Every tap of a debit card, every student logging into a campus portal, and every employee providing their Social Insurance Number to a new employer rely on digital encryption to keep sensitive information out of the wrong hands. The systems that protect our bank accounts, health records and identities rely on encryption that today’s computers cannot break, even with a lifetime of effort.

That protection will not last forever. Quantum computers, exponentially more powerful than today’s machines, will be able to break much of the encryption that underpins modern digital security. Quantum computers already exist, and they’re just a few years away from fault-tolerant versions and broader access — which will turn once-secure IT systems into open books.

Every Canadian network needs to be protected, and soon — but who is providing guidance, options and timelines for those organizations that don’t have massive IT departments and expert consultants to guide them? That job belongs to Minister of Artificial Intelligence and Digital Innovation Evan Solomon.

For large federal departments, the path to long-term security is already being laid, and the federal government has already accepted that its own systems must be made quantum-safe. The clock is officially ticking. The Communications Security Establishment’s Cyber Centre and Treasury Board have published a roadmap that requires federal systems to transition to post-quantum cryptography over the next decade, backed by migration plans, milestones and formal reporting. Transition plans from those departments and agencies are due in April 2026.

The road ahead for large institutions that hold our information, like big banks, is becoming clearer, too. Large IT departments, risk mitigation teams and expert consultants have an eye on the problem, and are evaluating emerging solutions.

But for smaller institutions and those outside Ottawa’s direct control, the view ahead is foggier.

Smaller organizations don’t know that quantum hacking capabilities are on the horizon. They don’t have big budgets to investigate what upgrades will work, and don’t have any rules or guidelines giving them a roadmap to quantum-safe protections.

This is where the federal government can lead by helping smaller institutions prepare for the quantum era using Canadian-made solutions.

Solomon has been clear that sovereign computing capacity, data security and quantum capabilities are “not just an economic imperative, but a national security imperative.”

What is missing is the bridge between that high-level cyber strategy and the practical reality facing smaller organizations that actually hold much of Canadians’ most intimate information: your family doctor, your college, the payroll department at work.

Bad actors with a foothold in quantum—some likely linked to foreign-state actors—are licking their chops, lying in wait for the technology they need to go after networks rich in private information.

But Canada can beat them to the punch.

Solomon has an opportunity to lead our nation’s smaller institutions now on how to become quantum-resilient, to lay out emerging timelines, and to launch programs to support small and medium sized network owners to adapt without disruption.

Ottawa can provide practical guidance grounded in the work of the Canadian Centre for Cyber Security and Innovation, Science and Economic Development Canada, while pointing institutions toward Canada’s growing ecosystem of quantum-safe technologies.

Canadian researchers and Canadian companies are already developing upgrades that will work to secure digital infrastructure against quantum threats. Kirq, Canada’s non-profit quantum-safe testbed, allows those technologies to be tested, reducing risk and disruption.

By prioritizing the security of small- and medium-sized organizations, Ottawa can make it clear that preparing for the quantum threat is part of an organization’s duty to protect personal information under Canadian privacy law, not an optional research project.

No company or organization will feel like the guinea pig when all organizations in the sector are pushing quantum-safe upgrades into budgets and risk registers at the same time.

Small organizations need a clear signal that this risk is real, that Ottawa expects action, and that practical solutions exist.

Canada has an opportunity — and a narrow window — to turn quantum from a looming privacy crisis into a national strength story. Canadian researchers and companies are helping build the technologies that threaten today’s encryption, and the quantum-safe tools that can save us from it.

The question is whether Ottawa will help Canadian institutions change our locks before the quantum threat is at our doorstep.

Bernard Duval is CEO of Numana, Canada’s non-profit technology accelerator. Numana is the home of Kirq, Canada’s only quantum-safe testbed, where encryption designed to withstand the quantum revolution can be tested and customized.

The views, opinions and positions expressed by all iPolitics columnists and contributors are the author’s alone. They do not inherently or expressly reflect the views, opinions and/or positions of iPolitics.