryptography: Companies and Players Across the Landscape [2026]

Insider Brief

• The quantum-safe cryptography landscape in 2026 spans PQC vendors, QKD providers, cloud platforms, and consultancies responding to the growing quantum threat.
• Organizations are adopting a dual approach using post-quantum cryptography for broad deployment and quantum key distribution for high-security use cases.
• Government mandates and timelines, driven by standards from National Institute of Standards and Technology, are accelerating enterprise migration to quantum-safe systems.

The quantum-safe cryptography ecosystem has expanded well beyond a handful of startups. Following NIST’s finalization of post-quantum cryptography (PQC) standards in August 2024 and the selection of HQC as an additional algorithm in March 2025, organizations across every sector are now working to migrate their cryptographic infrastructure. The result is a broad, fragmented landscape that spans global consultancies, specialist PQC tooling vendors, quantum key distribution (QKD) hardware providers, cloud platforms, and OT equipment manufacturers.

This article maps the key players across this landscape. The market is not a simple list of competitors; rather, different types of organizations are addressing the quantum threat from different angles, with varying levels of delivery maturity. Understanding where each player sits helps organizations make informed decisions about their quantum-safe migration strategy.

Understanding the Quantum Threat

Quantum computers, once sufficiently powerful, could break widely used public-key encryption algorithms like RSA and ECC. While cryptographically relevant quantum computers (CRQCs) do not yet exist, the “harvest now, decrypt later” threat is real today – adversaries can collect encrypted data now and decrypt it once quantum capability arrives.

The Global Risk Institute’s 2026 Quantum Threat Timeline, produced with evolutionQ, estimates a CRQC is quite possible within 10 years and likely within 15. This timeline is driving urgency across governments and enterprises alike.

Two complementary approaches address this threat. Post-quantum cryptography (PQC) replaces vulnerable algorithms with new mathematical schemes believed to resist quantum attacks, and can run on existing classical hardware. Quantum key distribution (QKD) uses the physics of quantum mechanics to distribute encryption keys with information-theoretic security, but requires specialized optical hardware. Most experts recommend a layered approach combining both where appropriate.

Mapping the Quantum-Safe Ecosystem

The following is a non-exhaustive overview of the quantum-safe cryptography landscape. The market is broad and involves players ranging from early-stage startups to global enterprises. The inclusion or omission of any organization should not be interpreted as a ranking or endorsement.

PQC Specialists and Enabling Tooling

These companies focus specifically on building post-quantum cryptographic tools, libraries, and migration platforms.

CryptoNext Security develops PQC libraries and migration tools, and was among the first to offer a PQC-ready VPN. DigiCert offers PQC-ready digital certificates. Fortanix offers confidential computing with PQC integration. 

ISARA Corporation (Canada) builds PQC solutions for certificate management and has been working on crypto-agility since before the NIST standards were finalized. Keyfactor provides crypto-agility platforms that help enterprises discover, manage, and rotate cryptographic assets as they transition to quantum-safe algorithms. 

Palo Alto Networks has begun integrating PQC capabilities into its security platforms. Post-Quantum (UK) develops quantum-safe encryption products including a VPN and identity verification system. PQShield (UK), which has raised over $63 million, provides hardware and software PQC IP that can be embedded in chips, firmware, and applications, and supplies PQC solutions to semiconductor vendors and government agencies. 

Quantum Xchange (US) provides a key distribution platform that supports both PQC and QKD, offering a migration path for organizations that want to start with software-based PQC and add hardware QKD later. Sectigo offers PQC-ready digital certificates.

Integrated PQC Tooling and Services

A tier of companies provide end-to-end quantum-safe platforms that combine assessment, migration planning, and ongoing management.

evolutionQ (Canada), founded by Michele Mosca at the University of Waterloo’s Institute for Quantum Computing, is a strategically significant player in quantum-safe advisory and risk assessment, co-produced the Global Risk Institute’s Quantum Threat Timeline, and participated in the Nokia-Numana Blueprint 7 validation for quantum-safe network infrastructure in Canada. 

IBM offers PQC integration through its broader quantum-safe transformation services, building on its role in developing the lattice-based algorithms that underpin NIST’s standards. 

SandboxAQ (US), spun out of Alphabet and having raised over $1 billion, offers AQ Analyzer for cryptographic inventory discovery and its Security Suite for enterprise-wide quantum-safe migration, and works with government agencies and large enterprises across defense, finance, and telecommunications. 

QuSecure (US) provides a quantum-safe orchestration platform designed for rapid deployment across enterprise networks.

QKD Hardware and Quantum Communications Providers

Quantum key distribution takes a fundamentally different approach, using quantum physics rather than mathematical complexity to secure key exchange.

Crypto Quantique (UK) develops quantum-driven IoT security using quantum tunneling effects for device-level entropy generation. 

ID Quantique (Switzerland), acquired by IonQ in 2025, is a pioneer in commercial QKD systems and quantum random number generators, with deployments across financial and government networks. KETS Quantum Security (UK) develops chip-scale QKD systems that could significantly reduce the cost and size of quantum-secure hardware. 

QuantumCTek (China), publicly listed on the Shanghai STAR Market, is one of the largest QKD providers globally and was consolidated under the China Telecom Quantum Group in 2025, and has deployed QKD infrastructure across Chinese government and financial networks. 

QNu Labs (India) builds QKD systems tailored for Indian government and financial institutions, and has deployed a 500km QKD network. Toshiba (Japan) operates one of the most mature QKD programs globally, with deployed metropolitan networks in London and Tokyo, and has demonstrated long-distance QKD over existing fiber.

Global System Integrators and Consultancies

Large consulting and systems integration firms are increasingly building quantum-safe practices to help enterprises navigate the migration.

Accenture, Deloitte, EY, PwC, KPMG, Wipro, Capgemini, NTT Data, and DXC Technology all have varying degrees of quantum-safe advisory capability. These firms typically help organizations with cryptographic inventory assessments, risk prioritization, migration roadmapping, and vendor selection. Their role is particularly important for large enterprises and government agencies that need to coordinate quantum-safe transitions across complex, multi-vendor IT environments.

Cloud, Hardware, and Infrastructure Vendors

Major technology vendors are also embedding quantum-safe capabilities into their platforms. AWS, Microsoft Azure, and Google Cloud are integrating PQC into their TLS implementations and key management services. Thales provides hardware security modules (HSMs) with PQC support. 

Cisco is integrating quantum-safe networking features. Nokia has been actively testing quantum-safe network blueprints, including the Blueprint 7 validation in Canada with Numana and evolutionQ. Entrust offers PQC-ready certificate authority solutions. Utimaco provides quantum-safe HSMs for banking and government.

OT and OEM Players

Operational technology environments present unique challenges for quantum-safe migration due to long equipment lifecycles and real-time processing requirements. 

Honeywell, Siemens, Schneider Electric, and Rockwell Automation are among the industrial OEM players beginning to address quantum-safe requirements in their control systems and embedded devices. These transitions will take longer than IT migrations because OT equipment is often deployed for decades and firmware updates can be complex.

Managed Security and Telecom Operators

Managed service providers and telecom operators are positioned to deliver quantum-safe capabilities as a service.

Kyndryl (spun off from IBM’s managed infrastructure services) is developing quantum-safe managed services offerings. Orange Business Services and Telefonica are exploring quantum-safe networking for their enterprise customers. These operators could play a big role in making quantum-safe security accessible to organizations that lack in-house cryptographic expertise.

Additional Emerging and Supporting Companies

Companies like 01 Quantum (Canada, formerly 01 Communique Laboratory) develop IronCAP PQC technology for digital asset security, email encryption, and enterprise infrastructure. Arqit (UK) is pursuing satellite-based quantum encryption combined with AI-driven threat analytics. 

Crypto4A (Canada) provides quantum-safe hardware security modules and participated in the Nokia-Numana Blueprint 7 testing. Quantum Dice (UK) produces quantum random number generators certified for high-entropy randomness. 

QuintessenceLabs (Australia) combines quantum random number generation with key management for data-at-rest protection. Qrypt (US) takes a distinctive approach to key generation by creating encryption keys locally using quantum random number generation, eliminating key transmission entirely. Xiphera (Finland) develops PQC IP cores optimized for FPGA and ASIC hardware integration.

NIST PQC Standards – The Foundation for Migration

NIST’s August 2024 finalization of three PQC standards created the regulatory foundation for enterprise migration:

• FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) covers key encapsulation.
• FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) covers digital signatures.
• FIPS 205 (SLH-DSA, based on SPHINCS+) provides a hash-based signature alternative. 

In March 2025, NIST selected HQC as a backup key encapsulation mechanism. These standards provide the algorithmic building blocks that all the PQC companies listed above are implementing.

Migration timelines are being driven by government mandates. The US government requires federal agencies to inventory and begin transitioning cryptographic systems. Canada has set deadlines requiring federal departments to submit PQC migration plans by April 2026, prioritize critical systems by 2031, and complete full migration by 2035. The EU is developing similar frameworks. These mandates create cascading demand through government supply chains, effectively requiring private sector adoption as well.

Hybrid Approaches – Combining PQC and QKD

Many security architects are adopting layered strategies that combine PQC and QKD rather than choosing one approach over the other. PQC provides broad, software-deployable protection that can be rolled out relatively quickly across existing infrastructure. QKD provides physics-based security for the most sensitive links, particularly point-to-point connections between data centers or government facilities. 

QuantumCTek has deployed hybrid QKD+PQC systems in production, and several European initiatives are building quantum communication infrastructure that integrates both approaches. Organizations are advised to start with PQC migration (since it requires no new hardware) while evaluating QKD for their highest-security use cases.

Company Summary Table

Frequently Asked Questions

What is the difference between PQC and QKD?

Post-quantum cryptography (PQC) uses new mathematical algorithms that are believed to resist attacks from quantum computers, and can run on existing classical hardware. Quantum key distribution (QKD) uses the physics of quantum mechanics to distribute encryption keys with information-theoretic security, but requires specialized optical hardware. Most experts recommend PQC as the primary migration path, with QKD as an additional layer for the most sensitive applications.

When will quantum computers be able to break current encryption?

There is no consensus on an exact timeline. The Global Risk Institute’s 2026 Quantum Threat Timeline, produced with evolutionQ, estimates a cryptographically relevant quantum computer is “quite possible” within 10 years and “likely” within 15. However, the “harvest now, decrypt later” threat means that data encrypted today could be at risk in the future, making early migration prudent.

What are the NIST PQC standards?

In August 2024, NIST finalized three post-quantum cryptography standards: FIPS 203 (ML-KEM for key encapsulation), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA for hash-based signatures). In March 2025, HQC was selected as an additional key encapsulation mechanism. These standards provide the algorithmic foundation for quantum-safe cryptography migration worldwide.

Should organizations adopt PQC or QKD?

Most organizations should start with PQC migration since it can be deployed on existing infrastructure through software and firmware updates. QKD is appropriate for organizations with the highest security requirements and the budget for specialized optical hardware, particularly for securing point-to-point connections between facilities. Many security architects recommend a layered approach combining both where feasible.

How long does quantum-safe migration take?

Migration timelines vary significantly based on organizational complexity. Canada’s government roadmap envisions initial migration plans by April 2026, priority system transitions by 2031, and full migration by 2035. For enterprises, the process typically begins with a cryptographic inventory and risk assessment, followed by prioritized migration of the most vulnerable systems. Starting early is important because migration touches every system that uses public-key cryptography.