CivilsWisdom.
Updated · Today
Science & Technology May 25, 2026 5 min read Daily brief · #24 of 24

Quantum Secure and Adaptive Financial Ecosystem (Q-SAFE) – Setting up of an Expert Committee

The Reserve Bank of India constituted an eight-member expert committee on May 25, 2026, under the initiative "Quantum Secure and Adaptive Financial Ecosystem...

GS Paper 3 (Science & Technology Economy)

What Happened

  • The Reserve Bank of India constituted an eight-member expert committee on May 25, 2026, under the initiative "Quantum Secure and Adaptive Financial Ecosystem" (Q-SAFE) to assess the opportunities and risks posed by quantum technology to India's financial system.
  • The committee is convened by Dr. Anil Prabhakar, Professor, Department of Electrical Engineering, IIT Madras, with membership drawn from the Department of Science and Technology, State Bank of India, National Payments Corporation of India, Ministry of Electronics and Information Technology (MeitY), Data Security Council of India (DSCI), and IBM Quantum India.
  • The Member-Secretary is a senior officer from the RBI's FinTech Department.
  • The committee must submit its report within six months of its first meeting.
  • The committee will conduct a Cryptography Bill of Materials (CBOM) analysis of the financial sector — cataloguing all cryptographic assets, their dependencies, and vulnerabilities — to map quantum exposure across critical financial infrastructure.
  • A key output will be a roadmap and regulatory framework for transitioning India's financial system to quantum-safe standards, including cross-country regulatory analysis.

Static Topic Bridges

Quantum Computing: Principles and Financial Sector Relevance

Quantum computing leverages principles of quantum mechanics — notably superposition (where qubits represent 0 and 1 simultaneously) and entanglement (where qubits are correlated regardless of distance) — to perform computations exponentially faster than classical computers for certain problem classes. In finance, this opens potential applications in portfolio optimisation, real-time risk assessment, fraud detection, and macroeconomic modelling. However, the same computational power threatens the mathematical assumptions underpinning current cryptographic security.

  • Classical computers would take millions of years to break RSA-2048 encryption; a sufficiently powerful quantum computer could factor the underlying large prime numbers in hours using Shor's algorithm (1994).
  • Symmetric-key standards like AES-256 are less vulnerable but still weakened under Grover's algorithm, which halves effective key strength.
  • Large-scale cryptographically-relevant quantum computers do not yet exist, but state-level adversaries are already pursuing a "harvest now, decrypt later" strategy — intercepting and storing encrypted financial data today to decrypt once quantum capability matures.

Connection to this news: The Q-SAFE committee's mandate to conduct a Cryptography Bill of Materials audit directly addresses this threat by identifying which parts of India's payment infrastructure (UPI, RTGS, NEFT, SWIFT messaging) rely on vulnerable cryptographic schemes.

Post-Quantum Cryptography (PQC) and NIST Standardisation

Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks by both classical and quantum computers. In August 2024, the US National Institute of Standards and Technology (NIST) finalised its first three PQC standards — ML-KEM (for key encapsulation/exchange) and ML-DSA (for digital signatures) — after evaluating 82 candidate algorithms from 25 countries over seven years. These algorithms are based on mathematical problems (lattice-based, hash-based) that quantum computers cannot efficiently solve.

  • NIST's PQC standardisation process began in 2016 and concluded in 2024 (NIST IR 8547).
  • Major global financial infrastructure providers including SWIFT are evaluating PQC migration for interbank messaging.
  • The transition window is expected to be 10–15 years for full deployment across financial institutions globally.

Connection to this news: The Q-SAFE committee's cross-country regulatory analysis will likely draw on NIST standards and global migration roadmaps to recommend India-specific timelines and compliance requirements for banks, payment system operators, and financial market infrastructures.

RBI's Regulatory Jurisdiction over Financial System Security

The RBI, as India's central bank established under the Reserve Bank of India Act, 1934, has broad supervisory and regulatory authority over scheduled banks, payment system operators, and financial market infrastructures. This includes issuing directions on IT security frameworks. The RBI Master Direction on Information Technology Governance, Risk, Controls and Assurance Practices (2023) mandates IT risk governance standards for regulated entities. Cyber resilience has been an expanding area of RBI regulation since the Cyber Security Framework for banks (2016).

  • Payment systems regulation: Payment and Settlement Systems Act, 2007.
  • RBI has issued circulars on cybersecurity frameworks for banks (2016), UCBs (2019), and NBFCs (2023).
  • The FinTech Department of RBI (constituted in 2022) is the nodal department for emerging technology regulation.

Connection to this news: The Q-SAFE committee is anchored in the RBI's FinTech Department, signalling that quantum security is being treated as an active regulatory concern rather than a distant future risk, consistent with the RBI's forward-looking approach to systemic risk.

Cryptography Bill of Materials (CBOM)

A Cryptography Bill of Materials is an inventory of all cryptographic components used within an organisation's or system's software, hardware, and network infrastructure. It identifies which algorithms, key lengths, and certificates are in use — analogous to a Software Bill of Materials (SBOM) for cybersecurity. CBOM analysis is the first step in quantum migration planning because it maps which systems use quantum-vulnerable algorithms (particularly RSA, ECC, and Diffie-Hellman key exchange) and prioritises migration based on criticality and data sensitivity.

  • CBOM is recommended by international bodies including the World Economic Forum's Quantum Economy Network and the European Union Agency for Cybersecurity (ENISA).
  • In the financial context, CBOM would cover core banking systems, payment gateways, digital certificate authorities, HSMs (Hardware Security Modules), and inter-bank communication protocols.

Connection to this news: The Q-SAFE committee will evaluate the financial sector's CBOM to identify critical systems that are most vulnerable to future quantum attacks, forming the evidence base for its migration roadmap recommendation.

Key Facts & Data

  • Committee name: Q-SAFE (Quantum Secure and Adaptive Financial Ecosystem)
  • Convener: Dr. Anil Prabhakar, IIT Madras (Department of Electrical Engineering)
  • Member-Secretary: Shri Suvendu Pati, RBI FinTech Department
  • Total members: 8 (convener + 6 domain members + member-secretary)
  • Organisations represented: DST, SBI, NPCI, MeitY, DSCI, IBM Quantum India
  • Report submission deadline: Six months from first meeting
  • NIST PQC standards finalised: August 2024 (ML-KEM, ML-DSA)
  • Shor's algorithm (1994): enables quantum factoring of large integers, breaking RSA/ECC
  • "Harvest now, decrypt later" — the immediate threat justifying proactive quantum risk management
On this page
  1. What Happened
  2. Static Topic Bridges
  3. Quantum Computing: Principles and Financial Sector Relevance
  4. Post-Quantum Cryptography (PQC) and NIST Standardisation
  5. RBI's Regulatory Jurisdiction over Financial System Security
  6. Cryptography Bill of Materials (CBOM)
  7. Key Facts & Data
Display