The G7 central banks quantum technologies financial system 2026 report arrived June 11, when the G7 Central Bank Quantum Technologies Working Group published its first deliverable, titled "Preparing for Quantum Technologies: Key Considerations for Financial Sector Participants." Co-chaired by the Banque de France and the Bank of Canada, the Working Group brings together the Deutsche Bundesbank, the Bank of England, the Banca d'Italia, the Bank of Japan, the Federal Reserve Board and the European Central Bank. The document does not issue operational mandates. It establishes a shared analytical framework designed to help central banks and financial institutions understand the landscape before more specific guidance follows.
G7 QTWG Report and the Financial System Quantum Threat
The G7 Central Bank Quantum Technologies Working Group was established in 2025 with a mandate to analyze the economic, financial and institutional implications of quantum technologies. Its inaugural report, published on the Banque de France website, identifies two distinct dimensions of quantum technology that matter for financial institutions. The first is risk: advances in quantum computing could, over time, challenge the cryptographic assumptions that underpin digital payments, secure communications and financial data storage. The second is opportunity: quantum computing may eventually enable faster processing of problems currently intractable for classical computers, with potential applications in risk modelling and economic forecasting. The report is careful to treat both dimensions as contingent on technological progress that has not yet materialized at operational scale. Bank of Canada Governor Tiff Macklem said the window to being quantum-ready is narrowing, framing the report as a collective effort to improve understanding and promote preparedness across the financial system. The document is explicitly institutional, analytical and non-prescriptive in its orientation.
Harvest Now, Decrypt Later and Why Timing Uncertainty Matters
The risk that commands the most immediate attention in the QTWG report is known as "harvest now, decrypt later." Adversaries can collect encrypted data today, store it, and decrypt it once a cryptographically relevant quantum computer becomes available. The timing of such a device remains uncertain, but the report notes that the potential impact is now well identified. This asymmetry, where the threat is known but its arrival date is not, creates a planning problem for any institution that handles long-lived sensitive data. Financial records, member identities, loan histories and transaction archives fit that description precisely. The report frames this as a systemic concern, not merely an individual institution problem: in highly interconnected environments, uneven levels of preparedness can create vulnerabilities that affect the whole system. That framing matters because it invites coordination across regulators, central banks, financial institutions and technology vendors. Coordination across regulators, central banks, financial institutions and technology vendors is a theme the report explicitly highlights, though specific bodies engaged in parallel efforts are not identified in the QTWG report itself. Credit unions managing digital infrastructure alongside larger correspondent institutions should take note of how interconnected preparedness levels can propagate risk. For context on how individual credit unions are building institutional capacity, see our profile of Associated Credit Union and its operational priorities.
What it means for credit unions and their compliance timelines
What it means for credit unions is structural rather than immediate, but the structural pressure is real. Smaller and mid-sized institutions are the segment most likely to face a compliance and resource gap as quantum-related cybersecurity expectations harden. Larger banks have dedicated cryptography teams and vendor relationships already oriented toward post-quantum readiness. Credit unions typically do not. The QTWG report does not set timelines or thresholds, but its analytical framework will inform future guidance from bodies including the Financial Stability Board. In the United States, the National Credit Union Administration has not yet issued specific quantum cryptography guidance, but NCUA examination frameworks routinely reference federal cybersecurity standards, and the National Institute of Standards and Technology Post-Quantum Cryptography Standards are federal standards. That linkage will eventually become examination-relevant. Credit unions should begin by auditing which systems use encryption algorithms identified as quantum-vulnerable, particularly asymmetric algorithms such as RSA and elliptic-curve cryptography, and assess how long that data must remain confidential. Vendor contracts and core system upgrade cycles, which can span multiple years, are the practical constraint. For a look at how credit unions are investing in technology and member services in parallel, see our coverage of AI-powered branch workforce management solutions for credit unions.
What we're watching
- NCUA examination guidance updates: Watch for any mention of post-quantum cryptography in NCUA's Letter to Credit Unions series or its annual supervisory priorities document, expected in early 2027.
- Watch for updates to international cyber resilience frameworks; any reference to quantum risk thresholds from bodies such as the FSB would set a de facto international standard.
- Monitor whether national standards bodies publish implementation migration guidance to supplement existing post-quantum cryptography standards; publication timelines should be monitored by credit union technology officers.
- QTWG second deliverable: The Working Group describes its current report as the first in an ongoing process tied to scientific and public policy developments; a second report or thematic supplement would signal whether timelines and operational recommendations are forthcoming.