Skip to main content
Research and analysis

Quantum key distribution research report

Published 10 June 2026

© Crown copyright 2026

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/quantum-key-distribution-research-report/quantum-key-distribution-research-report

1. Executive summary

1.1 Purpose and method

This is independent research commissioned by the Department for Science, Innovation and Technology (DSIT), and the views expressed do not represent HM Government policy.

Data encryption is a key element of cyber security, protecting data in transit to avoid unauthorised access (eavesdropping and tampering). However, current widely used algorithm-based public-key encryption methods are at risk from the potential of quantum computers to break encryption. Quantum key distribution (QKD) may provide one potential approach to address this risk in part, but there are other approaches and, at present, the UK National Cyber Security Centre (NCSC) advises post-quantum cryptography (PQC) as the preferred approach.

The Cyber Security and Digital Identity Directorate of DSIT commissioned Technopolis to conduct a study on QKD technology and its cyber security implications.

The objective is to inform if any policy measures may be appropriate with the aim of protecting UK networks that use, or will use, QKD, while enabling them to take advantage of the technology’s cyber security capabilities.

As per the terms of reference, the study was based on primary research via a programme of qualitative interviews with experts - technology suppliers, end-users, academics - in both the QKD domain and in cyber security more generally. Therefore, the findings presented in this report reflect the views of the interviewees. 38 interviews were undertaken, 16% with QKD end-users, 26% with suppliers of QKD components and systems, 39% with academics in QKD and information security and 18% with suppliers and users of non-QKD-based cyber security solutions. 74% of interviewees were based in the UK, 18% in Europe and 8% in the rest of the world.

1.2 Study findings

QKD technologies in use

  • Current QKD does not constitute a single technology, but a family of approaches that vary in hardware, protocols, and network architecture and are at varying stages of technical and commercial maturity.
  • Most QKD systems currently in use are point-to-point implementations based on prepare-and-measure protocols (BB84 most commonly) over fibre or free-space optical links, with satellite QKD and systems based on quantum entanglement at earlier stages of development.

Current QKD users

  • There are only a small number of current end-users of QKD globally outside academia, with these confined to banking and aerospace, with the telecoms, digital sector and quantum technology SMEs providing the underpinning QKD technologies and systems.
  • For all examples identified, QKD use is limited to research, testbeds, and pilot deployments rather than fully-fledged operational systems.
  • Across all stakeholder groups, there was a consensus that QKD addresses a specific set of cyber security problems i.e. the distribution of cryptographic keys, and that it is most relevant for securing high-value data transmissions where eavesdropping is a concern. End users interviewed emphasised that QKD is best suited to protecting specific, high-value data connections, like those between critical infrastructures, rather than enabling broad many-to-many communications.
  • Technical risks and challenges of QKD were well-understood by interviewees. These include: the requirement for specialised hardware; real-world systems departing from the theoretical security proof; the specific cyber security vulnerabilities of QKD; and current distance limitations of QKD. But interviewees emphasised that they are not fundamental flaws of QKD itself. Rather, they reflect the technology’s current developmental stage and the need to understand where, in their view, QKD can add value to cyber security.
  • Most interviewees expect QKD to be deployed as an additional security layer alongside PQC and conventional controls. However, they were not convinced that QKD is needed to address post-quantum risk, with many in the broader cyber security supply chain taking the view that PQC will be sufficient.
  • Nevertheless, interviewees saw challenges in terms of limited understanding and some misunderstandings of QKD’s potential in the wider economy and concerns regarding ensuring confidence about the performance and security of QKD technologies themselves.

Trajectory for QKD

  • QKD technology is still evolving and there were contrasting views on its future. While academics and QKD suppliers expect gradual hardware miniaturisation and cost reductions plus the introduction of satellite QKD for longer distances and entanglement-based QKD in the future, others, particularly non-users and some non-QKD cyber security suppliers, expect QKD to remain less practical than PQC and likely to remain a niche solution.
  • QKD’s value proposition and commercial model is still uncertain, though there was a broad consensus that QKD was unlikely to become a dominant or standalone security technology. There are broadly three possible scenarios for the future: QKD may become a key component in hybrid post-quantum cyber security solutions; be a specialised solution in point-to-point configuration for niche high-value applications; or not be adopted to any great extent. In whichever scenario comes to pass, the demonstration of quantum states in real-world communications networks and the underpinning QKD technologies developed (quantum repeaters and memory) are viewed as important to progress towards quantum networks.

1.3 Policy options

The government’s goal is to ensure sufficient overall security of systems that may use QKD, while also supporting the wider government objective for the UK to be a leading quantum-enabled economy by 2033. A key aim of the government’s modern industrial strategy is to deliver the world’s most advanced quantum network at scale, as part of the quantum technology missions programme. QKD is recognised as an important near-term quantum networking technology to provide near-term commercial opportunities for quantum companies, and to allow government, researchers and industry to acquire the operational learnings required to build the future quantum networking sector, such as via the deployment of entanglement-based quantum networks.

In order to support progress to both policy goals, we propose the following policy options. Please note that these options are the product of independent research and do not reflect HM Government policy thinking.

1. Continued financial support for developing an assurance infrastructure for QKD

Assurance of QKD systems is essential to secure adoption, providing confidence that components and systems perform as specified and, even more importantly, are truly secure.

Potential policy measures:

  • Support and fund a mechanism to coordinate the relevant UK community to design an assurance system for QKD. We recommend further funding for collaborative assurance work in QKD to continue development of standards, testing protocols and certification processes. We also recommend widening participation in assurance development activities, not only with the UK QKD community (technology developers, academics, NPL), but a wider group of cyber security solution providers and, most importantly, members of the end-user communities, possibly via a project board to guide and review activities.
  • Ensure funding is available for UK participation in international standards bodies. We recommend that the government ensures relevant Research and Technology Organisations (RTOs) / academics are funded to participate in standards activities, potentially via the QKD assurance project.

2. Support for QKD demonstrators and trials

Demonstration infrastructure and capabilities that enable potential commercial and / or public sector end-users to explore and test QKD are still required. Various demonstration capabilities and skills have been developed under previous funding programmes but are unlikely to be available for wider use without government support.

Potential policy measures:

  • Ensure funding is available to continue availability of QKD demonstrations. We recommend that the demonstration capabilities are mapped and discussions initiated by DSIT with relevant parties regarding how to make them more widely available.
  • Stimulate a wider user-base for QKD trials using demonstration capabilities. We recommend that the government consider piloting an open call programme for QKD trials, targeting commercial and government users.

3. Increase awareness of the implications of quantum technologies for cyber security

Awareness of the post-quantum threat, and the potential implications of using quantum technologies like QKD as part of the solution to address it, appears to vary, and misconceptions about its strengths and weaknesses remain even among those who are reasonably well-informed.

Potential policy measures:

  • Compile and disseminate relevant information on solutions to post-quantum security. We recommend that government identifies and enables a suitable group of experts to compile information on current thinking from a wide range of sources on the implications of QKD, the role of PQC and traditional methods for addressing the post-quantum threat. We recommend that government identifies and works with relevant trade bodies and professional bodies to disseminate the information compiled.

  • Increase levels of engagement between the quantum community and NCSC to maximise knowledge exchange as QKD continues to be developed.

2. Introduction

2.1 Context

Data encryption is a key element of cyber security, protecting data in transit to avoid unauthorised access (eavesdropping) [footnote 1]. However, current widely used algorithm-based public-key encryption methods are at risk from the potential of quantum computers to break encryption. Quantum key distribution (QKD) is one approach to address this risk, providing a secure method for generating and distributing cryptographic keys using the fundamental principles of quantum mechanics. While QKD offers a cyber security model that does not rely on the mathematical hardness assumptions of classical cryptography,[footnote 2] its implementation requires additional hardware and software systems.

Alternative quantum-resistant algorithm-based post-quantum cryptography (PQC) solutions exist with the advantage of operating at the software layer and so readily implemented within existing networks. At present, the UK National Cyber Security Centre (NCSC) advises that PQC is the preferred approach to mitigate the threat from quantum computers and does not support the use of QKD for government or military applications.[footnote 3] In addition, QKD and the technologies and skills that underpin it are expected to support the development of future entanglement-based quantum networks needed to access and link quantum computers and quantum sensors.

2.2 Study objective

The Cyber Security and Digital Identity Directorate (CSDI) of the Department for Science, Innovation and Technology (DSIT) commissioned Technopolis to conduct a study on QKD technology and its cyber security implications.

The objective is to inform if any policy measures may be appropriate with the aim of protecting UK networks that use, or will use, QKD, while enabling them to take advantage of the technology’s cyber security capabilities.

As per the terms of reference, the study was based on primary research via a programme of qualitative interviews with experts (users, technology suppliers, academics) in QKD and cyber security more generally.

2.3 Report structure

This report presents the findings from the interview programme and is structured as follows:

  • Chapter 2 presents the method used in the delivery of this report, including data collection and analysis.
  • Chapter 3 provides definitions and descriptions for key concepts used in the report, to facilitate the reader’s full understanding of the content.
  • Chapter 4 presents the study’s findings on the QKD technologies that are prevalent today and offers a view of different deployment configurations.
  • Chapter 5 presents the study’s findings on why QKD is used and by whom.

  • Chapter 6 presents the study’s findings on challenges related to using and deploying QKD today.

  • Chapter 7 presents the study’s findings on the trajectories envisioned for QKD.
  • Chapter 8 presents the study’s findings on expert recommendations for QKD going forward.
  • Chapter 9 presents overall conclusions and recommendations from the study team.
  • Appendix A presents examples of use cases and potential commercial models for QKD.

3. Method

3.1 Overview

The study was based on primary research using semi-structured interviews to collect qualitative evidence and identify QKD use cases from experts in QKD and cyber security technologies. This approach was identified in DSIT’s terms of reference for the study as an appropriate method for gathering a range of views on the benefits, challenges and risks experienced in the practical implementation of QKD in order to assist policymakers to both sense-check and deepen current thinking around QKD’s utility in a cyber security context and identify issues that might be addressed by policy measures. This method was applied in line with the Government Social Research (GSR) Ethical Assurance for Social and Behavioural Research.

3.2 Interview programme design

Interview targets and recruitment

The terms of reference requested a minimum of 40 interviews distributed among four target groups:

  • At least 15 end users of QKD equipment
  • At least 10 with manufacturers and vendors of QKD equipment (collectively referred to in this report as ‘QKD suppliers’)
  • At least 5 with academic experts
  • At least 10 with companies that have preferred to use other technologies instead of QKD

In addition, interviews were required to target senior staff – Chief Executive Officers (CEO), Chief Operating Officers (COO), Chief Technology Officers (CTO) level – and include a small proportion of non-UK interviewees.

A longlist of 105 potential interviewees, both individuals and organisations, was identified via desk research and the knowledge of the study team, study experts and the DSIT client. Candidate interviewees were categorised in terms of the target group, organisation type (SME, large enterprise, university, etc), and location (country). Individuals were categorised in terms of their job role and seniority.

Given the different sources of candidate interviewees and in order to comply with UK GDPR, the recruitment process had two starting points (illustrated in Figure 1): (A) a direct invitation to participate in an interview from the Technopolis study team, or (B) an initial request to participate in an interview from a known contact of the candidate (i.e. from one of the study team experts or DSIT). In route B, once a person consented to participate in the study, they then received an interview invitation from the Technopolis study team. All actions and consents were recorded in the study’s interview tracker.

To secure interviews, our recruitment process was based on:

  • Clarity: a succinct informative interview request email that explained: the purpose and duration of the interview; the type of information sought; how the information will be used (confidentiality, aggregation, etc).
  • Legitimacy: interview requests were accompanied by an endorsement letter from DSIT.
  • GDPR compliance: via the dual approach along with links to the study’s Privacy Statement and clear details on how to opt out.
  • Flexibility: in interview timing to meet interviewees’ needs.

No incentives were offered to prospective interviewees.

An initial pilot of five interviews across the different target groups was conducted to test our recruitment approach and the topic guide. As expected, route B required more elapsed time to secure interviews than route A but was an effective route to reach relevant interviewees. The topic guide was effective, and only minor adjustments were needed.

Candidate interviewees were sent invitations in batches so that we could monitor success rates across the four target groups and select appropriate candidates for subsequent invitations. In addition, the longlist was added to throughout the study via a snowball approach where we asked interviewees, QKD suppliers in particular, to recommend further potential interviewees, plus additional desk research where needed, resulting in a final interviewee candidate list of 157 individuals in 136 organisations.

Figure 1: Interview recruitment process

Topic guide

The interviews followed a semi-structured approach. A modular topic guide was developed covering six key themes and structured as key questions supported with sub-questions and prompts tailored for the different target stakeholder groups. The six themes are as follows:

  • Purpose for using QKD - exploring why QKD was being used, how it was being implemented and the form of QKD technology used.
  • Benefits and opportunities - exploring interviewees’ views on the specific benefits of QKD technology for quantum-resistance as it is being implemented, and how they think these compare to other cyber security options.
  • Risks and challenges - exploring the challenges and risks experienced in implementing QKD and their effects on cyber security and decisions regarding QKD.
  • Solutions - exploring current or potential solutions to the challenges and risks identified by interviewees, including policy actions the government might take.
  • Other technologies - exploring alternative quantum-resistant solutions to QKD and/or how QKD in used in combination with other cyber security measures, as well as how guidance (in the UK and beyond) affects organisations’ decisions regarding QKD.
  • The future - exploring the evolution of QKD technology and its role in cyber security as well its role in quantum networks.

Consent to participate and for the interview to be recorded for analytical purposes was confirmed with each interviewee at the start of the interview. Interviews were conducted online and scheduled to last an hour. In the majority of cases, interviews successfully addressed all relevant themes in the topic guide within the hour. A small number of interviews lasted a little longer - with consent of the interviewee.

Analysis

Interview recordings were converted into transcripts for analysis using Trint and/or Microsoft Teams and uploaded to the Taguette software tool for coding. The study team undertook a manual qualitative content analysis of the interview transcripts. Relevant text segments were coded against predefined categories in the analysis framework and extracted into a spreadsheet for analysis and synthesis by the team. In addition, individual use cases were identified and are presented in the appendix, as well as in the text with our other findings.

3.3 Recruitment challenges and mitigations

During the pilot phase, we found that the time taken from sending a formal invitation (route A in Figure 1) to securing an interview ranged from 2 to 12 days. Over the course of the interview programme, the upper bound continued to increase, which affected the rate at which the study team could progress through batches of interview invitations and secure and conduct interviews. In addition, progress was affected by the limited number of current users of QKD. Our initial desk research had suggested this might be the case, and this was confirmed in interviews with QKD suppliers and academics and our request for details of additional users. Therefore, it was agreed with the DSIT client, that we would also target a broader range of interviewees to gather new perspectives and insights in areas relevant or adjacent to QKD, namely: suppliers of PQC and other cyber security solutions; widening the scope of QKD suppliers to those manufacturing underpinning quantum technologies (single photon technologies, etc); and people active in QKD standards. Based on these changes, the interview targets were modified to:

  • QKD end-users (x10)
  • QKD suppliers (x10)
  • Academics and research institutes (x10)
  • Adopters of non-QKD solutions, suppliers of cyber security solutions (x10)

Recruitment for the interview programme involved a final candidate longlist of 157 individuals across 136 organisations. From this longlist, contact details were identified for 106 individuals. However, the longlist was skewed towards academics (47% were academics) and did not reflect the desired distribution across the target groups. As a result, 73 individuals were approached (route A and B), 69 formal invitations (from Technopolis) were sent and 38 interviews secured and conducted, just below the target of 40 with a success rate of 52% of those approached and 55% of those formally invited to participate. In most cases (73%), at least one follow-up reminder email was required to secure an interview. The entire process required more elapsed time than the eight weeks initially anticipated, with the interview programme running for three months from 15 October 2025 to 16 January 2026.

3.4 Sample characteristics

Table 1 presents the distribution of the 38 interviewees (in 37 organisations) across the target stakeholder groups. It shows that more interviews were conducted with the QKD suppliers and academics than planned and less with QKD end-users. The low number of QKD end-users reflects the difficulties experienced in identifying current users of QKD, which our desk research and consultation with the study team experts indicates is an accurate reflection of the current position. The lower than target number of adopters of non-QKD solutions and suppliers of cyber security solutions is a result of the limited time available to secure interviews with this group.

The majority of interviewees (28, 74%) were located in the UK and remaining 26% were predominantly based in European countries, including Croatia, Denmark, The Netherlands,

Sweden, Germany, and Austria, plus the USA, Canada, and Singapore. Most interviewees were from SMEs (15, 39%) and academic institutions/RTOs[footnote 4] (15, 39%). (Figure 2)

Table 1: Distribution of interviewees across target stakeholder groups

Category Target Number of interviews Percentage of interviews (%)
QKD end-users 10 6 16%
QKD supply chain 10 10 26%
Academics* 10 15 39%
Adopters of non-QKD solutions (n=1), suppliers of cyber security solutions (n=6) 10 7 18%
Total 40 38 100%

Source: Technopolis interview data, n=38. *Includes 3 academic specialised in cryptography, information security and quantum security respectively.

Figure 2: Company type and location of interviewee

Source: Technopolis interview data, n=38

All interviewees held senior positions in their organisation (Table 2). 35% were directors, CEOs, COOs, and CTOs, and another 19% held other senior roles below the C-suite. 14% were company founders and co-founders, and 31% were professors, associate professors or ‘academic other’. We note that the number of positions (48) is higher than the number of interviews completed because 10 (26%) interviewees held more than one position e.g. a CEO or founder and a professor.

Table 2: Seniority of interviewees

Category Sub-category Number of interviewees Percentage of interviewees (%)
Company founders Founders 4 8%
Company founders Co-founder 3 6%
Senior management Director 4 8%
Senior management CEO 7 15%
Senior management CTO 4 8%
Senior management COO 2 4%
Senior management Other senior management* 9 19%
Senior academics / Research and Technology Organisation (RTO) staff Professor 9 19%
Senior academics / Research and Technology Organisation (RTO) staff Associate professor 2 4%
Senior academics / Research and Technology Organisation (RTO) staff Academic other** 4 8%

Source: Technopolis semi-structured interview data, n=48. *Other senior management includes deputy director, executive partner, information security chief architect, department head, managers, board member and chief engineer. **Includes a department head, standards manager, co-chair and board member.

Most interviewees (14, 37%) worked in academia; this is expected as academics accounted for the largest number of completed interviews (39%). Other notable sectors included telecoms (8, 21%) and digital/IT (5, 13%).

The sectors were assigned based on the sector of the company (reported in Companies House) the interviewee was employed by. This approach ensured consistency in cases where an interviewee held more than one role. SIC codes[footnote 5] are provided by sector for UK-based companies below Table 3.

Table 3: Number of interviewees by sector (total, and by interview category[footnote 6])

Sector Academics Adopters of non-QKD solutions and suppliers of cyber security solutions QKD suppliers QKD end-users Total
Academia 14 0 0 0 14
Telecoms 1 1 3 3 8
Digital/IT 0 3 1 1 5
Engineering design & consulting 0 1 1 0 2
R&D, science & tech consulting 0 2 0 0 2
Aerospace 0 0 0 1 1
Banks 0 0 0 1 1
Other 0 0 1 0 1
N/a 0 0 4 0 4
Total 15 7 10 6 38

Source: Technopolis interview data, n=38. SIC codes for Aerospace: 30300. Academia: 85421/85422. Telecoms: 26309, 61200, 61900. Digital/IT: 26200, 62020, 62090. Engineering design & consulting: 71121 and 71122. R&D, science & tech consulting: 72190 and 7414. Banks: 64191. Other: 74909.

3.5 Limitations of the methodology

The interview recruitment process was open-ended. Candidate interviewees were identified and a sub-set approached to provide a range of perspectives and to meet the targets specified in the ITT. As such, the group of interviewees consulted does not represent a statistically representative sample of the population, nor do the interviewees represent statistically representative samples of the different stakeholder groups. As a result, the number of interviews within each target group does not support statistically robust comparisons or inferences about the prevalence of particular views across specific groups. Therefore, to avoid false impressions of statistical significance, findings are not reported quantitatively. However, to support the credibility of the study, care was taken to identify appropriate organisations and individuals with sufficient seniority and expertise to provide informed perspectives on the realities of QKD technology in cyber security contexts from multiple viewpoints. Furthermore, given the desk research undertaken and the advice of the QKD and cyber security experts in our team, we are confident that the candidate interviewee longlist captured a considerable portion of the relevant UK QKD community.

4. Key concepts in QKD

QKD is a complex technology that requires some knowledge of telecommunications and cyber security as well as the underlying quantum physics. This report often presents QKD in these terms, and to enable the reader to engage fully with the content, we include this section to outline the key concepts and terminology used. The section includes a description of key components in a QKD system and why they are important, followed by a table of definitions. The section is based on desk research, the input of the study team experts and interviewees.

4.1 Key technologies in QKD

Quantum Key Distribution

QKD is a method for generating and distributing cryptographic keys. The keys are based on quantum-mechanical effects, which requires that they be transmitted through a dedicated optical channel (such as fibre optic cables or a ground-to-satellite link). This optical channel is typically separate from the channel used to transmit the data encrypted with the cryptographic keys, which can be a traditional communication channel like fibre optic cables or a mobile network.

QKD, like other key establishment mechanisms, protects data in transit i.e. protects the cryptographic keys being shared, but it cannot verify whether the parties sending and receiving data are who they say they are. This latter function is called authentication, and it requires additional mechanisms that are separate from QKD. It is worth noting that this concern is relevant to all cryptographic methods.

Components

Interviewees discussed QKD and its cyber security implications across several levels, from underlying protocols and the physical components and software used to operationalise them, to encryption methods that are used alongside QKD. The levels mentioned are presented below, together with the most prudent variations according to interviewees.

  • Underpinning optical components of QKD. A fundamental feature of QKD is the emission, control, and detection of photons (particles of light). According to interviewees, the precision and sensitivity of components like single photon sources (such as quantum dots), coherent light sources (such as lasers), modulators (which control properties such as intensity) and detectors are critical for QKD to operate reliably.
  • Variable type. For the purposes of QKD, light can be controlled in two distinct ways: by emitting and measuring individual photons (discrete variable, or DV), or by manipulating the phase and amplitude of light waves (continuous variable, or CV). A few interviewees from different categories highlighted that while DV QKD can operate over traditional fibre optic cables, additional components related to the emission and detection of single photons are needed for the transmission of QKD signals. In contrast, interviewees stated that CV QKD can operate over existing metro-scale networks without additional infrastructure, though additional assumptions within CV QKD’s security proofs limit its applicability, e.g. loss must be within a certain range, or channels must be constant. Like the classical signals transmitted through fibre optic cables, both CV and DV QKD signals are subject to rapid degradation, which limits the distance over which they can operate without repeaters.
  • Quantum properties. QKD works by encoding information into the quantum properties of light. The properties mentioned during interviews were limited to entanglement and polarisation of single photons, both of which are relevant to DV QKD. According to academics and some end-users, QKD supply chain and cyber supply chain, entanglement-based QKD has more favourable properties, such as fewer side-channels , inherent device interoperability, and simpler multi-modal network capability.
  • Protocols. The encoding degree of freedom (related to CV and DV) and quantum properties can be used in different ways to secure quantum keys. These are known as protocols. During interviews, the most commonly cited protocol was the DSP variant of BB84, which is part of the prepare-and-measure (P&M) family of protocols and is based on the polarisation of photons. Another protocol that was mentioned is E91, which is based on the entanglement states of photons.
  • Encryption methods. As mentioned above, QKD is a means for securely distributing cryptographic keys. These keys are typically associated with a cipher, or cryptographic method, which is used to encrypt and decrypt data. In practice, therefore, QKD is paired with a cryptographic method to transmit encrypted data. Examples of ciphers mentioned include one-time pad (OTP) and Advanced Encryption Standards (AES), which are both symmetric.
  • Randomness. Quantum random number generators (QRNG) were mentioned by QKD- and cyber supply chain interviewees, specifically in relation to the importance of randomness when generating keys. While there are several algorithmic methods of generating randomness, these are inherently flawed by their coded nature. QRNGs are one method for generating true randomness.
  • Transmission. QKD is limited to optical transmission, meaning through fibre optic cables or in line-of-sight settings. In the latter case, QKD is not limited to terrestrial settings and satellite-to-ground links can also be used.

Key concepts in Quantum Key Distribution (QKD)

Concept Definition Source
Quantum Key Distribution (QKD) A method of security communication, using the properties of quantum physics, that generates and distributes cryptographic keys. Synthesised definition
QKD: using prepare-and-measure (P&M) Prepare-and-measure (P&M) is the most established approach to quantum key distribution and underpins the BBB4 protocol – the most mature protocol for QKD currently. In this model, one party (Alice) prepares individual photons in specific quantum states and sends them over to another party (Bob). Bob measures the photons, and after comparing notes over a classical channel, the two establish a shared secret key. Security comes from the fact that any eavesdropping attempt disturbs the photons and can be detected before the key is used to transmit encrypted data. Synthesised definition
QKD: using entanglement Entanglement-based QKD relies on pairs of entangled photons (meaning their quantum states are linked) distributed from a central source to both parties. By measuring their photons and comparing results, they can generate a key with security verified by quantum correlations. Any interception of the photons alters the overall system, revealing the presence of a third party. Synthesised definition
Photon emission Photons are particles or packets of light. Photon emission occurs when an atom or molecule releases some of its energy in the form of a photon. Photon emission can occur naturally or be stimulated. Synthesised definition
Polarisation A physical phenomenon where light waves are restricted to a single specific plane, e.g. horizontal or vertical. Synthesised definition
Quantum Networks A system that transmits quantum states (including entangled photons or qubits). This can involve replacing classical security functionality with quantum technologies (such as replacing key generation with QKD) or integrating quantum components (such as quantum sensors) into existing classical networks. Synthesised definition
Quantum Communication Includes the process by which the encryption is performed, authentication is verified, the message is sent and decoded, etc. In the broader sense quantum communication refers to the entire information transfer process of which QKD is a basic part, including all the classical (e.g. encryption, authentication, error correction, privacy amplification) and quantum steps involved. Synthesised definition

Key concepts of Post-Quantum Cryptography (PQC)

Concept Definition Source
Post-quantum risk / post-quantum threat The potential security threats to current cryptographic systems arising from the future development of large-scale quantum computers. NCSC
Quantum-safe cryptography (QSC) Quantum-safe cryptography (QSC) replaces the quantum-vulnerable mathematical problems used in PKC with mathematical problems that are believed to be intractable for both classical and quantum computers. Both key agreement and digital signatures can be made quantum-safe, and QSC can be implemented in both software and hardware. NCSC
Post-quantum cryptography (PQC) Post-quantum cryptography is a defence against potential cyber attacks from quantum computers. PQC algorithms are based on mathematical problems that would be difficult for both conventional and quantum computers to solve. NIST

Key concepts of cyber security

Concept Definition Source
Cyber security The protection of devices, services and networks - and the information on them - from unauthorised access, theft or damage NCSC
Critical Infrastructure Protection A security standard for facilities and digital platforms that are vital to the economy, national defence, or public health. Synthesised definition
Attack surface The total number of points where someone might gain unauthorised access to systems. Synthesised definition
Encryption Protection of information by making it unreadable by everyone except those with the key to decrypt it. NCSC
Authentication The process of determining if someone (or something) is who (or what) it claims to be based on a set of predetermined criteria. Synthesised definition
Classical Cryptography Classical cryptography uses difficult mathematical problems to protect data from non-quantum threats. Quantropi
Information-theoretic security Also known as ‘unconditional security’, this refers to a standard of cryptography that cannot be broken, even with unlimited power and time. It is unaffected by advances in mathematics or computing power. One-time pad (see below) is considered the only classical encryption method that is perfectly secure. Quantum methods include entanglement, no-cloning theorem, and state distinguishability. Aliro Quantum
One-time pad (OTP) A mathematically unbreakable encryption method that uses a pre-shared, truly random, single-use key at least as long as the message being sent. It works by performing an XOR operation on the plaintext and the key, producing ciphertext that cannot be cracked if key management remains secure. Synthesised definition
Advanced Encryption Standard (AES) AES is a symmetric encryption method that protects data by processing it in fixed-size blocks and applying repeated rounds of substitutions and rearrangements. It is a block cypher that supports key sizes of 128, 192, or 256 bits. The 128-bit key is the standard level of security, while 256-bit keys are used when stronger protection is required. AES is the industry standard for classical encryption. CDVI
Man-in-the-middle attack An attack where the adversary positions himself in between the user and the system so that he can intercept and alter data traveling between them. NIST
Denial of Service attack (DOS) A type of cyber attack where a computer system is overloaded, so that real users cannot access the service. NCSC
Distributed denial-of-service attack (DDoS) A cyber attack in which multiple computers send a large number of messages to a server, causing it to slow down or stop working. Synthesised definition
Brute-force attack A technique that uses an exhaustive trial-by-error process of entering possible passwords or encrypted keys to breach a system. Synthesised definition
Zero trust A design philosophy for cyber defence that assumes bad actors are already present in an organization’s networks. Zero trust architectures ask users to prove their identity each time they’re accessing data or using an application, with permission typically granted on a temporary basis. Synthesised definition
Cryptographic key A set of binary data that is kept secure and private. The key is used for encryption and anyone with access to the key and encrypted message can decode the message. The key itself is not the message. Synthesised definition
Enterprise networks The IT infrastructure used by mid and large sized organisations to offer connectivity among its users, devices, and applications. Cisco

Other relevant concepts

Concept Definition Source
Dark fibre Fibre that does not carry bright optical signals making it suitable for single photon level signals to be transmitted without extra noise (crosstalk) Synthesised definition
Metro-scale network Also known as a Metropolitan Area Network (MAN), these networks span a city or metropolitan area, connecting enterprise sites, data centres and 5G nodes. Synthesised definition
Trusted node A physically secure, intermediate location that receives, decrypts, and re-encrypts quantum-generated keys to extend QKD network distance beyond direct fibre limits ITU
Free Space Optical Communication (other terms used include Free Space Optical Links) The wireless transmission of data via a modulated optical beam directed through free space, without the use of fibre optics or other optical systems guiding the light. Science direct
Line of Sight A communication method that relies on direct visibility between the transmitter and receiver. This is required for free-space optical communication (FSOC) Science direct
Point-to-point Information that is transferred directly between two points, without any branching in between. Synthesised definition
Defence-in-depth Strategies for cyber security involving multiple redundant security systems. Synthesised definition

5. QKD technologies in use

Key insights

Current QKD does not constitute a single technology, but a family of approaches that vary in hardware, protocols, and network architecture. Most deployed systems today are point-to-point implementations based on P&M protocols (BB84 is the most commonly cited) over fibre or free-space optical links. Satellite QKD extends these point-to-point connections over longer distances but remains operationally complex and dependent on ground and space infrastructure, and environmental conditions. Alternatively, QKD is being trialled in multi-nodal network configurations that enable secure communications over a partially shared infrastructure. These networks depend on trusted nodes to extend communications’ distance.

Across these forms, QKD is integrated with classical symmetric encryption (typically AES), while authentication, key management, and networking rely on external processes. Interviewees emphasised that each QKD variant has its own performance, cost, and security trade-offs. Research directions aim to diversify and improve QKD rather than converge on a single model.

5.1 QKD technologies

Although many variations of QKD technology exist, interviews indicate that, in the main, a small number are deployed in systems used by early adopters and in most larger scale proof-of-concept demonstrators. Other QKD technologies are experimental and largely in use in academic research environments.

  • Regarding the optical components such as detectors and emitters, several options exist and are used in practice today. However, interviews indicate that the technology overall is under development, with significant trade-offs that currently need to be made for different options related to performance and cost.
  • Regarding the variable type, academics say that DV QKD has decades more R&D behind it than the CV variation, so it is currently more mature and reliable. Most of the QKD systems used today are based on DV.
  • According to academics and QKD supply chain interviewees, the quantum property that is most commonly used in QKD today is polarisation, whereas entanglement-based QKD is still in the prototype stage.
  • According to academics and cyber supply chain interviewees, one time pad (OTP) is theoretically the most secure encryption method, and when combined with QKD, they result in theoretically unbreakable encryption. However, OTP requires large channel bandwidth due to its high key consumption rate (the number of bytes needed to encrypt a given piece of data). In contrast, AES consumes fewer keys while still providing strong encryption. AES was mentioned by several interviewees, who stated that it is the most common encryption method for both classical cryptography and for QKD. Though they admitted that this combination is less ideal than QKD/OTP, the resulting encryption is reliable and strong.
  • As mentioned in the previous section, QKD signals degrade as they move further from the source. Quantum repeaters, which are analogous to those used for boosting classical signals in fibre network, are required at intervals of around 30km (though this can vary based on the total length of the link) to maintain the signal’s integrity. Academics and non-adopters said that these quantum repeaters are still in the prototype stage, so trusted nodes are used in most cases. Trusted nodes do not boost the quantum signal; instead, they match keys and generate a new set for each interval. This represents a break in the continuity of the quantum signal (and QKD’s theoretically perfect security), where data temporarily enters the classical domain before being converted back to quantum. Alternatively, academics and end-users said that distance limitations can be addressed by ground-satellite QKD. In this case, they cautioned that signal integrity is impacted by weather conditions, while signal availability is impacted by the satellite’s orbit. Interviewees indicated that satellite QKD is already deployed in trial settings and is actively explored under programmes like EuroQCI, and by countries like China, Singapore, Canada and the USA.

5.2 Deployment configurations

Academics and interviewees from both the QKD- and cyber supply chains referred to broadly two kinds of configurations for transmitting keys from A to B, which are presented below.

  • Point-to-point. These solutions are based on a channel that is dedicated to linking two fixed sites (Site A and Site B). Interviewees stated that point-to-point channels today are most commonly fibre optic links, though ground-to-satellite links also exist, while short-range free-space links are still experimental.
  • Multi-nodal network. These solutions are analogous to modern communications networks, where Site A can connect with Site B through a shared infrastructure capable of routing and transmitting many different signals from different sites simultaneously. The routing and signal combination capabilities introduce complexity that can be avoided in the point-to-point configurations. Interviewees stated that network capability is being trialled, though it is not yet mature.

An additional feature which was often mentioned and is important for interoperability in both configurations is a key management system (KMS). The KMS is software that operates above the physical, quantum layer. It abstracts the information from the quantum layer into a standardised format that is readable by all devices that conform to that standard.

6. QKD users

Key insights

Interviewees report that current QKD use is largely limited to research, testbeds, and pilot deployments rather than fully-fledged operational systems. Across stakeholders, there was consensus that QKD addresses a specific set of cyber security problems: it distributes cryptographic keys, and is most relevant for securing high-value data transmissions where eavesdropping is a concern.

End users emphasised that QKD is best suited to protecting specific, high-value data connections, like those between critical infrastructures, rather than enabling broad many-to-many communications.

Overall, current QKD usage is niche, infrastructure-bound, and shaped by technical constraints, cost, and specific threat models.

6.1 Who is using QKD and why

There are currently a very limited number of QKD end-users both in the UK and worldwide, a conclusion evidenced via the process to identify QKD end-users and confirmed by interviewees across all stakeholder groups.

We identified eight organisations using QKD in the UK (i.e. end-users): three in finance, two in telecoms, and one each in aerospace, digital/IT and consulting. We believe this is a fair representation of current examples of QKD in use given our comprehensive desk research and the input of our study experts, DSIT client and QKD suppliers interviewed. We identified a further nine end-users beyond the UK, seven in finance, one in telecoms plus one in the medical field, though this list was less comprehensive given our primary focus on the UK.

We note, in particular, that many more telecom companies worldwide are exploring QKD and several large well-established telecom firms have been active in QKD R&D for 10 years or more. While we categorised telecom firms as QKD end-users in some cases,[footnote 7] their position is more nuanced as they typically deploy QKD technology within their networks but also act as suppliers providing QKD-protected communications channels to customers.

Similarly, digital/IT, aerospace and consulting businesses are often both end-users and suppliers of QKD capabilities and services to a wider customer base. Interviewees indicated that there was interest from the defence and security sector in exploring QKD is, but did not provide further details. Therefore, we could not ascertain if they were referring to use by defence and security organisations in the public sector or the wider private sector defence and security supply chain.

We approached all eight UK QKD end-users and interviewed five organisations (and six people) – two in telecoms and one each in finance, aerospace and digital/IT. We approached all nine international end-users and only one agreed to be interviewed. In all cases, end-users and interviewees from organisations in the QKD supply chain interviewees, were clear that QKD is being deployed as a trial or pilot conducted in ring-fenced real-world environments and typically using sample or non-business critical data.

The aim of the trials and pilots is to deepen in-house understanding of the technology, its practical implementation as an operational QKD system and its integration with other communication networks and cyber security systems and, in doing so, increase understanding of the risks it is best placed to address. No intervieweesidentified examples of QKD in use for securing general-purpose communications or large-scale consumer-facing services.

Telecoms companies are involved in many of the current trials of QKD taking place outside academia, providing the fibre communications channels and, in some cases, the QKD technology to the pilot end-users. For this reason, several interviewees referred to the role of BT, in partnership with the wider QKD supply-chain, as central to the current QKD infrastructure in the UK. Its QKD capabilities and testbeds - both as point-to-point and metropolitan networks - are the basis of many QKD pilots outside academia.

The bank interviewed and interviewees with QKD suppliers working closely with other banks, reported that QKD pilots tend to be centred on exploration and internal learning, where QKD has the potential to enhance cyber security for a range of data transfer and communication activities from payment transactions and interbank transfers and communications to business-critical in-house communications. There are several examples of pilots worldwide in finance within banks and between banks and financial authorities typically involving secure links between data centres or core network sites. These include JPMorgan Chase in the US[footnote 8], and the Monetary Authority of Singapore’s sandbox with multiple local banks.[footnote 9]

While there is a clear consensus about the importance of cyber security in finance for communications, data transfer and data storage, the finance sector is clearly seen as an early adopter of QKD (at pilots), there were mixed views as to the exact role for QKD-based solutions and its applicability to specific risks. For example, the harvest-now, decrypt-later risk - where encrypted traffic is collected today and decrypted in the future once cryptographically relevant quantum computers become available - was not necessarily seen as a concern, as most transactions need protection while active rather than in the future, while securing business critical intelligence and ensuring stored data cannot be accessed and tampered with was a greater risk.

Interestingly, the banking use case (Appendix A.1) indicates that the QKD trial was as much about learning about quantum technologies in a general sense i.e. not just QKD, in preparation for the post-quantum risk. Beyond purely technical upskilling, it offered an opportunity to catalyse board-level discussions about quantum risks and long-term cyber security planning, helping overcome any scepticism and raise the profile of quantum-safe initiatives. In this scenario, QKD functions as a demonstrator technology that makes what may seem abstract future threats more tangible, even if large-scale roll-out of QKD is not the ultimate result.

In digital/IT and aerospace, interviewees note that they have long-standing deep cyber security capabilities – for the digital/IT sector it is core to their business – and some businesses have deep knowledge of QKD. They are seeking to increase knowledge around practical implementation of QKD and its integration with wider systems to meet existing and future customer needs. Both are interested in satellite as well as terrestrial QKD as they work with communities that require secure long-distance communications and defence-in-depth strategies for cyber security involving multiple redundant security systems. Some are providing technology to government-led QKD infrastructure initiatives and QKD trials aimed at defence applications. As would be expected, no further details were provided of the latter but, as for trials in other sectors, it would seem reasonable to assume trials in the defence sector are likely to focus on deepening understanding QKD, its strengths and weaknesses and any potential role in cyber security.

Interviewees were clearly aware of national guidance, in the UK and other countries, that cautions against QKD, but note that the defence and security communities need to ensure they have the skills and capabilities to understand quantum threats.

In addition to the telecoms, finance, digital/IT, aerospace, defence and security sectors, QKD supply chain interviewees also envisaged applications in the medical sector and government, protecting medical and other personal records. We were only able to identify one such example – a trial in a healthcare setting in Austria, and we note that R&D organisations in Austria have been at the forefront of QKD development. This is not to say that there are no other examples, but it does suggest that applications in these domains remain in the future. An interviewee noted that the finance sector has the financial resources to pilot and explore QKD while the medical sector does not. Others noted that many potential users are quite sensibly in watch-and-wait mode.

Interviewees also reported that most end-users and potential end-users are QKD technology-agnostic. This is less the case for the telecoms, digital/IT and aerospace that build solutions and need to make performance-cost decisions, but the ultimate end-users need cyber security solutions that work and have little interest in what’s inside the QKD black box.

6.2 Benefits of QKD

QKD end-users interviewed clearly understand the role and benefits that in their view are offered and expected from QKD, as did most other interviewees, identifying QKD as a technology that addresses a narrow but high-value security problem i.e. secure generation and distribution of cryptographic keys between fixed endpoints. They understood that its security advantages derive from physical properties of quantum systems rather than assumptions about mathematical hardness. Stakeholders interviewed tended to emphasise that these advantages are most relevant in niche contexts involving high-value data, long-term confidentiality requirements, and sophisticated adversaries. They were also firmly of the view that if QKD is used more widely after the pilots, it would be part of a layered approach to cyber security, implemented as complement to, rather than a replacement for, conventional and post-quantum cryptography.

Quantum threat protection through physics-based security

A central advantage highlighted by academics and QKD supply chain interviewees is that QKD offers information-theoretic security within its theoretical model. In P&M and entanglement-based protocols, cryptographic keys are derived from measurements of quantum states whose behaviour is governed by quantum mechanics. Any attempt to measure or copy these states unavoidably disturbs them, preventing an adversary from extracting information without introducing detectable errors.

This contrasts with classical public-key cryptography and PQC, which relies on the assumed difficulty of mathematical problems. Several interviewees noted that while PQC is believed to be resistant to known quantum algorithms, its security ultimately depends on unproven complexity assumptions and may be challenged by future algorithmic advances. From this perspective, QKD provides protection against classes of future attacks that cannot be anticipated today, including the possibility of undiscovered quantum algorithms capable of weakening PQC.

Cyber security specialists and QKD supply chain interviewees emphasised that this property is particularly relevant for organisations concerned about “harvest-now, decrypt-later” attacks. Because QKD generates keys whose secrecy does not depend on computational assumptions, keys used today are not vulnerable to retrospective compromise due to future increases in computing power – assuming the underlying symmetric encryption protocol is sound e.g. OTP or AES.

According to interviewees, clients who place the highest value on this advantage are defence users, and some government agencies, which operate under a “readiness” mindset and plan for adversaries with substantial technical and financial resources. Some financial institutions and operators of critical infrastructure also view physics-based security as attractive for a small subset of especially sensitive links, though many acknowledge that PQC alone is likely to be sufficient for most applications.

Interviewees repeatedly stressed that these theoretical guarantees apply to the protocol and hardware configuration, not automatically to real-world implementations. Practical systems rely on physical components (sources, detectors, modulators, and electronics) that can exhibit imperfections and side-channels. As a result, the realised security of deployed QKD depends on careful engineering, testing, and integration, similar to any other cryptographic technology. Nevertheless, interviewees reported specific benefits of the physics-based security offered by QKD:

  • Eavesdropping detection and tamper awareness:

Another frequently cited advantage is QKD’s inherent ability to detect eavesdropping on the quantum channel – also a result of the quantum basis of the technology. In QKD protocols, the legitimate parties compare a subset of their measurement results over a classical authenticated channel to estimate the quantum bit error rate. If an adversary has attempted to intercept or manipulate the quantum signals, the error rate increases beyond acceptable thresholds, causing the protocol to abort and no key to be generated.

Several QKD supply side interviewees indicated that clients, particularly from defence, government, and some critical infrastructure contexts, stated that this tamper-detection capability is valued as much as the resulting key material. It provides immediate evidence that a communication link is under active attack, rather than only indicating compromise after a breach has occurred. Vendors noted that some customers explicitly view QKD as a sensor for hostile activity on fibre links, in addition to a key distribution mechanism.

Technically, this advantage arises because QKD couples key establishment with channel monitoring. Conventional key exchange protocols do not provide comparable physical-layer visibility; an adversary may copy encrypted traffic or capture key exchange messages without being detected. QKD, by contrast, links secrecy and intrusion detection within the same protocol execution.

Academics and cyber security experts cautioned that this benefit applies only to the quantum channel itself. QKD does not detect compromises of endpoints, key management servers, or classical network infrastructure. Consequently, organisations that value this feature would also tend to have highly controlled physical environments and mature security operations, enabling them to interpret and respond meaningfully to threats identified via the QKD system.

  • Long-term confidentiality:

Interviewees across academics, QKD supply and user groups highlighted long-term confidentiality as a major benefit of QKD – referring to QKD’s ability to generate keys that are safe from current as well as future threats. Keys generated through QKD are random, ephemeral, and never reused. Once a session key is consumed and discarded, there is nothing stored that could later be revealed to reconstruct past communications.

In practice, QKD-generated keys are fed into symmetric encryption systems (commonly AES) that protect high-speed data channels. Provided the symmetric cipher remains secure, past traffic remains protected even if future breakthroughs occur in public-key cryptography or PQC. Vendors described this as offering confidence that sensitive data encrypted today will remain confidential decades into the future.

This property is especially attractive to organisations with long data retention horizons, where data may be sensitive and require protection for long periods of time, with interviewees from the UK and beyond providing examples such as defence, intelligence, diplomatic services, and some financial or industrial operators. For these stakeholders, the risk is not only near-term compromise of data but also future exposure of historically recorded communications.

Several interviewees noted an important caveat: QKD alone does not guarantee long-term confidentiality if the surrounding encryption or authentication mechanisms are flawed. QKD secures the distribution of keys, not the correctness of the encryption algorithm or the security of endpoints. Consequently, forward security must be understood as a system-level property achieved through correct integration.

Hybrid and layered security: orthogonal lines of defence

There was strong consensus across interviewee groups that QKD is most valuable when deployed as part of a layered security architecture. In such configurations, QKD is combined with classical symmetric encryption and increasingly with PQC, so that multiple independent mechanisms contribute to overall security.

A commonly cited model is to use PQC or classical public-key encryption methods for authentication and session setup, while using QKD to supply fresh symmetric keys for bulk encryption. Some interviewees described hybrid key derivation, where keys from QKD, PQC, and conventional sources are combined (for example through hashing) to form a single session key. In this arrangement, an attacker would need to break all underlying components to compromise communications.

Academics, cyber-, and QKD supply chain interviewees emphasised that this “orthogonality” described in the latter case is a core strength: QKD fails differently from mathematically based schemes. If a weakness is discovered in a PQC algorithm, QKD’s quantum properties can still protect the link; conversely, if a QKD implementation flaw exists, PQC may still provide security in a layered or hybridised system.

Interviewees from the end user group who have adopted QKD to date tend to be those seeking to pursue defence-in-depth cyber security strategies with multiple redundancies in the system, particularly in telecom backbone infrastructure and some financial institutions and with the expectation that it might be adopted to defence-in-depth cyber security strategies in domains such as critical national infrastructures and possibly defence and security. Non-users and cyber security specialists, however, cautioned that the marginal security benefit of adding QKD to a well-designed PQC-based system may be small in many environments and must be evaluated on a case-by-case basis.

Configurations where QKD excels according to interviewees

Point-to-point links: QKD is currently most effective for fixed, high-value links, such as between data centres, government or defence facilities, and critical infrastructure. Fibre-based QKD deployments are particularly suitable for links up to ~30 km without trusted nodes, whereas satellite QKD can be used for longer distances.

Strategic value according to interviewees

Quantum networks: Beyond immediate security, QKD is an enabler of critical technologies for future quantum networks, such as quantum repeaters and quantum memory, including potential entanglement-based communication between quantum computers and sensors. Investments in QKD today create infrastructure and expertise that could accelerate the adoption of the quantum Internet tomorrow.

Driving organisational awareness and readiness: One end user reported that piloting QKD catalysed board-level engagement, providing tangible evidence of quantum capability (in terms of threats and security) and prompting broader investment in quantum-safe initiatives. By demonstrating real-world quantum technology, QKD helps organisations gain executive support and funding for long-term cyber security strategies.

Marketing and reputational benefits: Some organisations leverage QKD deployment to signal to clients and stakeholders that data security is taken seriously, supporting trust and confidence in high-security contexts.

7. Challenges and risks with QKD

Key insights

Interviews indicate that practical systems depart from idealised models, meaning that claims of theoretically proven security must be interpreted carefully and weighed against real-world risks such as device imperfections, side-channel attacks, and operational vulnerabilities.

Technical limitations are central. QKD has proven vulnerable to side channel attacks and faces similar challenges to other secure key distribution methods in that it does not address endpoint authentication or broader network vulnerabilities. Eavesdropping detection provides a unique monitoring capability but can also be exploited for denial-of-service if the channel is deliberately disturbed. Fibre-based QKD is constrained by distance, typically tens of kilometres, necessitating the use of trusted nodes to extend QKD links; these nodes break end-to-end quantum security. Satellite QKD can overcome distance but introduces vulnerabilities such as weather dependence and line-of-sight issues.

Most risks identified are specific to QKD hardware and operational requirements, yet interviewees emphasised that they, for the most part, are not fundamental flaws of QKD itself. Rather, they reflect the technology’s current developmental stage, limited standardisation, and the novelty of deployment processes. Overall, widespread adoption is constrained by performance, deployment, and cost factors, highlighting the need for careful evaluation of the technology before deployment.

7.1 Challenges

Across interviews, interviewees acknowledged that QKD offers distinctive theoretical cyber security advantages but also emphasised that these advantages are accompanied by substantial challenges.

Performance

  • Theoretic vs real cyber security. While QKD protocols are provably secure in theory, especially when paired with OTP , academics and both QKD- and cyber supply chains consistently emphasised that QKD devices have demonstrated vulnerabilities to physical attacks on the signal source or detector, e.g. by injecting light at the source to corrupt the signal, or by interfering with the detector. These vulnerabilities are known as side channels. QKD supply chain interviewees and academics noted that these attacks are limited to the immediate location of the QKD equipment, and, for the most part, not to the fibre in between, so that QKD should not be susceptible to man-in-the-middle attacks. It is important, therefore, that these locations are protected by physical and cyber security measures of their own.
  • Marginal security benefits. Non-adopters and cyber supply chain interviewees agreed that QKD has interesting features, such as the ability to detect eavesdropping. However, they stressed that classical cryptography and PQC offer adequate protection from current and future threats, respectively.
  • Denial of service. While QKD’s anti-eavesdropping capability represents a significant benefit for some applications, cyber supply chain warned that this can be turned against users. Specifically, when interference is detected in the quantum channel, the system typically will cancel the affected keys and issue new ones. Attackers can force communications to stop by continuously interfering with the quantum channel in what is called a denial-of-service attack.
  • Distance. As described in section 0, QKD transmission through optical fibre is subject to signal degradation, or attenuation. According to QKD- and cyber supply side, the most common workaround for this issue is the trusted node. This break in continuity of the quantum signal represents a potential weakness in the system by introducing more QKD devices along the signal’s path. The devices at these nodes are vulnerable to the same attacks mentioned above, which in some applications presents an unacceptable risk.
  • Maturity. Academics and QKD supply chain frequently mentioned components and protocols that are being developed or improved to address gaps in QKD’s real-world performance and to improve field-readiness, e.g. combining and routing signals in multi-nodal networks, or closing side-channels. Non-adopters and cyber supply chain stressed that these gaps present real cyber security risks today. For example, the performance of single-photon emitters was discussed in several interviews, with attention called to the fact that current technologies are prone to emit multiple photons when they should only emit one; these excess photons can be siphoned off the communication channel without triggering any eavesdropping alarms, and can provide information about the key.
  • Mobility. Cyber supply chain interviewees frequently expressed that QKD is currently confined to fibre optic cables and line-of-sight applications. This means that present QKD technologies cannot be adopted in mobile devices like smartphones and laptops without a physical connection. Consequently, QKD is limited to ‘simple’ configurations and in most cases cannot be implemented from end-to-end, unlike software-based solutions like classical cryptography and PQC, which can operate over mobile networks and reach user devices without physical connections.
  • Standardisation. Academics and QKD supply chain interviewees highlighted work that has been done by bodies like ETSI to standardise how QKD interfaces users’ systems and other QKD devices. However, they said that more work is needed to ensure that QKD can be usefully integrated or hybridised with other cyber security solutions like classical cryptography and PQC.
  • Developers. Another performance challenge mentioned by academics and the cyber supply chain, though not technical, is the context in which QKD is developed. While there are several established companies are involved in the QKD supply chain, interviewees noted that many QKD device vendors today are small companies spun out from physics research. In their view, these companies tend to focus on the physics of QKD and lack a cyber security approach, which limits the relevance and utility of QKD devices in real-world cyber security settings. This presents a risk to the field-readiness of QKD solutions.

Deployment

  • Authentication and the need for a classical channel. QKD is a key distribution method, and like other key distribution methods, both digital and physical, it does not ensure that the users receiving the keys are who they say they are. This is an authentication issue. In cyber security contexts, experts from the cyber supply chain said that in practice, QKD must be paired with an authentication mechanism, most (if not all) of which act over a classical channel, in a process that is separate from QKD. They argue that since QKD needs a classical channel (in addition to a quantum channel) to be useful, and since other key distribution methods that rely solely on a classical channel offer adequate cyber security, the marginal benefit that QKD provides does not outweigh the required investment in new communications channels.
  • Cyber security assurance. Academics frequently mentioned that efforts are underway to provide formal assurance that QKD devices of all kinds meet cyber security standards, e.g. EuroQCI participants are developing the governance and identifying certification bodies, while also developing the infrastructure that will be needed to test systems that deploy QKD through project NOSTRADAMUS, and QAssure, an Innovate UK project, is exploring technical means to certification. Interviewees from all categories emphasised the importance of certification for the adoption of QKD in enterprise settings, as cyber security providers will not implement uncertified technologies in an organisation’s operations.
  • Skills and processes. Non-adopters and cyber supply chain interviewees mentioned that organisations wishing to adopt QKD will need to develop new skillsets, lifecycle management processes, and threat models, given the fundamental differences in how it operates compared with other cyber security solutions.
  • Last mile. Interviewees from all categories described a ‘last mile’ issue, which broadly refers to vulnerabilities closest to the data’s end-user. The last mile is not unique to QKD, and presents a significant threat to many cyber security solutions, e.g. data in transit may be encrypted with an unbreakable system, but if the end-user views the data in a public space, attackers can gain visibility of the data physically or by using cameras etc. In QKD’s case, the encrypted data is secure across the part of its journey that is covered by QKD, i.e. from point-to-point. However, once the encrypted data reaches the QKD device it is decrypted with the quantum key. The user’s remaining cyber security measures must be relied on for the data’s journey from the QKD device to the final destination.
  • Interoperability. Academics highlighted that different forms of QKD (different protocols, variable types, quantum properties etc.) are not necessarily interoperable. Current solutions include a combination of standards and abstraction layers (see section 5.2). EuroQCI was offered as an example of a cross-border system that is in the process of connecting different QKD types into a single network in this way. However, depending on how the solution is configured, these abstraction layers present a break in the quantum chain, and standards for the physical layer are still emerging.
  • Supply chain. Given the significance of QKD hardware for the solution’s cyber security performance (as opposed to software-based solutions), supply chain integrity is an important concern that was raised by QKD- and cyber supply chain interviewees. For a given QKD device, the vendors and components should be certified.
  • Commercial model. Cyber supply chain interviewees expressed that interest in QKD from clients is currently low, while QKD supply chain interviewees said that the value proposition for QKD is unclear, and that a profitable commercial model is yet to be found. According to institute interviewees, this may limit opportunities to test and improve the technology in real-world settings.

Cost

  • Hardware. Academics, QKD and cyber supply chain interviewees mentioned that the optical components of QKD devices are expensive, with the prices increasing significantly for the high-performance devices like superconducting nanowire detectors . Given the importance of hardware performance in QKD, and the need for physical QKD devices to be present at any point of access, the cost of QKD systems increases significantly with scale.
  • New organisational capability. End-users and cyber supply chain interviewees expressed that QKD is not currently a plug-and-play cyber security solution. In addition to hardware investment, users need to develop the skills and processes necessary to deploy and maintain QKD within the organisation’s wide cyber security suite.

7.2 Alternatives

PQC and classical cryptography were frequently presented as acceptable alternatives for QKD in future and current contexts, respectively, by interviewees from all categories. Given that they are software-based, both PQC and classical cryptography can run on devices and networks without any physical upgrade requirements – though some interviewees cautioned that the computational requirements for PQC are high, while others discussed the complexity at the system level of preparing for migration to PQC. Furthermore, since neither alternative requires a physical connection or a direct satellite link, they can both be implemented as true end-to-end solutions i.e. for the transmission of data from any device, including mobile phones, to another device, in contrast with the site-to-site transmission of QKD.

7.3 Factors influencing QKD adoption

Based on the challenges described above, the key factor, reported by Interviewees, that leads non-adopters of QKD and the cyber supply chain to avoid QKD is that, in their view, QKD offers very specific or marginal benefits compared to its alternatives that do not outweigh the financial cost of its deployment (dedicated channels, new hardware, developing new skills and processes), nor the effort of closing side-channels and integrating QKD with existing systems.

Another key factor raised by end-user interviewees who are using QKD on a trial basis is the lack of formal assurance. They stated that without validation by a trusted external actor, they will not consider adopting the technology in their wider operations. Cyber supply chain interviewees also frequently mentioned that they prefer to align with organisations like NCSC and NIST, and that current guidance from those agencies is a strong reason to keep away from QKD for now. A few did mention, however, that if demand from clients was high enough, they would consider incorporating QKD into their suite despite national guidance.

The cyber supply chain interviewees also emphasised that QKD lacks the flexibility of its alternatives, e.g. through the need for a fixed connection which prevents its use on mobile devices.

8. Trajectory for QKD

Key insights

Stakeholders hold contrasting views on QKD’s future. Overall, they described QKD as evolving along multiple technological pathways, each with distinct risk-benefit profiles.

Some academics and QKD supplier representatives anticipate gradual cost reductions, hardware miniaturisation, hybridised deployment of QKD with other cyber security solutions, and incremental integration into existing cyber security infrastructure. Satellite QKD and entanglement-based approaches could expand operational reach. Some position QKD as a foundation for future quantum networks. Others, particularly non-users and some non-QKD cyber suppliers, expect QKD to remain niche, cautioning that it offers limited commercial value outside specialised applications and emphasising the greater scalability and practicality of PQC as a solution to the post-quantum threat.

Despite these differences, there is a broad consensus that QKD will not become a dominant or standalone security technology. Its primary value lies in providing optional cyber security enhancements in high-value contexts and as a stepping stone in the development of quantum networks. Achieving these outcomes depends on cost reductions, standards adoption, certification, education, and operational experience.

8.1 Technology trajectory

While current QKD systems are limited to specialised infrastructure and point-to-point or metroscale multi-nodal network configurations, ongoing research and development are focused on expanding the practicality, scalability, and security of QKD in general.

  • Interviewees from academic, QKD supply chain, and end user categories expressed that satellite QKD represents a natural progression from terrestrial fibre-based systems. It is viewed as the fastest way to extend QKD beyond the ~30 km range of optical fibres. Next-generation systems are being developed to incorporate multiple kinds of QKD, including P&M and entanglement-based QKD. QKD supply chain expect that UK telecom providers will provide satellite QKD-as-a-service before 2030.
  • Academics and QKD supply chain interviewees indicated that preventing side channel attacks is a key development priority, both for the technologies that are common today, such as P&M, and for the entanglement-based QKD that is still largely experimental. One of the key benefits interviewees from the EU foresee coming from this work is the eventual certification of QKD for use in the highest level of EU cyber security contexts. QKD supply chain interviewees familiar with EuroQCI mentioned the programme included a roadmap to secret-level cyber security assurance by 2029.
  • Miniaturisation of QKD’s optical components is actively pursued, with academics and QKD supply side expressing strong beliefs that QKD devices will be available in chip-based, small, pluggable forms before 2030. They mentioned that these versions will drastically reduce the cost of QKD hardware since components would no longer be hand-placed and the chips could be mass-produced.
  • Interviewees mentioned that protocols are being developed for greater transmission distances, e.g. twin-field QKD[footnote 10]. According to QKD supply chain interviewees, these protocols are already demonstrating signal clarity over distances of ~150 km, which could decrease reliance on trusted nodes in metropolitan settings.
  • Interviewees from all categories highlighted research being conducted in entanglement-based QKD. Many expressed their belief that this would eventually be the favoured form of QKD, given that it closes several side channels by the very nature of entanglement. For the same reason, entanglement-based QKD is also expected to support multi-nodal network configurations better than other kinds of QKD. Academics stated that entanglement-based QKD is expected to become practically realisable by 2030, with large networks established by 2035.
  • Along with entanglement-based QKD, QKD- and cyber supply chain interviewees believed that quantum repeaters will be deployable in the coming years, which will eliminate the need for trusted nodes in terrestrial configurations. They felt that this would be a critical development for QKD applications where trusted nodes represent an unacceptable vulnerability.
  • Several academic and QKD supply chain interviewees discussed international standardisation and certification that would enable large, cross-border networks.

8.2 Adoption trajectory

Interviews overall present divergent opinions on the adoption of QKD going forward. The most commonly held views are presented below.

  • Those who were most positive about QKD, typically academics and the QKD supply chain interviewees, believe that QKD will be widely adopted in a hybrid system, mainly in combination with classical cryptography and PQC, over multi-nodal networks. A key motivation for this kind of setup is to provide an independent, or orthogonal, line of defence since QKD has a different failure mechanism than the other two solutions. Specifically, it is based on the laws of quantum mechanics and not on mathematical difficulty. This trajectory assumes that the conditions necessary for certification have been met, and that companies have invested in exploring real-world implementations of QKD in combination with other cyber security tools.
  • Those who were less positive about QKD, typically cyber supply chain interviewees, believe that QKD will be narrowly used as a specialist solution in highly specific applications, limited to point-to-point configurations. Interviewees with this view agreed that QKD has valuable features, but that these are not useful for the majority of cyber security applications.

8.3 Quantum networks

Although quantum networks were not the focus of the study’s interview guide, it was raised regularly by interviewees from academic, QKD and cyber supply chain categories when discussing the benefits and future of QKD. While not directly related to cyber security, interviewees felt that QKD has an important role to play in progress toward quantum networks. Most pointed to the utility of quantum networks for distributed quantum computing (combining geographically separate quantum computers to run more complex algorithms) and distributed quantum sensing (creating extremely precise sensors at the regional or planetary scale), and not necessarily for the replacement of current digital networks or for cyber security.

A view held by interviewees from all categories is that the technologies, skills and supply chains linked to QKD, especially entanglement-based QKD, are important for the realisation of quantum networks given that they drive critical quantum networking capabilities like quantum repeaters and quantum memory. Those interviewees who see no value in QKD as a cyber security tool felt that QKD research should be repurposed toward developing quantum networks. In this sense, QKD’s long-term strategic value outweighs its near-term cyber security value.

The table below presents a summary of the different views held on QKD’s trajectory by different interview categories.

Table 4: Summary of interviewees views on trajectories

Stakeholder type Expected QKD trajectory Adoption timeframe Role in hybrid security / networks Key notes / contrasts
Academics QKD as stepping stone toward quantum networks; focus on entanglement, repeaters, and long-distance connectivity 2030-2035 for market-ready quantum network demonstrations Enabler for distributed quantum computing, quantum Internet, and hybrid architectures Emphasise research over immediate commercialisation; see limited standalone security value today
Cyber Supply chain Gradual adoption, mostly pilot or niche applications; hybrid integration with PQC and conventional cryptography Next 5-10 years for pilots; broader commercial uptake uncertain Integrate QKD with KMS, PQC, and conventional systems for defence-in-depth Cautious on cost-benefit; adoption depends on strong use cases and reference architectures
QKD Supply chain / Vendors Optimistic gradual expansion; hardware miniaturisation, SFFP deployment, satellite links 5+ years for niche commercial deployments; longer for mass adoption Component in hybrid security; potential integration into telecom equipment and satellite networks Focus on cost reduction, photonic integration, and interoperability standards; view QKD as commercially viable if infrastructure matures
Non-Users / Enterprises Limited practical adoption; prefer PQC alone Minimal adoption in next 5 years Optional enhancement in high-value or regulated contexts Emphasise operational simplicity, cost-effectiveness, and risk-reduction; sceptical about QKD’s marginal benefits
RTOs Strategic infrastructure deployment; enable early adopters and pilots Variable, often long-term (5-15+ years) Fund and manage QKD infrastructure; support standardisation and certification Aim to absorb risk and create foundational infrastructure; may drive adoption in regulatory contexts
Users (High-Security / Critical Infrastructure) Targeted deployment for sensitive communications and backbone networks Medium-term (5-10 years), depending on regulation and threat perception Layered with PQC and conventional cryptography for defence-in-depth Adoption driven by regulatory compliance, security needs, and cost-benefit analysis
International Actors (EU, China, US) Large-scale networks and certification frameworks 5-15+ years depending on programmes Enable interoperability, cross-border quantum networking China leads in large networks; EU focuses on interoperability and certification; UK aims to remain competitive via collaboration

9. Potential policy measures – views from the community

Interviewees emphasised that government support is essential for the on-going development, assurance and adoption of QKD. While the technical capabilities, products, and expertise for QKD exist, interviewees expressed that progress is constrained by a number of factors and identified solutions where policy measures can play a role.

  • Support to establish trusted assurance processes. QKD end-user interviewees highlighted the importance of external certification, via trusted accredited bodies, of the performance and security of QKD components and systems. Without it, they will not consider expanding their QKD pilots to real-world data and systems to support wider business operations. Academics said that a certification body must be identified and equipped with the tests and technologies for performance, security analysis and certification. For long-distance international networks, interviewees noted the importance of security assurance of nodes and repeaters in multiple countries.
  • Participation in international standards development. International standards are required to underpin assurance processes and interoperability. QKD supply chain interviewees discussed the importance of international cooperation to ensure interoperability of components in a global market, to fill gaps where the UK is unlikely to be home to a complete QKD supply chain, as well as to enable long-distance cross-border QKD networks. Interviewees were clear that the UK cannot, and should not, develop standards in isolation and should do so with like-minded countries such as EU countries, USA, Japan, and Australia.
  • Demonstration. Interviewees, particularly those in academia and QKD supply side emphasised the lack of a successful commercial model at present and take the view that QKD will struggle to find its best fit without further trials and pilots to identify and demonstrate strong use cases. They would like to see the government support real-world demonstrators and testbeds for QKD that allow the market to engage and steer development and so decrease financial risks for QKD developers and help them refine their offerings and develop an effective commercial model. They emphasised the importance of using demonstrators to work with end-users, so that practical, implementable QKD products can be built. Several interviewees identified the EuroQCI initiative as a good example of government support for practical implementation and regretted that UK is not involved or have something similar in the UK. One interviewee noted that a pilot with a government end-user would demonstrate that it backs QKD in use as well as supporting quantum technology as an emerging technology sector. Interviewees also felt that government should encourage hybrid development and demonstrators, where QKD is deployed as an independent layer of defence alongside classical cryptography and PQC, or where hybrid cryptographic keys are built from all three methods.
  • Be mindful of premature policy. Some academics and cyber suppliers cautioned against policy involving implementation mandates for QKD, since the technology and its commercial model are still maturing. Instead, government should consider enabling policy, allowing a subset of sectors with strong use cases to explore QKD safely.
  • Focus on PQC. Interviewees from the cyber security supply chain (non-QKD) and non-adopter groups felt that to address the threat of cryptographically relevant quantum computers, government should focus its efforts on PQC migration instead of QKD. It was a commonly held view, even among interviewees from end-user and academic categories, that PQC is currently less expensive and less complex to deploy, and provides adequate protection for a large range of use cases. Some cyber security suppliers suggested that the skills, technologies and supply chains for QKD would be better focused on quantum networks instead of cyber security.
  • Awareness of QKD capabilities. Some interviewees were keen for government to promote the capabilities of QKD, and some to promote the capabilities of QKD and PQC, highlighting the advantages and disadvantages of both and how they can be used together. Interviewees also identified a need to increase links between the QKD community and NCSC, in order to ensure the capabilities and role of QKD as a component of cyber security are better understood and, potentially, better reflected in NCSC guidance. NCSC’s influence internationally was noted, not only with its peers in similar sized countries but also its use as a reference point for smaller countries, meaning its guidance plays a considerable role in market confidence and acceptance of innovative technologies.

10. Conclusions and options

10.1 Summary of study findings

This section presents a summary of the findings from the qualitative research undertaken in this study i.e. the interviews and the case studies.

QKD remains at an early demonstration stage

From an end-user perspective, QKD technology as a cyber security solution is at the early demonstration stage. At this point in time, early adopters are participating in trials of QKD but the technology is not in use as a fully-fledged cyber security solution in real operational business or public sector environments.

Supply chain configuration

Potential QKD systems suppliers in the telecoms and digital/IT sector have invested heavily, alongside government support, to develop QKD testbeds to enable potential end-users to experiment and explore QKD’s capabilities in cyber security in close to real-world conditions. The majority of these are based on the most mature and/or least complex quantum technologies i.e. encryption key distribution based on prepare-and-measure protocols using DV and fibre-based implementation systems. The underpinning quantum technologies are provided via the supply chain of traditional IT and telecoms equipment manufacturers and dedicated quantum-focused SMEs and start-ups.

Limited early adoption

To date, early adopters are few in number, and in sectors such as finance and aerospace. All those Interviewed were fully aware of QKD’s capabilities and limitations and its potential role in mitigating the post-quantum threat i.e. that QKD is only used for encryption key distribution and requires additional security features to be deployed alongside - in particular physically secure endpoints and authenticated users. As such, all trials discussed are being conducted in ring-fenced real-world environments. Similarly, most interviewees believe that QKD will be deployed as an additional security layer alongside PQC and conventional controls. However, not everyone is convinced that QKD is needed to address the post-quantum scenario, with many in the broader cyber security community taking the view that PQC will be sufficient.

Value proposition and trajectory

QKD’s value proposition and commercial model are still uncertain due to the current level of technological maturity, particularly at the QKD systems level, and insufficient evidence (for end-users) for its performance in practice, plus concerns regarding the skills and costs of a complex non-software based cyber security solution. As a result, while numerous underpinning QKD technologies are in development, including those based on quantum entanglement, its future trajectory remains uncertain. There are broadly three possible scenarios: QKD may become a key component in hybrid post-quantum cyber security solutions; be a specialised solution in point-to-point configuration for niche high-value applications; or not be adopted to any great extent. In whichever scenario comes to pass, the demonstration of quantum states in real-world communications networks and the underpinning QKD technologies developed (quantum repeaters and memory) are important to progress towards quantum networks.

Policy choices will shape the role of QKD

Given the UK government’s goal is to ensure sufficient overall security of systems that may use QKD, while supporting the development of the underlying technologies as a foundation for broader quantum networking, we propose the following options:

10.2 Policy options

Note that the options presented here are the product of independent research and do not reflect HM Government policies.

Continued financial support for developing an assurance infrastructure for QKD

Assurance of QKD systems is essential to secure adoption, providing confidence that components and systems perform as specified and, even more importantly, offer true cyber security. Assurance requires an infrastructure of commonly agreed standards, testing protocols and facilities and certification processes. We note that standards also stimulate secure adoption by enabling interoperability of components from different suppliers and system protocols.

Potential policy measures:

  • Support and fund a mechanism to coordinate the relevant UK community to design an assurance system for QKD. Many members of the UK QKD community were involved in a recent Innovate UK-funded project (QAssure) to establish a security assurance framework to assess system security for quantum technology-based communications systems, with QKD as the primary focus.[footnote 11] This project brought together UK QKD and cyber security experts in industry and academia to work together for the first time to address the issue and, while it has moved the assurance concept forward, there is still much to be done to achieve a complete and widely accepted assurance process. Therefore, we recommend further funding for collaborative assurance work in QKD to continue development of standards, testing protocols and certification processes. The assurance system is likely to evolve over several years, as is typical of such processes, but we recommend a specific time-bound project, e.g. three years, to build on the work of QAssure and move assurance capabilities forwards but with a fixed end point at which to assess progress and take stock before further public sector support (if necessary). We also recommend widening participation in assurance development activities, not only with the UK QKD community (technology developers, academics, NPL), but a wider group of cyber security solution providers and, most importantly, members of the end-user communities, possibly via a project board to guide and review activities.
  • Ensure funding is available for UK participation in international standards bodies. To be effective, assurance processes for widely used technologies need to be developed at international levels. International standards bodies such as ETSI and ISO/IEC are already working on QKD standards[footnote 12] with UK participation (representing UK interests and needs) managed via BSI and supported by NPL. Nevertheless, while businesses fund their own participation in these committees, participation by less commercially driven organisations such as RTOs and academics is not a given without some form of financial support. Therefore we recommend that the government ensures relevant RTOs / academics are funded to participate in standards activities, potentially via the QKD assurance project.
Support for QKD demonstrators and trials

Demonstration infrastructure and capabilities that enable potential commercial and / or public sector end-users to explore and test QKD are still required. Various demonstration capabilities and skills have been developed under previous funding mechanism programmes (primarily the National Quantum Technology Programme) but are unlikely to be available for wider use without government support.

Potential policy measures:

  • Ensure funding is available to continue availability of QKD demonstrations. At present most demonstration capabilities (i.e. locations with the skills and relevant QKD hardware and dedicated fibre communications networks) are at universities or are led by BT. We recommend that the demonstration capabilities are mapped and discussions initiated by DSIT with relevant parties to discuss how to make them more widely available.
  • Stimulate a wider user-base for QKD trials using demonstration capabilities. End-user trials to date are few in number and limited to a few sectors, and results are not necessarily disseminated. Interviewees also note that there have been no trials (as far as they are aware) involving government departments or agencies. We recommend that the government consider piloting an open call programme for QKD trials, targeting commercial users. We note that the design for such a programme would need to form part of the discussions with demonstration providers referred to above.

Increase awareness of the implications of quantum technologies for cyber security

Awareness of the post-quantum threat, and the implications of using quantum technologies like QKD as part of the solution to address it, appears to vary, and misconceptions about its strengths and weaknesses remain even among those who are reasonably well-informed. While some of this is due to differences of technical and commercial opinion, particularly among the QKD and cyber security supply chain, those responsible for cyber security need information from trusted sources to make well-informed decisions.

Potential policy measures:

  • Compile and disseminate relevant information on solutions to post-quantum security. We recommend that government identifies and enables a suitable group of experts to compile information on current thinking from a wide range of sources on the implications of QKD, the role of PQC and traditional methods for addressing the post-quantum threat – including current knowledge of advantages and disadvantages of the different technologies in cyber security, findings from demonstrations and trials supported, along with formal advice from NCSC, with the purpose of aiding learning and informing decision-making. We note that this information would need to be updated on a regular basis. We recommend that government identifies and works with relevant trade bodies and professional bodies to disseminate the information compiled.
  • Increase levels of engagement between the quantum community and NCSC to maximise knowledge exchange as QKD continues to be developed. We note that the assurance project recommended above may provide a suitable vehicle for example.

10.3 Evidence gaps and further research

A key finding from the study is that QKD use is highly limited, both in terms of sectors currently using it and the total number of organisations doing so, and these users are only exploring its possibilities rather deploying it as a key element of their cyber security toolkit. Therefore, the manner in which QKD may be used in real-world cyber security settings is still taking shape, both in the UK and globally, and the extent to which QKD will be deployed remains unknown. Therefore, the QKD use cases (Appendix A) can only illustrate QKD’s use in trials and pilots rather than its use within live cyber security systems. Nevertheless, QKD technology and its adoption is evolving and therefore the findings reported here provide a snapshot in time, and there would be value in a similar study in, say, two years’ time. In the meantime, as QKD suppliers are often keen to report their successes, the new pages of their websites could be monitored at regular intervals to identify and track wider adoption. In addition, the commercial development and growth of specialist QKD supply companies could also be tracked.

Appendix A: Use cases

A.1. Consumer banking

Summary

To build momentum around long-term quantum threats, a leading international bank joined a QKD pilot to trial the quantum-secure transmission of data. The trial helped executives accept that quantum technology is already pertinent, and ultimately contributed to a full ongoing migration toward quantum-safe cyber security within the company, albeit largely through PQC.

Context

International banks operate in an environment where secure connectivity, regulatory certainty, and long-term technology planning must evolve together despite complex legacy constraints. They handle billions of transactions across dozens of countries. They rely on low-latency, high-throughput links between global data centres and secure connections with customers, regulators, and market venues. In preparation for when quantum computers become powerful enough to break standard public-key encryption, and when regulators require organisations to become quantum-secure, banks require a clear plan for quantum-safe security. At the same time, legacy systems resist rapid change, and some jurisdictions trust only locally approved standards.

How QKD is being applied and lessons learned

We spoke to an international bank that joined a pilot fibre-optic QKD network as a potential end user. Whilst the QKD pilot was successful in a technical capacity, its main success was in demonstrating to its senior leaders that quantum technology and the quantum threat isn’t hypothetical, ultimately driving board attention to the need for post-quantum security. The bank holds the position that QKD is not a comprehensive solution, and that it only delivers value on select, high-risk communication links. The bank is conscious that the technology still requires certification and widely recognised assurance measures. In regard to cyber security, they prioritise budget for new hardware, updating software stacks and training teams above the need to implement QKD. Most importantly, QKD cannot replace their need to comprehensively roll out PQC.

Next steps

The bank will press on with its top priority in ensuring they are quantum-secure: migrating critical systems to PQC and building cryptographic agility into every platform. In parallel, it will track progress on the assurance of QKD, and will continue to explore niche opportunities for QKD such as satellite QKD, if clear business cases emerge.

A.2. Digital identities

Summary

Digital identities (DIDs) offer more efficient services and greater administrative compliance in cases where proven identities are needed. For the system to work effectively, identity data must be secure when shared between parties. DID providers have expressed an interest in QKD’s ability to protect data in transit, though there are concerns about its performance regarding user experience and general purpose application.

Context

To participate in, and benefit from, many aspects of modern living, people are required to prove that they are who they say they are. Most of us have a birth certificate, passport or a driving license that is certified by a trusted organisation, which we can present to other organisations like banks, our employers, or airlines to prove our identity and enable us to open accounts, work, and travel.

In countries like Estonia and Singapore, governments are adopting digital identities (DIDs) which serve as a single, verifiable digital representation of citizens’ identity information that is widely accepted for in areas such as government services, healthcare, voting and banking.[footnote 13] Where DIDs have been adopted, users report improved bureaucratic efficiency and compliance, saving up to five days per year per person.[footnote 14] The UK government is also exploring the possibility of implementing DIDs.[footnote 15]

However, key to the success of DIDs is that all parties involved trust the system, and central to that trust is data security – both where it is stored, and while it is shared.

How QKD is being applied (or could be applied)

DID providers are responsible for creating a trustworthy identification credential, which includes an underlying infrastructure that securely links DID certification bodies with DID sharers and receivers. Given this emphasis on cyber security, a UK-based due diligence and DID provider expressed the importance for their business of keeping track of cyber security developments and novel solutions that could be adopted. For example, they have designed their products with quantum agility, which prepares them to interface with different kinds of quantum secure technologies, including the ability to switch between PQC algorithms, in anticipation of quantum advantage[footnote 16] (though they have not yet implemented any such technologies to date).

The DID provider expressed a desire to secure their products against future quantum threats, and that QKD presented an opportunity for them to secure data in transit, particularly in combination with strong authentication measures and PQC. However, several factors currently prevent them from adopting those technologies. Firstly, they stated that QKD and PQC are code-heavy and prohibitively slow to run on everyday devices, which affects user experience. Secondly, the DID underlying infrastructure depends on the security standards of the various technical layers, of which QKD would be one, and which today, QKD cannot certifiably provide.

Lessons learned from the market

Many DIDs run on distributed ledger (DT) technology and use networks like Ethereum as a basis. According to stakeholders, large DT networks like Ethereum and Bitcoin are already implementing quantum agility into their code, and many will switch from classical cryptography to PQC in the coming years, though the exact timing is unknown. This forces DT-based service providers to make preparations of their own, which incentivises exploration and awareness of PQC, and to a lesser extent, QKD.

Next steps

Providers of services that depend on data security expect that, before QKD could be considered for general-purpose use over public networks, issues related to the operating speed of QKD systems would need to be addressed. These issues relate mostly to the maturity of QKD software and that of its supporting elements, such as a key management system (KMS), as well as the specific hardware that runs the code. For example, stakeholders spoke of Edge AI and how chips in devices like smartphones have become increasingly specialised to improve the performance of AI applications on these devices.

To facilitate this kind of development, stakeholders emphasised the importance of testing before regulating. Specifically, they advised that government has a part to play in providing spaces and resources for real-world testing and refinement before deciding how to regulate technologies like QKD.

It is worth noting that the DID provider did not mention the ‘last mile’ issue, and how this would be relevant to the devices and public networks discussed.

A.3. Hospital data transfer

Summary

One European cyber security vendor is exploring how QKD can be combined with secret sharing to ensure that data is information-theoretically secure not only in transit, but also in storage. As part of a collaborative research project, they successfully demonstrated the secure transmission and storage of medical data between two hospitals by integrating QKD with their own respective secret-sharing devices.

Context

Quantum Key Distribution is extremely secure for data in transit, however, QKD does not protect data once it has been stored. Once data is encrypted and stored, its long-term security is still dependent on how the data and keys are stored, which can re-introduce classic vulnerabilities.

We spoke to a European cyber security vendor who specialise in combining QKD with secret sharing to ensure that both the transmission and the storage of data is quantum-secured. Secret sharing is a method by which data is split into multiple fragments such that a combination of a subset of the fragments is required for reconstruction, and any single fragment by itself is useless to an adversary. This method provides information-theoretic security, meaning “not even the most advanced quantum computer” in the future would be able to decrypt it. The cybersecurity vendor develops appliances that fragments clients’ data using Shamir’s secret sharing algorithm.[footnote 17] Each fragment can then be transmitted via QKD to separate private or public storage, meaning that their data is secure in both transit and storage.

How QKD is being applied (or could be applied)

The vendor was involved in a collaborative study with two hospitals, in which medical data was transmitted between the two hospitals (at distance ~20km ) using the vendors’ approach of combining their secret sharing appliance with a QKD system. As shown in the schematic below, data was divided into three fragments, with any two fragments sufficient to reconstruct the data. Two of the data fragments were sorted in different data centres from an internet service provider, and the third was stored in a public cloud. QKD was used for the data transfers to and from the data centres. By using QKD to protect at least two of these three lines to the storage, “the system is not even theoretically breakable”. This use case of QKD combined with secret sharing was successful, and the first of its kind.

Next steps

The vendor is focused on developing their secret sharing appliances, which are agnostic to the subsequent channel, be it fibre or satellite etc. They are also implementing secret sharing with tens of fragments (instead of just three in the use case) for further security. Whilst they are not currently manufacturing their own QKD systems (they are currently using QKD systems from other vendors in collaborative projects), they are open to producing their own systems in the near future.

A.4. Long-distance QKD

Summary

Quantum key distribution (QKD) leverages quantum mechanics to enable two parties to share encryption keys with security rooted in physical laws. However, long-distance deployment remains challenging because optical fibre loss and noise reduce key rates as distance increases. Even well-known methods such as decoy-state protocols[footnote 18] cannot fully overcome these attenuation-driven limits, motivating ongoing research into extending secure transmission ranges.[footnote 19]

Context

Standard QKD system implementations typically operate effectively over 100–200 kilometres before signal degradation becomes prohibitive. Although advanced protocols like twin-field QKD (TF-QKD) have extended these distance thresholds to approximately 1,000 kilometres using ultra-low-loss fibres in trial settings, the technology remains constrained by the physics of photon transmission through optical fibre.[footnote 20] These limitations have prompted researchers to explore hybrid approaches combining terrestrial fibre networks with satellite-based systems to achieve intercontinental quantum-secure communications.

How QKD is being applied (or could be applied)

Deployment strategies in different countries and contexts for long-distance QKD involve three complementary approaches: terrestrial fibre networks, satellite-based distribution, and optimised hybrid architectures. China has established itself as the global leader, demonstrating this vision through its Micius satellite (launched in 2016) and the subsequent Jinan-1 microsatellite, which achieved real-time QKD operations and reduced payload weight by over an order of magnitude compared to its predecessor.[footnote 21] These satellites connect to China’s 2,000-kilometre Beijing-Shanghai fibre trunk line, reportedly forming the world’s first integrated space-to-ground quantum network.[footnote 22]

Europe is advancing its own capabilities through the European Quantum Communication Infrastructure (EuroQCI) initiative, with the Eagle-1 satellite scheduled for launch in early 2026. This represents a €97 million investment toward building a pan-European quantum-safe network.[footnote 23] Researchers recently demonstrated quantum communications over 254 kilometres of existing commercial fibre infrastructure in Germany, suggesting that quantum networks could become practical without requiring dedicated optical infrastructure.[footnote 24]

A crucial operational insight from an expert interview reveals that QKD systems generate and store encryption keys in advance, rather than on-demand. Key management servers maintain pools of quantum-generated keys that can be distributed according to security policies and usage requirements. For satellite systems, this architecture addresses weather-related disruptions—the system builds up key reserves during clear conditions and draws from these reserves when atmospheric conditions prevent transmission. This buffering approach transforms intermittent satellite availability from a critical weakness into a manageable operational parameter.

Lessons learned

Real-world deployment experience has revealed several critical insights. First, satellite QKD systems must be conceived as constellations rather than single-satellite solutions. Weather limitations, orbital coverage gaps, and pointing precision requirements all necessitate multiple satellites working in coordination. Second, optimal network design requires integration between terrestrial and space-based segments. As one interviewee noted, routing keys through ground stations in clear weather regions, then distributing terrestrially, can significantly improve overall network efficiency and reliability.

Recent demonstrations by KDDI and Toshiba in March 2025 achieved 33.4 Tbps classical data transmission multiplexed with QKD over a single 80-kilometer fibre, eliminating the need for dedicated dark fibre that previously made QKD economically impractical.[footnote 25] This breakthrough in multiplexing technology represents a fundamental shift toward commercial viability.

Although such demonstrations suggest more favourable economics of QKD deployment, technical challenges persist. The QKD market, projected to grow from US$480 million in 2024 to US$2.63 billion by 2030, faces multiple challenges including low key generation rates for long-distance links, the absence of practical quantum repeaters, and interoperability concerns between different vendor implementations.[footnote 26]

Next steps

Long-distance QKD deployment requires progress in three areas: technology, regulation, and commercial infrastructure. Satellite constellations need expansion to provide continuous global coverage. Research is expected to continue on twin-field QKD and other protocols to extend transmission distances. Practical quantum repeaters remain a development goal. These would enable transparent long-distance links without trusted nodes. Organisations like ETSI and ITU-T are working on standards for cross-border QKD operations.[footnote 27] However, standardised protocols need to be developed so systems from different vendors can work together. QKD must integrate with existing telecommunications networks. Although recent demonstrations show significant promise, the technology remains unproven in commercial operational settings.

A.5. Telecom commercial model

Summary

QKD has interesting properties for cyber security. However, the form the technology will take as it matures, and who will adopt it, is largely dependent on a successful commercial model. Telecom providers are exploring QKD-as-a-service through various metropolitan trials, though for those we consulted, this model has yet to deliver value.

Context

Great products do not simply sell themselves; potentially disruptive technologies can be cut off at the knees if issues arise in the way consumers acquire, pay for, or integrate the technology. Accordingly, “The most successful technology is a perfect marriage of the product itself and its commercial offering”.[footnote 28] A good commercial model addresses barriers to entry (for example, ownership vs technology-as-a-service), route to market (for example, by accounting for enabling technologies and their suppliers), and has a strong value proposition.

QKD is a technology that has years of research and development behind it, though it has only in recent years expanded beyond the scope of researchers and into more public markets. Globally, this has largely been facilitated by telecom businesses,[footnote 29] though mostly limited to trial networks. Within these projects, telecom providers are exploring the costs and benefits of incorporating QKD into their value propositions, emphasising the benefit of securing the data traversing their networks against current and future threats in a way that mathematics-based cryptography cannot.

How QKD is being applied (or could be applied)

We spoke with a UK telecom provider about a metropolitan QKD network they have been operating on a pilot basis. The network consists of several components. Firstly, there are a handful of trusted nodes positioned up to 30km apart among the provider’s existing infrastructure hubs.

These nodes form the core of the QKD network, where keys are aggregated, and between which the bulk of keys is distributed. As trusted nodes, they enable quantum keys to be shared over large distances by generating a new set of keys at fixed points. From these nodes, customers can link into the network using their own fibre, which can be offered as a service by the provider, and which must be QKD-dedicated i.e. not used for other communications. Included in the QKD-as-a-service is a QKD box which is installed at the customer’s premises, and which generates keys to match those of the QKD box at the nearest of the provider’s trusted nodes. The provider’s QKD systems at the trusted nodes and the customer sites all include KMS, encryption, and WDM Multiplexer capability, the latter of which allows the quantum and classical data to be combined and sent over the same fibre.

The data journey from one customer to another is therefore as follows (see figure below): Customer A’s unencrypted data enters the provider’s QKD system located at Customer A’s site. From there, over the customer’s dedicated fibre, quantum keys are exchanged with Node 1, where the encrypted data is also sent. The trusted node infrastructure then generates a new set of keys between Node 1 and Node 2, and sends the encrypted data to Node 2. At this point, the QKD systems between Node 2 and Customer B’s site generate keys, and the encrypted data is sent to Customer B’s site. Using the provider’s QKD system located at Customer B’s site, the data is decrypted and passed into Customer B’s regular network.

The data journey described above applies to a metropolitan network. For communications between metropolitan areas, another element (apart from the provider’s trusted node infrastructure and the customer’s fibre link) is required: a second, larger trusted node infrastructure between cities. For global communications, trusted nodes in the form of satellites will be needed, which the provider is exploring. They expect to incorporate satellites into their QKD network within the next 2-5 years. Regarding QKD on mobile networks, which could be accessible on mobile devices, the provider feels that this is not a realistic or appropriate application of QKD. This relates to limitations in some of QKD’s core technologies – photon emitters and detectors.

Given the pilot nature of this service, the provider does not currently receive income from it. Instead, they are partnering with potential customers to run the network and conduct market analysis. These potential customers are working with the provider to explore alternatives to computational data security, which, in their current view, may not be enough. These potential customers envision QKD, which is physics-based, as an additional layer of security and not a replacement for computation-based protection.

What others say

The model described above is a metropolitan, multi-nodal network application of QKD, as opposed to a point-to-point approach. Both QKD supply chain, and cyber security providers raised a key issue with this model, specifically that of the ‘last mile’. The last-mile problem is not unique to QKD, with these stakeholders expressing that it is almost ubiquitous in cyber security. The last mile refers to what happens outside of a secure network. For example, information may reach Customer B’s site safely, but its movement through Customer B’s systems toward its final target is beyond the QKD network’s control. An employee viewing the information on a screen that is visible to others, or on a device that is connected to an unsafe mobile network, is not a security risk that QKD can address. As a model that relies on delivering information to a point which is not necessarily the final destination, a QKD metropolitan network poses more last mile risks than a purer point-to-point QKD connection may do.

In discussing potential commercial models for QKD-as-a-service, one supply chain stakeholder expressed reservations about the role of telecom companies in this market. The stakeholder argued that telecom providers’ core value proposition lies in connectivity rather than security, and noted that organisations they had engaged with around their own product were largely disappointed by the limited commercial value delivered through integrating QKD with existing telecom services. Instead, the stakeholder feels that future QKD commercialisation should look to infrastructure providers – those who lay and manage fibre networks.

A.6. Education

Summary

National Research and Education Networks (NRENs) connect universities and research centres using high-speed fibre networks. These networks are often used for sensitive research data, defence collaborations, and experimental technologies. University networks are well-suited to test QKD because they combine real-world infrastructure with research expertise.

Context

Janet (originally Joint Academic NETwork) is the main digital NREN for universities and colleges in the UK.[footnote 30] It provides high-speed connections, reaching up to 800 gigabits per second on its core links, and supports everything from teaching to data-intensive scientific research.

Janet also runs experimental facilities such as the National Dark Fibre Facility (NDFF, previously called Aurora), which gives researchers access to real-world fibre routes—around 800 km (460 miles) of single-mode fibre connecting Cambridge, London, Bristol, and Southampton.[footnote 31] Unlike controlled lab environments, these fibres experience real-life disturbances like construction, vibrations, and temperature changes. This enables QKD-related experiments to be grounded in realistic scenarios, strengthening the relevance and reliability of research results.

How QKD is being applied (or could be applied)

University networks are exploring QKD uses in two main ways: experimental testbeds and secure production applications.

The Aurora/NDFF testbed enables researchers to test quantum key exchange (based on QKD) over real fibre links as part of experiments that require repeater nodes due to distance limitations. The UK Quantum Network achieved a major milestone in 2025 by demonstrating long-distance quantum-secure communication over 410 kilometres (255 miles) of fibre between Bristol and Cambridge. This network combined two types of QKD and integrated them with classical data transmission.[footnote 32]

The team trialled quantum-secure video conferencing, encrypted medical data transfer, and secure access to distributed data centres. Similar work is happening in Europe - the SareQuant project in the Basque Country is upgrading their research network to support quantum technologies while still running their usual services.[footnote 33] Interviewees highlight that for universities involved in defence-related research, where sensitive research data transfer and secure communications are essential, QKD can play a key part in the potential solution.

Lessons learned

Universities appear to have learned several practical lessons from using QKD.

  • The quantum research community needs flexible access through software-defined networking and remote fibre switching to fibre networks so they can set up different kinds of experiments.
  • Reducing interference between quantum and normal data signals is therefore crucial because it lets systems gate transmission and reception windows, improving signal-to-noise ratios.
  • Distance remains a fundamental constraint to QKD deployment since university networks span metropolitan (20-80 km), regional (1000-5000 km) to national scales (5000-20000 km). Janet, for example, has a reported backbone of approximately 9000 km (5500 miles) of dark fibre (not including additional leased or regional links).[footnote 34]
  • Since QKD requires trusted repeater nodes for longer links, universities need to consider security and cost trade-offs when deploying or experimenting with QKD at scale.

Next steps

University networks are expected to continue serving as testbeds for QKD technology. However, QKD - despite its potential - is one of several approaches to achieving quantum-safe communications. For defence and other high-security research applications, moving QKD (and related quantum-safe technologies) from experimental demonstrations to operational deployment would likely require sustained investment.

Although NRENs can combine research expertise with operational infrastructure, they need a pragmatic approach that balances innovation with operational stability of the network. As one interviewee noted, the goal should be to future-proof the networks without making infrastructure decisions that could hinder later QKD adoption.

Appendix B: Interview questionnaire

The questionnaires for the different kinds of interview categories for this study are provided below. Interviewer notes and prompts have been removed for clarity.

B.1. QKD end users

Technology in use

  • Can you tell me about your and your organisation’s involvement regarding QKD technology?
  • As I understand it, your company is using QKD technology, is that the case and, if so, could you tell me a little more about the technology you are using?
  • Do you know what kind of QKD has been implemented?
  • Would you be able to tell us which QKD technology you are using – and/or which company or companies are supplying your QKD solution?

Purpose for using QKD

  • Could you tell us what you are using QKD for and why?
  • For example, are you using it to secure all of your data and communications networks and businesses activities or just specific areas of your business? If just for specific areas, what are they and why those? Do you think you will expand or adapt your use of QKD in the next 5 years?
  • What other cyber security systems is your QKD technology integrated with?

Benefits / opportunities

  • Could you tell us what you are using QKD for and why?
  • For example, are you using it to secure all of your data and communications networks and businesses activities or just specific areas of your business? If just for specific areas, what are they and why those? Do you think you will expand or adapt your use of QKD in the next 5 years?
  • What other cyber security systems is your QKD technology integrated with?

Risks / challenges

  • Did you experience, or are you experiencing, any risks or challenges with your QKD solution?
  • For example, these might be challenges and risks related to the cyber security capabilities of the technology implemented, or perhaps external factors?
  • Can you provide any technical details on your view, please?
  • Can you describe how this affects your preferences and decisions regarding QKD vs other key management systems?
  • In your view, how good is the operational availability of QKD? Compared with other key management systems?

Solutions

  • Given the risks you have described, what, in your view, might be the solutions to addressing them and maximising the benefits?
  • Have you attempted to implement any of these solutions, and if so, what has been the result?
  • For example, these might be solutions related to the technology itself, internal factors or solutions provided externally via the QKD supply chain and/or public policy or government intervention. They might include interventions made by the government(s) in the country(ies) that you operate in.

Other cyber security technologies

  • How easy or difficult is it to incorporate QKD into your cyber security operations, especially compared with other key management and encryption/decryption systems?
  • What other technologies do you use, or are you considering using, to provide enhanced cybersecurity (and encryption, more specifically) for your organisation?
  • If you use a combined solution (QKD and other tech), do you feel that this approach has improved or complicated cyber security for your organisation?
  • Are you using or are you considering post-quantum cryptographic methods? If so, why? And, any particular form of PQC?
  • Are you aware UK National Centre for Cyber Security (NCSC) advice of QKD and PQC?
  • Are you aware of any other national or international advice or standards related to QKD and PQC? How has this affected your decision-making, especially in comparison with NCSC advice?

The future

  • How do you see QKD technology, its role and its cyber security implications developing over the next 5 years? And do you foresee a difference between how things will develop in the UK in comparison with other countries?
  • For example, this might be changes in the technology underpinning QKD or the role of QKD within cyber security or its wider role within the wider use of commercial quantum technologies.

Close

  • That is the end of our questions, is there anything related to QKD that we haven’t covered that you would like to speak about?

B.2. QKD-alternative end users / non-adopters

Technology in use

  • Can you tell me about your and your organisation’s involvement regarding QKD technology?
  • As I understand it, your company has considered using QKD technology and decided against implementing it, is that the case and, if so, could you tell me a little more about the technology you are using instead?
  • Would you be able to tell us which QKD technology you have considered using – and/or which company or companies you were considering as suppliers for your QKD solution?

Purpose for using QKD

  • Could you tell us what you were considering using QKD for and why?
  • For example, were you considering using it to secure all of your data and communications networks and businesses activities or just specific areas of your business? If just for specific areas, what are they and why those?

Benefits / opportunities

  • To what extent are the benefits of implementing QKD outweighed by your chosen alternative?
  • Can you provide any technical details on your view, please?

Risks / challenges

  • Do you think your organisation is likely to implement QKD in future?
  • If no, why not?
  • If yes, do you envisage any particular risks to its use?
  • For example, these might be challenges and risks related to the cyber security capabilities of the technology implemented or perhaps external factors?
  • Can you provide any technical details on your view, please?
  • Can you describe how this affects your preferences and decisions regarding QKD vs other key management systems?
  • Do you think there are any risks your organisation is more vulnerable to, having chosen a QKD alternative?

Solutions

  • Given the risks you have described, what, in your view, might be the solutions to addressing them and maximising the benefits?
  • For example, these might be solutions related to the technology itself, internal factors or solutions provided externally via the QKD supply chain and/or public policy or government intervention. They might include interventions made by the government(s) in the country(ies) that you operate in.

Other cyber security technologies

  • What other technologies do you use, or are you considering using, to provide enhanced cybersecurity (and encryption, more specifically) for your organisation?
  • Are you using or are you considering post-quantum cryptographic methods? If so, why? And, any particular form of PQC?
  • Are you aware UK National Centre for Cyber Security (NCSC) advice of QKD and PQC?
  • Are you aware of any other national or international advice or standards related to QKD and PQC? How has this affected your decision-making, especially in comparison with NCSC advice?

The future

  • How do you see QKD technology, its role and its cyber security implications developing over the next 5 years? And do you foresee a difference between how things will develop in the UK in comparison with other countries?
  • For example, this might be changes in the technology underpinning QKD or the role of QKD within cyber security or its wider role within the wider use of commercial quantum technologies.

Close

  • That is the end of our questions, is there anything related to QKD that we haven’t covered that you would like to speak about?

B.3. QKD supply chain interviewees

Technology in use

  • As I understand it, your company manufactures/ sells QKD equipment, is that the case and, if so, could you tell me a little more about the technology?
  • Do you know what kind of QKD has been implemented?
  • Would you be able to tell us about who is using your QKD solution – either by company names or (if not) the sectors you are working with? Are you working with customers in the UK? Do these form the bulk of your customer base for QKD? If not, where are most of your customers based?

Purpose for using QKD

  • What purposes are your customers using QKD for?
  • As a vendor, what do you find is the main concern of your customers that motivates them to choose your product?
  • For example, are they using it to secure all of their data and communications networks and businesses activities or just specific areas of their business? Can you provide any examples?

Benefits / opportunities

  • What benefits, if any, have your customers achieved to date from deploying QKD? And/or what future benefits do they expect to achieve?
  • Can you provide any technical details on your view, please?

Risks / challenges

  • As far as you are aware, have your customers experienced, or are they experiencing, any risks implementing QKD or any risks or challenges once in use?
  • For example, these might be challenges and risks related to the cyber security capabilities of the technology implemented, or perhaps external factors?
  • Can you provide any technical details on your view, please?
  • Can you describe how this affects your preferences and decisions regarding QKD vs other key management systems?
  • In your view, how good is the operational availability of QKD? Compared with other key management systems?

Solutions

  • Given the risks you have described, what, in your view, might be the solutions to addressing them and maximising the benefits?
  • Can you provide any examples of these solutions being implemented (successfully or unsuccessfully)?
  • For example, these might be solutions related to the technology itself, solutions that can be delivered within or by the QKD supply chain and/or public policy or government intervention. They might include interventions made by the government(s) in the country(ies) that you operate in.

Other cyber security technologies

  • How easy or difficult is it to incorporate QKD into a client’s cyber security operations, especially compared with other key management and encryption/decryption systems?
  • Do you advise your customers to use other technologies alongside QKD?
  • If so, What are they?
  • Could you explain why you recommend their use together?
  • Are you aware of UK National Centre for Cyber Security (NCSC) advice of QKD and PQC?
  • Are you aware of any other national or international advice or standards related to QKD and PQC? How has this affected your decision-making, especially in comparison with NCSC advice?

The future

  • How do you see QKD technology, its role and its cyber security implications developing over the next 5 years? And do you foresee a difference between how things will develop in the UK in comparison with other countries?
  • For example, this might be changes in the technology underpinning QKD or the role of QKD within cyber security or its wider role within the wider use of commercial quantum technologies.

Close

  • That is the end of our questions, is there anything related to QKD that we haven’t covered that you would like to speak about?

B.4. Academics

Technology in use

  • Can you tell me about your research and how it relates to QKD?
  • Could you tell me which QKD technology your research focuses on?
  • Does your research involve access to QKD equipment and infrastructure? If so, could you briefly describe the setup and how it may differ from a commercial solution using QKD? Who are your main suppliers?

Purpose for using QKD

  • Could you tell us which applications or aspects of QKD your research is addressing, and why it is important?
  • For example, is your focus on networks (including satellites), cyber security, quantum tech components, or specific applications such as in finance or markets?

Benefits / opportunities

  • What benefits, if any, are associated with QKD technology, and in which applications/scenarios do these arise?
  • Can you provide any technical details on your view, please?
  • Do you see additional benefits arising in the near future?

Risks / challenges

  • What risks and challenges, if any, are associated with QKD technology, and in which applications/scenarios do these arise?
  • For example, these might be challenges and risks related to the cyber security capabilities of the technology implemented, or perhaps external factors?
  • Can you provide any technical details on your view, please?
  • Can you describe how this affects your preferences and decisions regarding QKD vs other key management systems?
  • In your view, how good is the operational availability of QKD? Compared with other key management systems?

Solutions

  • Given the risks you have described, what, in your view, might be the solutions to addressing them and maximising the benefits?
  • What is the role of academics in these solutions, for the current and projected tech/cyber security landscapes?
  • For example, these might be solutions related to the technology itself, internal factors or solutions provided externally via the QKD supply chain and/or public policy or government intervention. They might include interventions made by the government(s) in the country(ies) that you operate in.

The future

  • How do you see QKD technology, its role and its cyber security implications developing over the next 5 years? And do you foresee a difference between how things will develop in the UK in comparison with other countries?
  • For example, this might be changes in the technology underpinning QKD or the role of QKD within cyber security or its wider role within the wider use of commercial quantum technologies.

Close

  • That is the end of our questions, is there anything related to QKD that we haven’t covered that you would like to speak about?

B.5. Cyber security supply chain interviewees

Technology in use

  • Can you tell me about your organisation’s involvement in cyber security? What kind of solutions do you offer?
  • What kind of technologies do you use as part of your cyber security solution? Are there any non-technological elements of your solution?

Purpose for using QKD

  • Does/could your solution incorporate or interface with QKD in any way?
  • If so, how?
  • If not, is this something you would consider useful?
  • Is your choice to interface with/exclude QKD from your solution a conscious choice? Why?
  • Do you imagine this will change in the next 5 years?

Benefits / opportunities

  • From your perspective, is there a role for QKD in cyber security? If so, what is it?
  • What, if any, are the benefits or opportunities linked with QKD?
  • Can you provide any technical details on your view, please?

Risks / challenges

  • From your perspective, what are the key risks of incorporating QKD into cyber security solutions?
  • Can you provide any technical details on your view, please?

Solutions

  • Given the risks you have described, what, in your view, might be the solutions to addressing them and maximising the benefits?
  • Can you provide any technical details on your view, please?
  • Have you attempted to implement any of these solutions, and if so, what has been the result?

Other cyber security technologies

  • From your perspective, are there alternative solutions that can provide cyber security benefits similar to QKD? What are they? How do they work?
  • For securing current communications against future quantum computer threats
  • For detecting and preventing eavesdropping
  • How easy or difficult is it to incorporate QKD into a client’s cyber security operations, especially compared with other key management and encryption/decryption systems?
  • Are you aware of the UK National Centre for Cyber Security (NCSC) advice on QKD and PQC?
  • Are you aware of any other national or international advice or standards related to QKD and PQC? How has this affected your decision-making, especially in comparison with NCSC advice?

The future

  • How do you see QKD technology, its role and its cyber security implications developing over the next 5 years? And do you foresee a difference between how things will develop in the UK in comparison with other countries?
  • For example, this might be changes in the technology underpinning QKD or the role of QKD within cyber security or its wider role within the wider use of commercial quantum technologies.

Close

  • That is the end of our questions, is there anything related to QKD that we haven’t covered that you would like to speak about?

  1. NCSC Secure Communications Principles Guidance: https://www.ncsc.gov.uk/guidance/secure-communication-principles#principle3 

  2. Mathematical hardness being the difficulty in terms of resources needed (time and computing power/ memory) to solve mathematical problem. Also referred to as ‘computational hardness’ in the QKD literature and community. 

  3. https://www.ncsc.gov.uk/whitepaper/next-steps-preparing-for-post-quantum-cryptography https://www.ncsc.gov.uk/guidance/pqc-migration-timelines https://www.ncsc.gov.uk/whitepaper/quantum-networking-technologies 

  4. Research and Technology Organisations, which are institutes that bridge the gap between academic research and industrial application 

  5. Standard Industrial Classification in the UK is a 5-digit number that classifies businesses according to their economic activities. https://www.gov.uk/government/publications/standard-industrial-classification-of-economic-activities-sic 

  6. Note that one of the telecoms organisations is specialised in supplying academic institutions, which has led to its categorisation in the ‘academics’ group. 

  7. Three were classified as end-users, three as suppliers, one as academic – given the nature of the interview and their clientele, and the last one was classified as a non-adopter of QKD. 

  8. https://www.jpmorgan.com/technology/technology-blog/jpmc-toshiba-ciena-build-first-quantum-key-distribution-network-critical-blockchain-application#:~:text=In%20groundbreaking%20research%20with%20partners%20Toshiba%20and,for%20mission%20critical%20applications%20under%20real%20world%20environmental%20conditions. 

  9. https://www.mas.gov.sg/news/media-releases/2025/mas-and-industry-partners-publish-technical-report-on-proof-of-concept-sandbox 

  10. A QKD protocol that creates a ‘repeater-like’ effect, without the need for trusted nodes. 

  11. Competitively funded by Innovate UK under the National Quantum Technology Programme. https://qassure.org/ 

  12. https://www.etsi.org/technologies/quantum-key-distribution; https://www.iso.org/committee/10138914.html 

  13. https://vidos.id/blog/top-5-countries-leading-in-digital-identity-implementation 

  14. https://investinestonia.com/business-opportunities/cyber-security/e-identity/ 

  15. https://www.gov.uk/guidance/digital-identity 

  16. https://www.ibm.com/quantum/blog/quantum-advantage-era 

  17. https://web.mit.edu/6.857/OldStuff/Fall03/ref/Shamir-HowToShareASecret.pdf 

  18. These protocols aim to address the inherent vulnerabilities in QKD systems caused by emission of multi-photon pulses by varying intensity of pulses by combining normal intensity signals with weaker pulses. See https://arxiv.org/abs/2101.11283 

  19. https://www.nature.com/articles/nphoton.2013.63; https://arxiv.org/abs/2412.20265 

  20. https://www.nature.com/articles/s41586-018-0066-6 

  21. https://spectrum.ieee.org/satellite-qkd-china 

  22. https://spectrum.ieee.org/chinas-2000km-quantum-link-is-almost-complete 

  23. https://spie.org/news/photonics-focus/janfeb-2025/racing-for-quantum-supremacy-in-space 

  24. https://spectrum.ieee.org/quantum-key-distribution-commercial-fiber 

  25. https://www.kddi-research.jp/english/newsrelease/2025/032601.html; https://www.toshiba.eu/quantum/news/worlds-first-successful-demonstration-of-quantum-key-distribution-technology-for-multiplexing-over-30-tbps-of-high-capacity-data-and-secret-keys/ 

  26. https://www.globenewswire.com/news-release/2025/03/13/3042411/28124/en/Quantum-Key-Distribution-Global-Market-Forecast-to-2030-Growing-Deployment-of-Quantum-Communication-in-Satellite-based-Networks.html 

  27. https://www.etsi.org/committee/qkd?j=1770150274299; https://www.itu.int/en/ITU-T/jca/qkdn/Pages/default.aspx 

  28. https://selectec.com/beyond-the-code-why-a-products-commercial-model-is-its-greatest-feature/ 

  29. https://www.lightreading.com/security/2025-in-review-telecom-gets-entangled-with-quantum 

  30. https://www.jisc.ac.uk/janet 

  31. https://www.ndff.ac.uk/news/new-dark-fibre-communications-research-service-to-power-the-future-internet 

  32. https://www.cam.ac.uk/research/news/researchers-demonstrate-the-uks-first-long-distance-ultra-secure-communication-over-a-quantum 

  33. https://arxiv.org/html/2412.11898 

  34. Reported length as of 2023. https://indico.ph.qmul.ac.uk/event/1593/contributions/2432/attachments/779/532/20230114-IRIS-David_Richardson.pdf 

Back to top