Quantum-Safe or Quantum-Vulnerable? Inside GSMA’s Second PQC Roundtable at MWC Shanghai

From hard data on IoT exposure to a live eSIM demo, the second GSMA Post-Quantum Cryptography roundtable at Mobile World Congress Shanghai made one thing clear: migration is no longer a planning exercise. It is an operational imperative.

Just under two hours, five speaking slots, a live demonstration, and one consistent message repeated from every corner of the room: the telecoms industry cannot afford to treat post-quantum cryptography (PQC) as someone else’s problem to solve later. The GSMA Post-Quantum Telco Network (PQTN) Task Force convened its second MWC Shanghai roundtable on 24 June 2026. The conversation spanned IoT vulnerability data, automotive constraints, eSIM provisioning, IPsec key exchange, and GSMA’s own migration roadmap – adding up to a detailed, candid picture of where the industry stands today.

Here is how the session unfolded.

GSMA Intelligence: The Numbers Behind the Vulnerability

Tim Hatt, Head of Research and Consulting, GSMA Intelligence, opened with the data question: how ready, in practice, is the IoT industry for quantum threats? The answer his team arrived at, published in a report released a couple of months before the event, is not comfortable reading.

GSMA Intelligence built a quantitative model assessing connected IoT devices across three weighted dimensions: device age, performance characteristics (RAM and clock speed), and whether encryption relies on public or private key algorithms. Devices sit somewhere on a spectrum from fully ready to partially ready to not ready at all, with different factors pulling in different directions. A device might score well on compute power but be disqualified by age or by running on unlicensed spectrum.

Applying that model to the global connected IoT base – projected to reach 37 billion devices by 2030, with most growth in enterprise verticals – the analysis found that only around 7-8% of active devices are currently quantum-safe. Energy and utilities is the most exposed sector, with just 5% of connected devices meeting the fully-ready threshold, and also one of the highest-volume sectors. Automotive is 76% not ready.

Two points raised during the Q&A sharpened the picture. First, the analysis covers both hardware and software, not just chipsets. Second, and perhaps more concerning in practice, a large share of IoT devices run on unlicensed spectrum – Wi-Fi, LoRa and similar protocols – which is inherently less secure than cellular. Cellular accounts for only around 15% of the active IoT base; the remaining 85% on unlicensed protocols face a compounded vulnerability.

The closing framing set the tone for the rest of the session: quantum risk is a blind spot. AI dominates both the news cycle and operator investment conversations, for good reason – but AI is also pushing more processing and more assets to the network edge, precisely where quantum exposure is hardest to protect against. The awareness gap, he argued, needs to close.

Post-Quantum Cryptography for Automotive: A Sector With No Room for Delay

Maxime Flament, CTO of 5G Automotive Association (5GAA) took the IoT picture and focused it tightly on automotive — a sector whose constraints make quantum migration harder than almost anywhere else.

The core challenge is the vehicle lifecycle. Cars typically stay on the road for 10 to 15 years, sometimes longer. A vehicle built today and sold in 2027 may still be in daily use in 2040 or beyond. The asymmetric cryptography it relies on for safety messages, over-the-air updates, digital keys, backend communications and payment functions will be deprecated by NIST standards from 2030 and disallowed by 2035 – well within that operational window.

Flament was direct about the “harvest-now, decrypt-later” threat: attackers are already capturing encrypted data today, storing it, and waiting for quantum computing to mature enough to break it. For short-lived safety messages, that risk may be acceptable. For identity management, personal data, or payment credentials moving between a vehicle and a backend server, it is not. That distinction – between data that expires quickly and data that retains long-term value – underpins a risk-prioritisation framework that 5GAA and GSMA are developing jointly.

Automotive faces a further complication in type approval. Safety regulations require formal certification of vehicle systems, and introducing cryptographic changes to a certified system is not a simple software update. This is where the software-defined vehicle (SDV) concept becomes strategically important: SDVs are designed for crypto agility, meaning algorithms can be swapped over a vehicle’s lifetime as standards evolve. The industry’s task now, Flament argued, is to accelerate the shift to SDV architectures and ensure high-risk use cases, dentity, backend communication, payment, are prioritised for early migration, regardless of vehicle type.

The regulatory signal is already there: government agencies worldwide are identifying high-risk use cases now, in 2026, with migration of priority functions expected before 2030 and broad quantum-safe deployment targeted for 2035.

Quantum-Safe eSIM Provisioning, Live

The third slot moved from analysis to implementation, with a live demonstration of quantum-safe, pre-SGP.42 in-factory profile provisioning (IFPP), presented jointly by Idemia, Quectel and Tele2 IoT.

The eSIM use case is a meaningful test of PQC in practice because it involves a genuinely constrained environment. The SIM card has limited memory and processing power, yet must execute cryptographic operations reliably at scale. The session showed the GSMA SGP specification, which governs remote SIM provisioning, being extended to incorporate post-quantum algorithms, with a working end-to-end flow demonstrated on stage.

The discussion went beyond the technical. As a global IoT operator with substantial deployments in automotive and utilities, Tele2 IoT highlighted two operational drivers for moving to quantum-safe provisioning. The first is long-term deployment security: for industrial and automotive IoT, devices remain in the field for years, and a chain is only as strong as its weakest link. No matter how well an operator secures its network core, an IoT device remains an entry point that must be secured at the edge. The second driver is supply chain simplification. Quantum-safe factory provisioning of SIM credentials allows SIMs to be delivered as software, removing the need to ship physical cards with pre-loaded credentials and avoiding the customs delays that physical SIM shipments regularly face.

The demonstration reinforced a point that Yolanda Sanz would return to at the close of the session: post-quantum cryptography is already part of everyday life. Apple, for example, has integrated PQC into iMessage. These algorithms are not experimental, they are deployable now.

Enabling Multiple Key Exchanges on Post-Quantum IPsec

The fourth presentation turned to a different use case: the IPsec protocol used to secure air-interface communications between base stations and security gateways. Lun Li, Senior Engineer, Huawei walked through a prototype verification of PQC hybrid key exchange in this context, based on a GSMA PQTN white paper.

The hybrid approach, combining a classical key exchange algorithm with a post-quantum one, is the industry’s recommended transition strategy. It maintains backward compatibility while introducing quantum resistance, and allows networks to migrate incrementally rather than requiring a simultaneous cutover everywhere. The prototype demonstrated the mechanism working end-to-end, with the additional key exchange payload integrated into the IKEv2 flow.

Testing this in the IPsec context, rather than in a lab environment modelling a less constrained system, matters because base station-to-security-gateway links are high-volume, latency-sensitive connections. Any performance overhead from new algorithms has real network implications. The findings, shared through the PQTN Task Force, add to the evidence base operators need when evaluating migration paths and any hardware upgrades their infrastructure may require.

PQC Activities Within GSMA: The Migration Framework, and Why There Is No Time to Wait

Yolanda Sanz, Head of Working Groups, GSMA closed the session by pulling the threads together and setting out what GSMA is doing, and what the industry must do, to navigate the transition.

Her framing was firm: the conversation is no longer about when a cryptographically-relevant quantum computer will arrive. NIST has already deprecated ECDSA and RSA, with a 2030 effective date and a 2035 disallowance date, and these timelines are being adopted by governments and regulators worldwide. The telecoms industry’s task is migration – and no one can avoid it.

The GSMA PQTN Task Force is running four parallel workstreams:

  1. Specification impact analysis — mapping every GSMA specification to identify whether it uses asymmetric cryptography directly, or depends on a standards body (3GPP, IETF, ETSI, IEEE) that must update its own standards first. A full table of affected specifications, with indicative timelines, will be published on the GSMA website before the end of 2026. GSMA membership is not required to access it.
  2. Crypto Bill of Materials (CBOM) – modelled on the software bill of materials concept familiar from IT security, mapping where cryptographic assets are used across a network or product, as the foundation for any systematic migration plan.
  3. Crypto agility for telecom networks – developing guidelines that let operators transition from classical to post-quantum algorithms on a rolling basis, without breaking the interoperability essential to a roaming-dependent, multi-vendor industry.
  4. Testing – GSMA and its members are already running the NIST-standardised algorithms, ML-KEM and ML-DSA, through real network elements, including constrained environments such as SIM cards and low-end smart meters, where performance assumptions cannot simply be carried over from server-grade hardware.

One audience question addressed the elephant in the room: how do the NIST algorithms and the Chinese cryptographic standards (SM2, SM3, SM4) coexist, and what is GSMA’s position? The answer was pragmatic. GSMA already references the SM-family curves as optional in the eSIM specification, at the request of UICC manufacturers, because interoperability demanded it. The same approach will apply to post-quantum equivalents: once Chinese PQC algorithms are published in an English-language standard and GSMA members request their inclusion, GSMA will consider it through its normal process.

The session’s final word, from Sanz, was the same one she had offered at the start, and that every speaker had reinforced in their own way: don’t procrastinate. The sooner organisations map their cryptographic exposure, the more time they have to make considered migration decisions rather than reactive ones. The more testing done now, the better the performance data available when procurement decisions are made. And the more the industry moves together – operators, device makers, automotive OEMs, standards bodies – the smoother the transition will be for everyone.


The GSMA Post-Quantum Telco Network Task Force’s specification impact analysis will be published at gsma.com/pqc before the end of 2026. All GSMA PQC publications are freely accessible.