All editions · Academia Edition
Your Community, Your AI — CC BY 4.0The Horizon — Anticipated Developments and Their Bearing on Sovereignty
The preceding articles examined AI as it is presently constituted. This one looks further out — to a technology that is not yet part of routine practice but is close enough that any organisation making long-horizon decisions about governed data should understand it. What follows is not a set of predictions. It is a set of structured briefings, each following the same shape: what the technology is, why it matters for governed community data, what materially changes, what a self-controlled platform does about it, what a research group can ask, and how much confidence the current evidence supports. As further technologies come into view, this article will expand. At present it carries one briefing. (Terms used here, and across the series, are defined in the glossary.)
Last reviewed: July 2026.
Briefing 1 — Quantum computing and the encryption question
What it is
A quantum computer is not a faster conventional computer. It is a distinct computational architecture that exploits quantum-mechanical properties — superposition and entanglement — to evaluate a narrow class of problems for which no efficient classical algorithm is known. For the overwhelming majority of computational tasks it offers no advantage. Its governance significance derives from a specific result: Shor's algorithm (1994) solves integer factorisation and the discrete-logarithm problem in polynomial time. The security of the public-key cryptography now in general use — RSA, and elliptic-curve schemes (ECC) — rests on the classical intractability of precisely those problems. A sufficiently large, fault-tolerant quantum computer would therefore render that layer of protection breakable in feasible time. Symmetric-key cryptography is affected differently and less severely: Grover's algorithm (1996) yields only a quadratic speed-up against symmetric ciphers, which is why a 256-bit key such as AES-256 retains a substantial security margin (an effective reduction to roughly 128 bits of work) rather than being broken outright.
Why it matters (for governed community data)
Effectively all present-day confidentiality rests on this cryptographic layer: authenticated transport, key exchange, and the records a governed community holds — pastoral or welfare notes, personal member data, sealed matters, research data collected under participant consent. That protection depends on mathematical problems classical machines cannot solve within any tractable time. A cryptographically-relevant quantum computer would compromise the asymmetric portion of that protection. The salient point for governance research is that the exposure is not confined to data created after such a machine exists; it extends, retroactively, to data protected today.
The threat: harvest now, decrypt later
The mechanism warrants precise statement. An adversary requires no quantum computer at the point of interception. Encrypted material can be recorded now and retained, then decrypted later, once a capable machine becomes available. This is the harvest-now, decrypt-later model, and it is what converts a prospective hardware development into a present-tense risk. Any data whose confidentiality must hold for a decade or more — a category into which a considerable proportion of governed community and research data falls — is already within the scope of the problem, irrespective of when the requisite hardware arrives.
What a sovereign platform does about it
The countermeasure is post-quantum cryptography (PQC): a family of algorithms whose security rests on mathematical problems for which no efficient quantum attack is presently known. The relevant standards were finalised by NIST in 2024 — ML-KEM (derived from CRYSTALS-Kyber) for key encapsulation, ML-DSA (from CRYSTALS-Dilithium) and SPHINCS+ for digital signatures. Current practice favours hybrid deployment, in which a classical and a post-quantum primitive are combined so that the composite remains secure if either component holds — a hedge against undiscovered weaknesses in the newer, less-tested PQC schemes.
The governance-relevant variable is the migration timeline and who controls it. A platform that operates its own infrastructure can schedule migration on its own terms and report when it has done so; a community renting capacity on third-party infrastructure inherits a vendor's migration priorities, and may receive no disclosure at all.
Village is designed for this class of transition. Its encryption follows an algorithm-as-data pattern — commonly termed cryptographic agility — in which each stored value carries an identifier recording the algorithm and parameters used to protect it. Migration to a post-quantum primitive is therefore a matter of configuration and re-encryption governed by that identifier, rather than a re-engineering of the storage layer. It should be stated precisely what this does and does not mean at present: the hybrid post-quantum paths are planned, not yet enabled; the primitives currently in force are strong classical schemes (for example AES-256-GCM for data at rest). The claim is architectural, not a claim that the platform is already post-quantum. The design renders the eventual change tractable — a configuration boundary that can be crossed when warranted, rather than a structural constraint that would otherwise require rebuilding.
What you can ask
Three questions locate the decision with the data holder, independent of platform:
- Does the platform have a migration plan — and, ideally, a target date — for post-quantum encryption?
- Is the most sensitive, long-lived data protected with the harvest-now, decrypt-later horizon explicitly in view?
- Who controls the timing of migration — the community, or a vendor?
Status and confidence
A quantum computer capable of breaking currently-deployed asymmetric cryptography does not yet exist, and expert estimates of when — or whether — one will diverge widely, from several years to a couple of decades. This is a genuinely contested forecast, and should be read with the same caution the edition applies to the reasoning-model debate: the disagreement is substantive, not merely rhetorical, and no confident single figure is warranted. What is not in dispute is narrower and firmer: the post-quantum standards exist now, and the harvest-now-decrypt-later logic makes preparation a present decision rather than a deferred one. The posture this warrants is preparedness, not alarm — the same disposition the series recommends toward AI generally. A technology whose relevance is imminent but not yet realised is best understood before it arrives, not after.
Readers who work with these systems in practice may find the companion practitioner courses useful: Working with Claude, on eliciting and appraising model outputs, and Agents at Work, on the governance of systems that act. For the full technical architecture behind Village AI, see Village AI — Agentic Governance.
Useful? Share this article, or show a QR code to scan.