When Quantum Capability Becomes Infrastructure
- Brian Couzens
- Jun 19
- 9 min read
Beyond Encryption: How Quantum Capability Is Creating New Forms of Systemic Risk

Somewhere along the way, quantum risk became shorthand for broken encryption.
Mention quantum in a boardroom, regulatory meeting or security programme and the conversation quickly turns to cryptography, harvest now decrypt later attacks and migration plans.
Those concerns are real.
They are also only part of the story.
A much larger shift is underway.
Quantum technologies are beginning to move from scientific research into engineering reality. As they do, they create new forms of capability, new dependencies and entirely new categories of risk.
The problem is that much of the conversation remains trapped in a cryptographic mindset.
Quantum is no longer just a computing story.
It is becoming a communications story.
A sensing story.
An optimisation story.
A supply chain story.
And ultimately, a trust story.
That distinction matters because every increase in capability creates a corresponding increase in dependency.
And dependency is where risk begins.
Post-Quantum Cryptography Is Necessary. It Is Not The Whole Answer.
The migration to quantum-resistant cryptography is one of the largest security transitions currently underway.
Standards are emerging.
Vendors are adapting.
Organisations are beginning to assess what migration actually looks like in practice.
That work matters.
Driven in part by NIST's post-quantum cryptographic standardisation programme, the industry is finally moving from theory to implementation.
But there is a danger in treating Post-Quantum Cryptography as synonymous with quantum readiness.
It is not.
PQC addresses the risk that future quantum computers may compromise today's public-key cryptography.
It does not address quantum sensing.
It does not address quantum communications.
It does not address simulation, optimisation, dependency, governance or assurance.
PQC solves a cryptographic problem.
Quantum Risk is a much larger problem.
The distinction is important.
A Different Quantum Conversation Is Emerging
Recent workshops and engineering forums hosted by organisations such as Caltech, NIST, ETSI and other leading research institutions reveal a noticeable shift in focus.
The conversation is moving beyond theoretical demonstrations.
Attention is turning toward engineering, deployment, scalability, integration and operational reality.
That is an important signal.
Scientific curiosity creates innovation.
Engineering creates dependency.
When technologies become operational, questions of governance, assurance and trust quickly follow.
That is where the next phase of quantum risk begins.
This shift is not theoretical. More than thirty nations now maintain national quantum initiatives, while standards bodies including NIST and ETSI are actively shaping the future of quantum cryptography, communications and interoperability.
The question is no longer whether quantum technologies will influence critical infrastructure.
The question is how quickly.
The Question Nobody Is Asking
Before discussing individual quantum technologies, it is worth addressing a more fundamental issue.
How will we know they are doing what they claim?
Trust has traditionally been built on something simple: independent verification.
If a system makes a claim, we test it.
If a vendor makes an assertion, we validate it.
If an outcome matters, we reproduce it.
Quantum begins to challenge that model.
Certain quantum processes are probabilistic by design.
Some outcomes may be difficult to reproduce classically.
Others may require specialised hardware that the verifier does not possess.
The consequence is subtle but important.
Historically:
Trust = Evidence
Increasingly:
Trust = Evidence + Institution + Platform + Provider
Organisations may become dependent on vendor assurances, platform attestations, certifications and institutional trust rather than direct verification.
This is not simply another risk category.
It represents a potential shift in the foundations of trust itself.
Understanding this shift may become one of the defining governance issues of the quantum era.
Quantum Computing: The Capability Everyone Talks About
Quantum computing remains the technology that dominates headlines.
It is also the technology most closely associated with quantum risk.
Universal quantum computers promise the ability to tackle classes of problems that remain difficult or impractical for classical systems.
Potential applications range from scientific modelling and machine learning through to advanced optimisation and cryptanalysis.
The associated risks are reasonably well understood.
Cryptographic disruption receives most of the attention.
Beyond that sit issues such as nation-state advantage, concentration of computational capability and unequal access to advanced computing resources.
Quantum computing deserves attention.
It simply should not monopolise the conversation.
Quantum Simulation: The Capability Nobody Is Talking About
While public attention remains fixed on quantum computers, quantum simulation may ultimately deliver some of the earliest and most significant commercial value.
The idea is straightforward.
Use one quantum system to model another.
Applications include:
• pharmaceutical discovery
• advanced materials
• battery technologies
• chemical engineering
• energy systems
Better batteries.
New materials.
Accelerated drug discovery.
Faster scientific breakthroughs.
The opportunity is easy to understand.
The risk discussion is far less mature.
What happens when a small number of organisations can dramatically accelerate discovery?
What happens when simulation capabilities create meaningful asymmetries in research, development and intellectual property?
What happens when breakthroughs have dual-use implications?
The first major quantum advantage may arrive through simulation rather than cryptography.
If it does, the resulting competitive imbalance could be significant.
Article content
Quantum simulation - discovery accelerated. Validate claims, protect IP, and plan for dependency before adoption.
Quantum Annealing: Optimisation Without Universal Computing
Quantum annealing rarely receives the same level of attention as universal quantum computing.
That is a mistake.
Many real-world problems are optimisation problems.
Scheduling.
Resource allocation.
Supply chains.
Manufacturing.
Logistics.
Portfolio management.
Quantum annealing focuses specifically on solving these challenges through quantum tunnelling and energy minimisation techniques.
Small optimisation improvements can generate substantial commercial value.
The associated risk is less obvious.
As optimisation systems become more capable, organisations may begin trusting outcomes they cannot fully explain, validate or independently assure.
The challenge is not optimisation.
The challenge is understanding where trust should be placed.
Article content
Quantum annealing - optimisation in action.
Quantum Sensing: When Measurement Becomes Power
Encryption protects information.
Quantum sensing changes who gets to collect it in the first place.
For decades, information advantage largely came from processing data more effectively than competitors.
Quantum sensing changes the equation.
The advantage increasingly comes from measuring reality itself with greater precision than anyone else.
Applications include:
• navigation
• timing
• environmental monitoring
• infrastructure assessment
• defence
• scientific research
The commercial opportunities are substantial.
The governance implications may be even larger.
Who owns highly precise measurements of the physical world?
Who controls access to them?
Who benefits from the asymmetry they create?
These questions sit at the heart of what may become one of the defining issues of the quantum era:
Measurement Sovereignty.
The ability to observe reality more accurately than everyone else creates a very different kind of power.
Article content
Illustrative only = Quantum sensing - when measurement becomes power. Emerging capability: validate claims, map dependencies, and demand independent assurance.
A Simple Scenario
Imagine a regional energy operator using quantum gravimetry to monitor underground infrastructure.
The sensing platform works exactly as advertised.
The measurements are accurate.
Maintenance improves.
Operational costs fall.
Over time, however, the organisation becomes dependent on a single provider for the sensing platform, the analytics engine and the validation process.
The capability creates value.
The dependency creates risk.
If access, pricing, assurance or availability changes, the organisation may discover that its greatest vulnerability is not technical failure but operational dependence.
This is the pattern that sits behind many emerging quantum risks.
Quantum Communications: Security, Trust and Reality
Quantum communications promise new approaches to transmitting information securely.
This includes developments in:
• quantum networking
• quantum key distribution
• free-space optical communications
• advanced photonic communication architectures
The marketing can sometimes be more impressive than the reality.
Quantum does not automatically mean secure.
Quantum communication systems may provide strong theoretical security properties, but even when the underlying protocol is sound, implementation vulnerabilities, side-channel attacks and operational weaknesses remain important considerations.
The lesson is simple.
Trust does not emerge automatically because quantum technology is involved.
Trust still needs to be earned, validated and maintained.
The future problem may not simply be securing communications.
It may be proving that they can be trusted.
Article content
Quantum communications - secure links across distance.
Quantum Optimisation: When Decisions Become Dependent
Quantum optimisation sits adjacent to quantum annealing but represents a different path.
Instead of specialised optimisation hardware, quantum optimisation focuses on gate-based algorithms operating on universal quantum computing platforms.
Examples include:
• Quantum Approximate Optimisation Algorithm (QAOA)
• variational quantum algorithms
• hybrid optimisation techniques
• future fault-tolerant optimisation approaches
Every major industry relies upon optimisation.
Finance.
Manufacturing.
Energy.
Logistics.
Defence.
The risk is not necessarily that optimisation systems fail.
The risk is that organisations gradually surrender critical decision-making processes to systems that become increasingly difficult to explain, validate and independently assure.
Dependency often develops slowly.
Then suddenly.
Article content
Quantum optimisation - better decisions, smarter systems
Hybrid Systems: Where Trust Boundaries Become Blurred
The near-term future is unlikely to be fully quantum.
It is far more likely to be hybrid.
Classical systems connected to quantum capabilities.
Traditional infrastructure integrated with specialised quantum services.
These architectures offer practical pathways to adoption.
They also introduce new security and governance questions.
Hybrid environments create trust boundaries between classical and quantum systems.
These classical-quantum interfaces and orchestration layers may become difficult to secure, monitor and independently assure.
The result is not simply more complexity.
It is infrastructure that becomes structurally harder to reason about from a trust, governance and security perspective.
Complex systems fail in complicated ways.
The Risks Behind The Technology
Although the technologies differ, several themes repeatedly emerge.
Supply Chain and Infrastructure Risk
Quantum systems depend upon specialised hardware, photonics, cryogenic technologies, fabrication capabilities and highly specialised suppliers.
Dependency on a small number of providers creates concentration risk.
Concentration creates fragility.
Fragility creates exposure.
Standards and Interoperability Risk
The organisations that shape standards often influence markets long before technologies mature.
Quantum networking.
Quantum communications.
Assurance models.
Certification approaches.
Interoperability frameworks.
The future quantum economy will be influenced as much by standards as by technology itself.
Talent and Knowledge Concentration Risk
Quantum expertise remains concentrated within a relatively small number of organisations, academic institutions and government programmes.
This creates a less visible form of dependency.
Access to capability often follows access to expertise.
Economic Concentration Risk
Cloud computing concentrated capability because hyperscalers had more infrastructure.
Quantum may take that dynamic even further.
Access to advanced quantum services may depend upon specialised hardware, cryogenic systems, fabrication capability, photonics expertise and highly specialised talent, all at the same time.
That raises an uncomfortable possibility.
Quantum may not simply replicate the concentration dynamics of cloud computing.
It may exceed them due to higher capital barriers, fewer viable hardware providers, specialised infrastructure requirements and deeper technical opacity.
A small number of providers could find themselves controlling not only access to capability, but also the ability to verify that capability independently.
That is a very different level of dependency.
The Defining Risk Of The Quantum Era
A Practical Question For Boards
Boards, regulators and technology leaders should begin asking a new question:
What dependencies are being created by the quantum capabilities we are adopting?
Every significant quantum procurement should be assessed not only for technical performance, but also for dependency, assurance, governance and concentration risk.
The technology may be new.
The principles of good governance are not.
The greatest quantum risk is not cryptographic disruption.
The greatest quantum risk is dependency.
Every successful capability eventually becomes a trusted service.
Every trusted service eventually becomes critical infrastructure.
Every critical infrastructure dependency introduces systemic risk.
The same technologies that create extraordinary opportunities will also create new concentrations of capability.
They will accelerate discovery.
They will improve efficiency.
They will increase precision.
They will create entirely new industries.
They will also create new dependencies, new governance obligations, new assurance challenges and new forms of systemic vulnerability.
Capability and risk evolve together.
Final Thoughts
The question organisations should be asking is no longer:
"When will quantum arrive?"
The evidence suggests it already has.
The more useful question is:
"What happens when quantum capability becomes infrastructure?"
Because that is when dependency begins.
And dependency changes everything.
The next decade will deliver advances in computing, sensing, communications, simulation and optimisation that would have seemed improbable only a few years ago.
It will also introduce new concentrations of power, new assurance challenges and entirely new trust models.
The organisations that succeed will not be those that simply adopt quantum technologies first.
They will be the organisations that understand where capability ends and dependency begins.
Over the coming weeks, SITG will publish a dedicated white paper introducing the Quantum Capability Risk Framework (QCRF), a structured approach for evaluating emerging quantum technologies through the lenses of capability, dependency, trust, governance and concentration.
Three Actions Organisations Can Take Today
1. Map Dependencies
Understand where emerging quantum capabilities are creating operational, supplier or assurance dependencies.
2. Demand Independent Assurance
Ask how claims are validated, what evidence exists and who can independently verify outcomes.
3. Avoid Concentration By Design
Consider supplier diversity, portability and governance requirements before dependency becomes embedded.
The quantum future will create enormous opportunity.
The real challenge will be deciding what, and who, we are prepared to trust.
Article content
Copyright Notice
© 2026 SITG-Consulting and Brian Couzens. All rights reserved.
This publication may be shared, referenced and quoted in part provided full attribution is given to SITG-Consulting, Brian Couzens and the original publication source. No part of this publication may be reproduced, republished, modified, distributed, incorporated into derivative works or commercially exploited without prior written permission from the copyright holders.
Disclaimer
This publication is provided for informational and educational purposes only and does not constitute legal, regulatory, financial, investment or professional advice.
The views, opinions and analysis expressed herein are those of the author at the time of publication and are subject to change as technologies, standards, regulations and industry practices evolve.
Whilst every reasonable effort has been made to ensure the accuracy of the information presented, SITG-Consulting and Brian Couzens make no representations or warranties, express or implied, regarding the completeness, accuracy or suitability of the information contained within this publication. Readers should undertake their own independent assessment and obtain appropriate professional advice relevant to their specific circumstances.
References to technologies, products, standards, organisations, vendors or research activities are provided for illustrative and educational purposes only and should not be interpreted as endorsements or recommendations.
Quantum Capability Risk Framework (QCRF) Notice
The Quantum Capability Risk Framework (QCRF), including its concepts, terminology, structure, methodology, models and supporting materials, is the intellectual property of SITG-Consulting and Brian Couzens.
The framework is provided for research, education and discussion purposes. Commercial use, redistribution, adaptation, derivative works, incorporation into third-party methodologies, products, services, software or consulting offerings without prior written permission from SITG-Consulting and Brian Couzens is prohibited.
The authors reserve all rights relating to the future development, publication, licensing and commercial application of the Quantum Capability Risk Framework (QCRF).
For licensing, collaboration, research or commercial enquiries, please contact SITG-Consulting directly.


Comments