QuSmart.AI Insights

Encryption Upgrade is Required—But PQC Isn’t Mandated

With QuSmart.AI’s Perfect Secrecy solutions, businesses can create a quantum secure system to protect data.

Picture of Tracy Levine, QuSmart.AI Co-Founder, CEO/CAIO

Tracy Levine, QuSmart.AI Co-Founder, CEO/CAIO

Cryptography Patent Writer

As quantum computing approaches, businesses are facing the undeniable need to upgrade their encryption methods. NIST has mandated encryption upgrades to secure data against future quantum threats. However, while NIST strongly encourages the adoption of Post-Quantum Cryptography (PQC), businesses operating closed networks and critical infrastructure are not required to adopt PQC. In fact, relying on PQC or other quantum-resistant encryption solutions could expose organizations to significant risks—both now and in the future.

NIST’s Stance: Upgrade Encryption, But PQC Is Not Mandated

NIST has been clear that current encryption methods will be vulnerable to future quantum attacks. The need to upgrade encryption methods is mandated, but businesses are not required to choose PQC, particularly in closed networks. Industries such as finance, telecommunications, and healthcare, which operate with highly controlled internal infrastructures, have the option to adopt quantum-secure encryption methods that may offer stronger protection than PQC.

Businesses with closed networks—networks that operate internally with minimal external access—have a distinct advantage. These environments allow companies to implement more advanced encryption solutions without the same concerns that open networks face. In such settings, Perfect Secrecy and One-Time Pad (OTP) encryption offer the strongest available protection. These quantum-secure encryption methods provide unbreakable security without requiring the constant updates and crypto agility that PQC demands.

Perfect Secrecy and OTP encryption are ideally suited for closed networks because they do not rely on asymmetrical keys or require continuous monitoring for vulnerabilities. Instead, they offer long-term, future-proof security that protects your data from both current and future quantum threats.

Fiduciary Responsibility: Choosing the Most Secure Encryption

For businesses in regulated industries, or those holding high-value data—such as customer information, financial records, or proprietary business data—the decision on which encryption method to adopt is more than just a technical choice; it is a fiduciary duty. Choosing PQC or quantum-resistant encryption, which requires constant updates and agility, may not be enough to fully protect your organization’s critical assets.

Shannon’s Perfect Secrecy and OTP encryption, on the other hand, provide quantum-secure, future-proof protection. By adopting these solutions, businesses can ensure their data remains safe without the operational burden of crypto agility. Failing to select the most secure encryption available could not only expose your organization to future risks but could also be seen as negligence or a breach of fiduciary duty by regulators, shareholders, or customers.

The Legal Risks of Relying on PQC in Closed Networks

For businesses managing closed networks and critical infrastructure, selecting an inferior encryption solution like PQC could lead to serious legal consequences. If a company fails to adopt stronger, more secure encryption and suffers a data breach as a result, it could face:

  • Class action lawsuits for data breaches: Customers or clients whose sensitive data is compromised in a breach may file class action lawsuits, seeking compensation for damages resulting from the exposure of their personal or financial information.

  • Shareholder lawsuits for breach of fiduciary duty: Shareholders may file lawsuits if they believe the company’s leadership failed to take adequate measures to protect critical business assets, resulting in a breach of fiduciary responsibility. If it is shown that there was a more secure encryption option available (such as Perfect Secrecy or OTP) and it wasn’t adopted, this could strengthen the case for a breach of duty of care.

  • Regulatory penalties and lawsuits for non-compliance: Many industries are subject to strict data protection regulations (e.g., GDPR, HIPAA, PCI-DSS). If a company fails to adequately protect customer or proprietary data, regulators may impose fines or initiate legal action, resulting in significant financial penalties and reputational damage.

Choosing a less secure encryption option in the face of these risks could be seen as a failure to act in the best interest of the company, shareholders, or customers. By contrast, adopting Shannon’s Perfect Secrecy or OTP encryption provides superior, quantum-secure protection that minimizes the potential for costly breaches and the associated legal fallout.

Perfect Secrecy and OTP Encryption: The Best Choice for Closed Networks

Perfect Secrecy and OTP encryption offer businesses a quantum-secure, future-proof solution that is both faster and easier to manage than PQC. These encryption technologies eliminate the need for asymmetrical keys and continuous updates, making them ideal for closed networks and critical infrastructure. By choosing these advanced encryption methods, businesses can protect their data, meet regulatory requirements, and safeguard themselves against the risks of future quantum attacks.

Protect Your Business From Legal Risks

NIST’s encryption upgrade mandate is a critical reminder that businesses must prepare for the future of quantum computing. However, PQC is not the only option—nor is it necessarily the best one for companies operating closed networks and critical infrastructure. Perfect Secrecy and OTP encryption offer the most secure, long-term solution without the complexities and ongoing monitoring that PQC requires.

For businesses managing sensitive data and infrastructure, the decision to adopt the most secure encryption method available is not just about technical performance—it’s about fulfilling a fiduciary responsibility to shareholders and customers. Failing to do so could expose your company to class action data breach lawsuits, shareholder lawsuits for breach of fiduciary duty, and regulatory penalties.

The time to act is now—choose the encryption solution that provides the highest level of protection and secures your company’s future.

QuSmart.AI is a women-founded Quantum Security company with patent pending technology for perfect secrecy solutions that are quantum proof AI solutions.

Scroll to Top