World Federation of Exchanges calls on regulators to balance post-quantum cryptography expectations with immediate AI and cyber resilience risks

The World Federation of Exchanges (WFE) published a paper and press release warning of a substantial gap between regulatory and industry expectations on quantum computing risk preparedness, and urging regulators to pace post-quantum cryptography (PQC) migration expectations so they do not displace resources needed for more immediate operational threats. The WFE noted that public authorities and standards bodies are increasingly calling for early, coordinated migration to PQC, driven by long cryptography upgrade lead times and the “harvest now, decrypt later” risk. A preliminary WFE Global Cybersecurity Working Group survey found members view generative AI risks as more urgent and are hesitant to commit significant resources to quantum preparedness until timelines and standards are clearer; most members estimate a 5–10+ year window before cryptographically relevant quantum computers emerge, consistent with NIST FAQs. While not treating quantum risk as imminent, members reported preparatory steps including monitoring regulatory and vendor developments and NIST standardisation, conducting preliminary quantum risk assessments, incorporating quantum-safe criteria into procurement, considering cryptographic asset mapping, and working with the WFE on a best-practice guide and structured transition roadmap for market infrastructures.