Supply Chain and ASS startups that ignore quantum computing are building for 2025, not 2035. Sensitive data (supply chain, product authenticity, repair history) are current targets for future attacks. The few players who anticipate now will have a massive advantage and zero technical debt in 2028-2030, when the quantum transition becomes mandatory.
The problem and the solution
The problem: Attackers are collecting your encrypted data now to decrypt it later.
The solution: Anticipate, architect, then integrate.
The context: A silent threat
"Harvest Now, Decrypt Later" — It's already happening
In 2025, experts agree on one point: quantum computers capable of breaking current cryptography (RSA/ECC) will reach industrial maturity between 2030 and 2035.
But here's the trap: that doesn't mean you're safe today.
For several years, cybercriminals and nation-states have adopted a simple and formidable strategy:
- Harvest: Hack, intercept or steal encrypted data (now, in 2025).
- Store: Keep them in a secret archive for 5 to 10 years.
- Decrypt: Use future quantum computers to break them (2030-2035).
You'll never see the attack coming. Your data may already be with an attacker, patiently waiting for the technological key. This is called "Harvest Now, Decrypt Later" (HNDL), and it's an immediate threat, not theoretical.
Why ASS is particularly vulnerable
1. ASS data is extremely sensitive
An ASS platform doesn't just manage tickets, it contains the heart of the industry:
- Complete repair history: What, when, where, who.
- Supply Chain & Logistics: Origin, distribution networks, stock locations.
- Intellectual Property (IP): Designs, manufacturing processes, product vulnerabilities.
- Customer Data: Identity, location, usage patterns.
2. Blockchain + Immutability = Maximum Risk
If, like many in our sector, you use blockchain for the Digital Product Passport (DPP), you face a dangerous paradox:
Blockchain is immutable by design.
✅ Data cannot be modified (guaranteed integrity).
❌ Data can never be deleted.
❌ Encrypted data remains encrypted (with today's standards) forever.
The disaster scenario in 2032:
An attacker breaks the encryption of your blockchain data recorded in 2025. Seven years of complete history become readable. You can do nothing to "patch" the past, because it's carved in digital stone. Result: compromised supply chain, exposed customers, revealed manufacturing secrets.
A quantum attack on an unprepared blockchain is a permanent wound.
Standards are coming (and your clients will ask for them)
NIST & EU Directive: The end of carelessness
NIST has finalized the first post-quantum cryptography (PQC) standards: CRYSTALS-Kyber (key exchange) and CRYSTALS-Dilithium (digital signatures). Apple has already integrated these technologies into iMessage.
The European Union has also launched its roadmap:
- End of 2026: Start of transition for Member States.
- End of 2030: Critical infrastructures (including Supply Chain) MUST be protected.
The question BMW, Bosch or Philips will ask you
Major manufacturers will soon include this line in their calls for tenders:
"Will your ASS/DPP solution be compliant with post-quantum standards by 2030?"
Startups that answer "No" or "We'll see" will lose these strategic contracts. Those that answer "Yes, our architecture is ready" will win.
Why anticipate now (not in 2028)
Most ASS startups never mention quantum. This creates a monumental opportunity for us.
The "First-Mover" advantage
2025-2026 (Preparation):
You prepare the infrastructure. Compatible architecture, documentation ready, zero impact on current product.
2027-2028 (Mainstream):
Post-quantum standards become widespread. You're ready, your competitors panic and have to refactor their code ("Quantum technical debt").
2028-2030 (Obligation):
Transition is mandatory. You have a 2-year head start. You sell a "quantum-secure DPP" as a major competitive advantage.
The cost of anticipation: Almost zero
The cost to prepare now (architecture, monitoring, design) is negligible. The cost of inaction (emergency refactoring in 2029, data loss) is potentially fatal.
How to anticipate (without going crazy)
No need to hire physicists. Here's the pragmatic roadmap:
Step 1: Study & Documentation (Now)
Read NIST standards, understand implications, document your vision.
Step 2: "Forward-Compatible" Architecture (Ongoing)
The secret is cryptographic agility. Design your APIs and blockchain with abstraction layers. This allows changing encryption algorithms in the future without breaking the entire application.
Step 3: Communication
Position yourself as the expert. Mention "Quantum-Ready Infrastructure" in your technical documents and communications.
The business case (what you tell stakeholders)
To manufacturer clients:
"Verisav is the only DPP platform that secures your data for 2035. Your industrial secrets will remain protected even after quantum computers arrive."
To your tech teams:
"We don't suffer technical debt, we anticipate it. Our architecture is designed to last."
Conclusion: The time to think quantum is now
Quantum computing is not a threat for 2040. It's a management risk for the 2030s, being prepared in 2025.
ASS startups that anticipate:
- Build a durable architecture.
- Align in advance with EU compliance.
- Attract "Premium" clients concerned about their long-term security.
The others?
They risk a major crisis in 2029.
The choice is simple: build to last or build to be obsolete.
To go further:
Written by Kévin Boutillier, Co-founder & CEO of Verisav
December 15, 2025