MICKAI®
Article · 12 July 2026

Post-quantum for government and defence: protecting what must stay classified for decades

Classified material must survive decades of secrecy, so sovereign, air-gapped, post-quantum-signed systems are the fit against harvest-now-decrypt-later adversaries.

Post-quantum for government and defence: protecting what must stay classified for decades
Author
Micky Irons
Published
12 July 2026
Follow Micky Irons
LinkedInX
post-quantumgovernment and defenceclassified datasovereign aicryptography

Government and defence secrets stay sensitive for decades, so classified workloads need sovereign, air-gapped, post-quantum-signed systems that defeat harvest-now-decrypt-later adversaries capturing encrypted traffic today.

This matters in 2026 because the migration clock is no longer theoretical. The US National Security Agency's CNSA 2.0 suite sets out a phased move to quantum-resistant algorithms across national security systems through the decade, and the UK National Cyber Security Centre advises organisations to begin post-quantum migration planning now rather than waiting for a cryptographically relevant quantum computer to arrive. Both bodies are telling defence buyers to act ahead of the threat, not after it.

Why does a decades-long protection horizon change the threat model?

Because a document classified today may still be sensitive in 2050, an adversary can record encrypted traffic now and decrypt it years later, causing harm.

Most commercial data loses value quickly. Classified defence material does the opposite: source identities, weapons design, treaty positions and intelligence methods stay damaging for the working lives of the people they name. When you encrypt something that must stay secret for thirty years with public-key cryptography that quantum computing is expected to break within that same window, you have not protected it. You have merely delayed its exposure and handed the timing to your opponent.

Post-quantum for government and defence: protecting what must stay classified for decades, illustration 1

What is harvest-now-decrypt-later and why can it not be ignored?

Harvest-now-decrypt-later is an adversary capturing encrypted data today, storing it cheaply, and decrypting it once quantum capability matures, defeating any defence resting on public-key encryption.

The attack needs no breakthrough to begin. Storage is cheap, interception is routine at the network layer, and the patient adversary simply waits. This is why the fit for classified workloads is not a faster cipher bolted onto an internet-connected service. It is an architecture that removes the capture surface entirely: a zero-egress inbound perimeter and offline operation, so there is no outbound traffic to harvest in the first place, backed by post-quantum signatures on everything that must be trusted later.

Post-quantum for government and defence: protecting what must stay classified for decades, illustration 2

How do the CNSA 2.0 and NCSC positions actually read?

Both are advisory bodies urging migration to begin now, with phased timelines rather than one cliff-edge deadline, signalling direction of travel over a fixed date.

The US CNSA 2.0 suite names quantum-resistant algorithms for national security systems and sequences their adoption across the decade. NCSC guidance frames migration as a multi-year programme to scope now, discover your cryptography, and prioritise the long-lived secrets first. The standards underneath are settled: FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) are the signature schemes that seal an audit ledger, while FIPS 203 (ML-KEM) handles key encapsulation and never signs. A system built for government should sign its record of truth with the signature standards, not conflate them with key exchange.

Post-quantum for government and defence: protecting what must stay classified for decades, illustration 3

Where does jurisdiction and supply chain fit the classified picture?

Sovereignty is not only about algorithms: a US-based provider can be compelled under the US CLOUD Act wherever it sits, an exposure no cipher removes.

Public cloud AI services are the right pick for a great deal of government work. ChatGPT, Copilot and Gemini give departments enormous capability at pace for open and official-tier tasks, and for most of the estate that is the sensible, economical choice. The contrast is narrow and architectural: for the most sensitive material, data that leaves your control crosses a jurisdiction and a supply chain you do not own. That is where a sovereign design earns its place, running offline on operator-owned hardware with hardware-attested identity bound to the audit chain, so the questions of who can compel disclosure and who can alter the record have a single answer: only the operator.

Post-quantum for government and defence: protecting what must stay classified for decades, illustration 4

What does offline verifiability give a defence buyer that a cloud cannot?

Offline verifiability means every action carries a post-quantum signature checkable on an air-gapped network years later, with no call home and no vendor dependency.

For classified systems, the ability to verify without connectivity is decisive. An operator on a disconnected network must be able to confirm that a model output, a decision or a document is genuine and unaltered using only what is in front of them. A post-quantum signed audit ledger makes that possible: the ledger is sealed with ML-DSA or SLH-DSA, so its integrity survives the arrival of quantum computing and can be checked in an air-gapped facility indefinitely. Cross-model consensus adds a second layer, requiring independent agreement before an action is trusted, so no single compromised component can quietly rewrite the record.

ConcernWhy quantum makes it worseSovereign post-quantum answer
Long protection horizonSecrets must stay sealed for decades, past the point public-key encryption breaksPost-quantum signatures (FIPS 204, FIPS 205) seal the record so it holds after RSA and ECC fall
Adversary capture todayTraffic recorded now can be decrypted once quantum capability maturesZero-egress inbound perimeter and offline operation leave no outbound traffic to harvest
Supply chain and jurisdictionA wider attack surface and foreign legal reach persist across the horizonOperator-owned hardware with hardware-attested identity removes the CLOUD Act path
Offline verifiabilityCloud-dependent proof cannot be trusted on an air-gapped network years laterPost-quantum signed audit ledger verified locally, with cross-model consensus first

Is Mickai built for this, and can it be verified?

Mickai is a Sovereign Intelligence Operating System (SIOS), built and live, running offline on operator-owned hardware with every action cryptographically sealed for decades-long classified horizons.

The substrate is 50 brains, 25 domain and 25 operational, coordinated behind a zero-egress inbound perimeter with a post-quantum signed audit ledger and cross-model consensus. The intellectual property position is a matter of record: 104 filed UK patent applications and 2,340 claims, owned by Mickai LTD (Companies House 17166618), filed and patent pending. Regulatory context matters too: DORA has been in force since January 2025, NIS2 covers essential and important entities, and under the EU AI Act the high-risk Annex III obligations once due 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027. Sovereign architecture is what lets an operator meet those regimes on their own terms.

Classified material with a decades-long secrecy horizon is only genuinely protected when the system holding it is offline, operator-owned and sealed with post-quantum signatures that survive the machine built to break today's encryption.

Frequently asked questions

Does post-quantum cryptography mean my classified data is safe forever?

No single measure is permanent, but post-quantum signatures and key encapsulation are designed to resist attack by quantum computers, which is the specific future threat to today's public-key encryption. Combined with offline operation, so there is no traffic to capture, they close the harvest-now-decrypt-later window. The right posture is continued migration and monitoring, not a one-time fix.

Is the 2 August 2026 EU AI Act deadline still the date we plan around?

No. The high-risk Annex III obligations once due 2 August 2026 were deferred by the Digital Omnibus to 2 December 2027, with embedded Annex I high-risk moving to 2 August 2028. Article 50 transparency duties are largely unchanged. Plan against the revised dates, and treat sovereign, auditable architecture as the way to meet whichever regime applies.

Why not just use a major cloud AI service for everything?

For open and official-tier work, public cloud AI services such as ChatGPT, Copilot and Gemini are often the right choice, giving capability at pace and scale. The limit is the most sensitive material: a US-based provider can be compelled under the US CLOUD Act regardless of server location, and data that leaves your control crosses a supply chain you do not own. That narrow band is where a sovereign, offline system belongs.

Does ML-KEM sign our audit records?

No. FIPS 203 (ML-KEM) is key encapsulation and never signs anything. Signing the audit ledger is done with FIPS 204 (ML-DSA) or FIPS 205 (SLH-DSA), the post-quantum signature standards. Keeping these roles separate is essential: the signature schemes are what let an air-gapped operator verify integrity years later.

How can an operator trust a model output on a disconnected network?

Every output is written to a post-quantum signed audit ledger, sealed with ML-DSA or SLH-DSA, so its integrity can be verified on an air-gapped network years later. Cross-model consensus requires independent agreement before any action is trusted, so no single compromised component can quietly rewrite the record.

Subscribe
Get every new Mickai article by email.

Long-form essays on sovereign AI from Micky Irons. One email per article. No tracking, no marketing, no third parties. Every email includes a one-click unsubscribe link.

Prefer RSS? Subscribe at /articles/feed.xml.

Originally published at https://mickai.co.uk/articles/post-quantum-for-government-and-defence-classified-for-decades. If you operate in a regulated sector or want sovereign AI on your own hardware, the audit form on mickai.co.uk is the entry point.
More articles