SEBI is preparing India’s capital markets for the quantum computing era with an action plan to ensure cybersecurity and data resilience.
The Securities and Exchange Board of India (SEBI) is actively preparing for an imminent technological upheaval: quantum computing. SEBI Chief Tuhin Kanta Pandey cautioned at the Global Fintech Fest that as quantum computing advances, it may render today’s encryption, particularly password-based systems, vulnerable to breaches.
To meet this challenge, SEBI has prepared a detailed “action plan” to make its regulated market participants quantum-ready. It’s a multi-stage process: first, “discover,” then “prepare,” and lastly, “act” on a shift expected within the next two to four years. The operationalization window for quantum-safe cryptographic systems is set at 2028–2029. At the heart of the problem is that quantum computers utilize quantum mechanical principles to solve specific mathematical challenges significantly more efficiently than conventional machines.
The implication is that many cryptographic protocols previously considered secure, such as 128-bit encryption and generic password hashing, could be compromised in the quantum age. SEBI’s proposed solution involves migrating toward post-quantum cryptography (PQC) and quantum key distribution (QKD), replacing vulnerable systems that use passwords.
Pandey also touched on the concept of “technology neutrality,” noting that although it may be a desirable-sounding concept, it isn’t always realistic, such as continuing to allow paper-based shareholding, which is becoming increasingly unsustainable in an environment that has dematerialized. He pointed out that interoperability and standardization are still critical.
Just like the Internet needed standard protocols to work internationally.
This step by SEBI positions India’s capital markets at the vanguard of cybersecurity. With increasingly interconnected financial systems and the use of cloud platforms and third-party infrastructure, the risk of cascading risk increases.
The regulator is also strengthening capacity building, monitoring, incident categorization, and standard operating procedures under its current framework of cybersecurity and resilience. The success of such a transition, however, hinges on cooperation from regulators, fintechs, intermediaries, and the broader ecosystem.