Quantum Communications
Quantum Key Distribution, quantum networks, and the quantum internet: what's real today, what's coming, and when — if ever — your business should care.
1. What it is, in one paragraph
2. How it actually works, without the physics lecture
3. The current state: real deployments, narrow applicability
4. The protocol and technology landscape
5. Beyond QKD: quantum networks and the quantum internet
6. Where it matters for your business, by sector
7. What implementing QKD actually looks like
8. Crypto-agility, the most important architectural decision you'll make
9. A practical roadmap for those with a real use case
10. Common pitfalls to avoid
11. When to act — and when explicitly not to
Quantum Communications is the use of quantum-mechanical properties of light — particularly the fact that measuring a quantum state disturbs it — to transmit information in ways that classical physics cannot. The most developed application is Quantum Key Distribution (QKD): a protocol for two parties to share a cryptographic key over an optical channel, with a mathematical guarantee that any attempt to eavesdrop will be detected. The longer-term vision is a quantum internet — a network that transmits not just classical bits derived from quantum measurements, but actual quantum information, enabling distributed quantum computing, ultra-precise distributed sensing, and new forms of authentication. QKD is deployed commercially today in a handful of specialised scenarios. The full quantum internet is a decade or more away.
This is the hardest pillar to assess honestly because the hype-to-reality gap is the largest. Most organisations do not need QKD. A small, well-defined set genuinely do. Knowing which camp you are in is the entire purpose of this page.
Four practical facts matter.
First, quantum communication rides on single photons. The information unit is an individual particle of light whose quantum state — typically polarisation or phase — encodes a bit. Because you cannot measure a quantum state without disturbing it (the no-cloning theorem), any eavesdropper inevitably introduces errors that legitimate users can detect statistically.
Second, QKD does not transmit the data — it transmits the key. A common misunderstanding is that QKD sends your encrypted data over a quantum channel. It does not. QKD produces a shared secret key between two endpoints; that key is then used by a classical symmetric cipher (typically AES-256) to encrypt the actual data over ordinary networks. QKD is a key-distribution mechanism, not a transport protocol.
Third, the range is limited, and fundamentally. Photons get absorbed in optical fibre. Over standard telecom fibre, the effective range of direct QKD is around 100–150 km. Beyond that, you need trusted nodes (intermediate stations that re-generate the key — which means you must trust them), quantum repeaters (devices that extend range without trust, still in research), or satellites. This distance limit is not an engineering bug to be fixed next year; it is a consequence of physics.
Fourth, it needs specialised hardware at both ends and dark fibre in between. QKD terminals cost tens of thousands of euros each; dedicated or carefully-managed fibre is typically required; key rates are modest (kilobits per second, not gigabits). It is neither cheap nor easy to deploy, which is part of why commercial uptake has been narrow.
Despite two decades of development, QKD remains a specialised technology with narrow commercial footprint. The reason is not technical failure — QKD works — but economic and strategic: for almost every commercial use case, post-quantum cryptography (PQC) solves the same problem at a fraction of the cost and complexity (see our Quantum-Safe Security pillar). This has shaped where QKD is actually being deployed.
Where QKD is live today:
National backbones, primarily in China (the most extensive deployment, including the 2,000 km Beijing–Shanghai link and the Micius satellite relay), but also government-sponsored networks in South Korea, Japan, Singapore, Switzerland, the UK (via Cambridge and BT), Germany, Italy, Spain, Austria, and several other European states, often under the EU's EuroQCI programme.
Inter-datacentre links for a small number of banks, exchanges, and telcos. Examples include JP Morgan pilots, BT/Toshiba UK deployments, Deutsche Telekom, SK Telecom, and a Swiss banking consortium.
Government and defence networks — the single largest class of real users, typically classified and not publicly discussed.
Satellite QKD. China's Micius satellite demonstrated intercontinental QKD in 2017. Multiple European, Japanese, and US satellite QKD missions are in progress or planned.
Pilot campus networks inside specific research institutions and critical-infrastructure operators.
Where official guidance is sceptical of QKD for general commercial use. The national cybersecurity agencies of the Five Eyes and major European states have been unusually united on this:
The US NSA states that it "does not support the use of QKD to protect communications in National Security Systems" and recommends PQC as the primary response to the quantum threat.
The UK NCSC states that "NCSC does not endorse the use of QKD for any government or military applications" and recommends PQC.
The French ANSSI is similarly sceptical of QKD as a replacement for classical key exchange, though France continues to invest in QKD research.
The German BSI permits QKD in specific settings but consistently positions it as complementary to, not a replacement for, PQC.
The European Union's ENISA describes QKD as "immature for large-scale deployment" in general commercial settings while supporting research through EuroQCI.
The agencies' arguments are technical: QKD requires trusted hardware (side-channel attacks on QKD devices have been demonstrated), requires authenticated classical channels anyway (which themselves require cryptography), does not protect stored data, and solves only a subset of the problems that PQC solves at much lower cost.
None of this means QKD is useless. It means QKD is a specialised tool for specialised scenarios, not a general-purpose solution.
You don't need to choose a protocol — your vendor will. But understanding the landscape helps evaluate proposals.
BB84 (1984, Bennett and Brassard): the original QKD protocol. Uses polarisation encoding on single photons. Basis of most commercial QKD today.
E91 (1991, Ekert): uses entangled photon pairs. Theoretically elegant (security is tied to Bell inequality violation); practically less common in commercial systems.
Decoy-state BB84: a variant of BB84 that closes a major security loophole around realistic (non-single-photon) light sources. The de facto commercial standard.
Continuous-Variable QKD (CV-QKD): uses standard telecom components (coherent light, homodyne detection) rather than single-photon detectors. Cheaper hardware, shorter range, easier integration with existing telecom networks. Commercially promising for metro-scale deployments.
Measurement-Device-Independent QKD (MDI-QKD): designed to close side-channel attacks on detectors — a class of real-world vulnerabilities discovered in early QKD systems. Adds complexity but increases assurance.
Twin-Field QKD (TF-QKD): a recent variant that extends range to ~500 km over fibre. Still emerging; important direction for backbone deployments.
Device-Independent QKD (DI-QKD): the theoretical gold standard — security proven with no assumptions about hardware trust. Still largely experimental; recent proof-of-principle demonstrations but far from commercial.
Quantum Random Number Generation (QRNG): often bundled with QKD and confusingly marketed alongside it. QRNG is a real, useful, mature product — it produces high-quality randomness from quantum-mechanical sources for cryptographic key generation. QRNG is not QKD. It runs standalone, does not require an optical link, and is widely deployed. If a vendor pitches "quantum security" to you, ask whether they mean QRNG or QKD. They are different products with different value propositions.
QKD is a first-generation application. The longer-term vision is a quantum internet — a network that transports quantum information itself, enabling applications that no classical network can provide.
Distributed quantum computing. Connecting multiple quantum processors over a quantum network would let them operate as a single larger machine. This is one of the credible answers to the scaling problem of quantum computing.
Blind quantum computing. A user with a small quantum device could run a computation on a large remote quantum server without the server learning anything about the computation. A privacy-preserving quantum cloud.
Ultra-precise distributed sensing. Networks of entangled clocks or sensors would achieve precision beyond any individual instrument. Applications include geodesy, navigation, fundamental physics, and — intriguingly — dark-matter searches.
Quantum-authenticated identity. Entanglement-based protocols that provide authentication with stronger guarantees than classical cryptography.
The building blocks — quantum memories, quantum repeaters, entanglement distribution — are active research. The EU's Quantum Internet Alliance, the US-DOE's quantum network initiatives, China's ongoing programme, and commercial efforts from companies like Aliro, Qunnect, and PsiQuantum are all pushing the field forward. A continent-scale quantum internet is a 2035+ proposition. Small-scale metropolitan quantum networks for specific applications may arrive earlier.
This matters for your business strategy only if you operate in a sector where early access to quantum networks would be strategic — which today means national laboratories, hyperscalers, defence primes, and a small number of financial institutions. For everyone else, this is a horizon-scan topic, not a 2026 investment question.
Be ruthless about this section. The set of organisations for whom QKD makes economic sense today is small.
Government, defence, and national intelligence are the clearest fit. Long-term confidentiality of specific communications — diplomatic cables, weapons-system telemetry, intelligence collection, strategic command-and-control — has value horizons of decades and threat models that include nation-state adversaries willing to invest heavily. In classified settings, the "defence in depth" argument for QKD alongside PQC is accepted by many programmes even when the civilian agencies' public guidance is sceptical.
Central banks, sovereign payment infrastructure, financial market utilities are the second clearest fit. Specific links — central-bank inter-agency lines, key settlement-system backbones, SWIFT alternatives — carry traffic whose compromise would have systemic consequences and whose secrecy horizon is long. Some of these organisations have deployed QKD pilots; some will deploy production systems.
Long-haul critical-infrastructure operators — energy transmission system operators, water utilities, nuclear regulators, air-traffic control — have niche but real use cases for QKD on specific high-value links, particularly where the infrastructure is physically dispersed and the threat model includes sophisticated state actors. Most deployments are pilot-scale and grant-funded.
Large commercial banks and insurers have explored QKD for inter-datacentre links carrying sensitive data — securities trading data, KYC data, customer records under long-retention obligations. The business case is real but not overwhelming: PQC plus good operational security solves most of the same problems. Expect continued pilots, modest production deployment in the most security-conscious institutions.
Telecommunications operators have a dual role: as potential buyers of QKD equipment for their own network security, and as providers of QKD services to enterprise customers. EU operators (Telefónica, Deutsche Telekom, Orange, BT) are actively engaged via EuroQCI. The commercial market they are building is still small but real.
Research-intensive industries (pharma, aerospace, advanced manufacturing) with extremely high-value trade secrets and known state-actor interest may justify QKD for specific internal links. Rare but real.
Cloud providers, SaaS platforms, consumer internet services, retail, professional services, SMEs: QKD is not your tool. PQC plus operational security is. Do not let anyone sell you otherwise.
The practical rule of thumb: if your organisation cannot name a specific communication channel, carrying specific data, with a specific threat model, whose compromise would cause catastrophic damage even 15 years from now, you do not need QKD. You need PQC.
For the organisations that do have a real use case, here is what deployment involves.
The endpoints. Two QKD terminals, one at each end of the link. Current commercial terminals from vendors like ID Quantique, Toshiba, QuantumCTek, Qbird, KEEQuant, Quantinuum, and LuxQuanta cost roughly €40K–€200K per endpoint depending on technology and performance. Lifetime support, maintenance, and occasional firmware updates are non-trivial recurring costs.
The channel. Dark fibre or a carefully managed wavelength on a lit fibre. Co-existence of QKD with classical traffic on the same fibre is technically possible but engineering-intensive; most deployments use dedicated dark fibre for simplicity. This is a material operational expense.
Range and topology. For point-to-point links under ~100 km, direct QKD works. Longer distances require either trusted nodes (adds trust assumptions and physical security requirements at each intermediate site), quantum repeaters (not commercially available), or satellite links (expensive, scheduled, not always-on). Plan your topology around these constraints, not around what you'd wish to have.
Integration with existing cryptography. QKD produces symmetric keys; you still need classical authentication of the two endpoints (typically PQC-based), classical networking for the authenticated classical channel, and integration with your existing key-management infrastructure. QKD terminals typically expose keys via standardised APIs (ETSI GS QKD 014 is the main one) to downstream encryption devices. None of this is plug-and-play; integration is a custom engineering project.
Operational security. QKD is only as strong as the physical and operational security of its endpoints. If an adversary can tamper with a QKD terminal or its operating environment, side-channel attacks become possible. Real QKD deployments include tamper-evident casings, access controls, audit regimes, and regular re-certification.
The team you need. A production QKD deployment touches: the security architecture team (for cryptographic design and key management integration); the network engineering team (for fibre, wavelengths, operations); physical security (for endpoint protection); procurement and legal (for vendor contracts and regulatory approval); and typically an external specialist partner because no in-house enterprise team has deep QKD operational experience. This is not a weekend project.
If yFor a single production point-to-point QKD link of modest range (~50 km, one pair of endpoints, commercial off-the-shelf hardware), realistic all-in costs including hardware, fibre, integration, and first-year operations are in the €500K–€1.2M range. Multi-node networks scale accordingly, with non-linear cost growth from trusted-node management. Satellite-based QKD is presently available only through research or national-programme arrangements; commercial offerings are emerging but not mainstream.
For context, a comparable PQC deployment providing quantum-safe key exchange on the same link would cost a small fraction — typically software updates, TLS configuration changes, and integration work in the €20K–€100K range for a well-scoped project.
The justification for the cost differential is almost always one of three arguments:
Defence-in-depth. PQC relies on mathematical assumptions that could, in principle, be broken by a future cryptanalytic advance. QKD relies on physical laws. For scenarios where both failure modes are unacceptable, running both in parallel provides independent layers of protection.
Regulatory or customer mandate. Some government contracts, national-security programmes, or specific sovereign procurements require QKD. If that's your situation, cost-benefit is set by procurement, not by you.
Strategic positioning. Being an early operational user of QKD buys access to the ecosystem as it matures and can be a differentiator for providers in security-sensitive markets (financial infrastructure, defence, trusted cloud).
If none of these three arguments apply to you, the economics do not work, and you should redirect the budget to PQC, operational security, and crypto-agility.
Phase 1 — Case definition and sceptical review (2–4 months). Document the specific communication channel, the data it carries, the adversary model, the secrecy horizon, and the cost of compromise. Submit this case to rigorous internal and external challenge: is PQC alone sufficient? What exactly does QKD add? If the case survives sceptical review, proceed. If not, redirect budget.
Phase 2 — Technology and vendor scan (3–4 months). Evaluate available QKD approaches (BB84, CV-QKD, MDI-QKD, satellite) against your topology, range, and integration needs. Engage with multiple vendors; request detailed technical briefings and reference deployments. Understand the ecosystem's national funding landscape — many deployments today involve co-funding through EuroQCI, national programmes, or research partnerships.
Phase 3 — Architecture and integration design (3–6 months). Design the full system: endpoints, fibre, authentication, key-management integration, operational procedures, physical security. Specify interfaces (ETSI GS QKD 014 is the common API standard). Define SLAs and test criteria.
Phase 4 — Pilot deployment (6–12 months). Install, test, integrate, and operate the link on non-critical traffic first. Measure real-world key rates, availability, integration friction, operational cost. Publish the internal learnings honestly.
Phase 5 — Production and expansion. Migrate the target traffic to the QKD-protected channel. Plan subsequent expansion, if any, with a clear per-link cost-benefit test. Maintain the link, participate in the vendor/operator community, track standardisation and protocol evolution.
At every phase, remain open to the conclusion that the project should be cancelled or descoped. The organisations that succeed with QKD are not the ones most committed to it — they are the ones most honest about whether they need it.
Buying QKD as a PQC replacement. It isn't. PQC is mainline; QKD is niche. If a vendor pitches QKD as the answer to "the quantum threat to your business," they are either confused or selling.
Underestimating operations. QKD systems require specialised operational knowledge, careful physical security, regular calibration, and field support. Mid-market organisations frequently underestimate the operational burden.
Trusted-node blindness. Multi-hop QKD networks that rely on trusted nodes are only as secure as those nodes' physical and personnel security. A QKD deployment with weak node security offers a false sense of assurance.
Conflating QKD with QRNG. QRNG is useful and mature. QKD is specialised. Vendors sometimes exploit the confusion. Know which product you are buying.
Ignoring classical authentication. QKD requires an authenticated classical channel to work. That channel typically uses PQC signatures. You can't escape classical cryptography by buying QKD — you inherit it as a dependency.
Forgetting the satellite option. For long-distance or intercontinental use cases, satellite QKD may emerge as more cost-effective than trusted-node terrestrial networks later this decade. Don't lock into a purely terrestrial architecture without considering it.
Framing this as a security decision alone. QKD deployment is often as much about strategic signalling, ecosystem access, and national-programme alignment as about direct security value. Evaluate the full value, not just the cryptographic one.
Engage now if: you operate critical national infrastructure; you are a defence contractor or national-security systems operator; you run a central bank, sovereign payment system, or financial market utility with genuinely long secrecy horizons; you have specific communication links whose compromise would have catastrophic, long-horizon consequences; or you are a telecom operator positioning to serve the above.
Monitor with occasional pilot participation if: you are a major commercial bank, insurer, or large technology provider in a security-sensitive vertical; you operate in a sector where quantum networks are likely to become strategically relevant within 10 years (hyperscale cloud, research-intensive pharma, aerospace); or you can access grant-funded pilots through EuroQCI, national programmes, or research partnerships at low cost.
Ignore and focus entirely on PQC if: you are in any other commercial sector. The correct response to the quantum threat for your business is PQC, not QKD. Redirect any budget that might have gone to QKD into a faster, more thorough PQC migration and better operational security. You will get many times the risk reduction per euro.
For almost all readers of this page, the honest recommendation is in the third category. This is a hard message for a consultancy to deliver; it is also a true one.