Toespraak staatssecretaris Van Marum tijdens het symposium Post Quantum Cryptography
Eddie van Marum hield een toespraak tijdens het symposium Post Quantum Cryptography op 2 december 2025.
Ladies and gentlemen,
It’s an honour to speak here.
I’m not sure I’ve ever been in a room with so much specialised knowledge in cryptography, quantum threats and digital infrastructure.
And I believe it’s important we connect. Because you work on a problem that reaches the desks of decision-makers far too little.
And if not addressed, that puts us at risk. If we don’t prepare for post-quantum cryptography in time, a lot can go wrong.
But for many people that is still hard to imagine. And I will be honest with you: I didn’t know much about cryptography or quantum computing myself, until I became State Secretary for Digitalisation.
But I do know how to get an issue onto the political agenda.
And that’s exactly what I want to focus on today, because the transition you are working on is urgent.
I believe we won’t achieve this transition by talking only about cryptographic code and maths. My policy is always the same: start with people, not with systems. And in a way that applies here as well.
Many people outside this room - and yes that may well include policymakers - assume cryptography is something buried deep inside a system, far away from their daily life.
But as you all know, it isn’t.
It protects every card payment, every hospital file, every login.
If we are too late, and the cryptography of vital systems can be deciphered by quantum computers, the consequences will reach far.
And it’s not only about systems, sensitive information could also become accessible.
It’s uncomfortable to talk about these risks, but everyone in this room knows what they are, so I will mention just a few.
Payment systems could be disrupted.
Our water supply could be affected.
Traffic control centres could be interfered with.
Because anywhere we rely on confidential data, that information could be vulnerable if current cryptography fails.
No one wants this to become a reality. That’s why we’re here together.
Not only to discuss the technical work, but also to ask: how do we get this clearly on the radar of decision-makers?
And I know you are already working hard on this - real progress has been made.
The European Commission has recommended that all Member States develop a PQC strategy. The first high level EU roadmap for the transition to PQC has been accepted by all EU member states. And it’s now publicly available.
That is encouraging.
But we all know we have to take further steps. This issue must resonate beyond this room: in ministries, in municipalities. But also in companies that supply the IT systems our organisations depend on.
And, in time, among citizens as well.
Of course, most people have heard of the quantum computer. They see the great potential and the innovations it could drive. But with those advantages comes a responsibility: addressing the threat it poses to today’s cryptography.
And that responsibility requires major investments - while the benefits are not immediately visible. Because you’re improving something people never see: the cryptographic foundations under our vital systems.
And that makes it harder to secure the political support we need.
That’s why we all share a responsibility to make the risks visible,
in clear language, with scenarios that stay with decision makers
and, in time, with citizens as well.
Many of you have used the phrase “harvest now, decrypt later” for years.
You know exactly what it means, but most decision-makers still don’t.
I had never fully realized how straightforward and simple the principle is:
encrypted data stolen today can be unlocked years later, simply by waiting for stronger computing power.
And that is why we have to keep telling this story — in terms people can understand. By showing what it could lead to:
data that seems safe today becoming readable tomorrow
access to systems we thought were protected
and disruptions that can affect the daily lives of millions.
In short: essential services, from payments to power, suddenly failing.
This kind of plain language is essential, because it’s the only way to ensure that urgency is felt beyond this room.
If we want this transition to succeed, not only experts but also politicians, entrepreneurs, IT-providers, and eventually citizens, must feel what is at stake.
Of course, you have already taken major steps.
The European roadmap for post-quantum cryptography is clear, practical and indispensable. I hope it will eventually hang in every boardroom.
The starting point is simple: you can only protect what you know.
So the first actions are straightforward:
know where your cryptography is used,
understand your dependencies,
raise awareness,
involve your stakeholders,
create a national plan.
Many organisations, even big ones, are not there yet.
And there is no time to lose.
That is why the roadmap points to 2030, the year our most important systems must be quantum-secure. To meet this deadline, Europe must move as one. Member States must work together and help each other.
Because digitalisation doesn’t stop at borders.
That’s why it matters that so many countries are here together today and tomorrow.
You’ll spend the next two days diving deep into the technical work.
I won’t be in those sessions, which means you can speak freely, in the language of experts. That’s probably a relief.
But once you step outside this room, we all share the same responsibility: to explain this work to as many people as possible, so they can support it.
I wish you all the best as we take the next steps toward a quantum-safe Europe.