Catalonia prepares digital identity systems for post-quantum security risks

The Cybersecurity Agency of Catalonia is preparing the region’s digital identity infrastructure for the post-quantum era with a €1.2 million (US$1.39 million) program to identify cryptographic vulnerabilities before quantum computing renders current encryption standards obsolete.

The initiative reflects growing concern among governments that quantum computing could eventually undermine the cryptographic foundations of digital identity systems, electronic signatures and trusted online public services. Future quantum systems could potentially break existing encryption, forge digital signatures or compromise secure communications and citizen identity infrastructure.

The Agency is mapping every cryptographic component currently used across the Administration to prevent this as it tests quantum‑resistant alternatives and develops a unified migration plan for all government ICT systems.

The work is structured around a comprehensive inventory of cryptographic assets, testing of post‑quantum algorithms in administrative environments and creating a roadmap that will guide the transition of core systems.

These three strands of the initiative align with recommendations from the European Commission, Spain’s National Cryptologic Center and bodies such as NIST and ETSI. It is funded through the EU’s RETECH programme under the Recovery, Transformation and Resilience Plan, with support from INCIBE.

Catalonia’s government believes in protecting public services that increasingly rely on digital identity mechanisms. Everyday interactions depend on digital certificates, encrypted connections and electronic signatures. Health data exchanged through platforms such as La Meva Salut, along with scientific, industrial and intellectual property information, all rely on cryptographic protections that could become vulnerable in a post-quantum environment, potentially allowing attackers to intercept sensitive data or impersonate citizens and organizations.

The post-quantum cryptography programme forms part of a wider €10 million ($11.6 million) investment by the Generalitat to strengthen digital sovereignty, secure communications and quantum-safe infrastructure. This includes building a quantum‑based secure communications infrastructure and contributing to EuroQCI, the EU’s planned quantum communications network for protecting critical infrastructure and sensitive data.

The effort also aligns with broader Spanish investments in digital identity and verifiable credentials infrastructure.

The Spanish Society for Technological Transformation (SETT), an agency under the Ministry for Digital Transformation and Public Administration, has invested €500,000 (US$573,000) in Sybolid Identity (Sybol).

Article Topics

cybersecurity  |  digital identity  |  digital sovereignty  |  post-quantum cryptography  |  Spain