CivilsWisdom.
Updated · Today
Science & Technology May 25, 2026 4 min read Daily brief · #18 of 24

RBI to examine role of quantum technology in strengthening financial sector

The Reserve Bank of India announced the formation of the Q-SAFE expert committee to examine how quantum technology can both strengthen and threaten India's f...

GS Paper 3 (Science & Technology Economy)

What Happened

  • The Reserve Bank of India announced the formation of the Q-SAFE expert committee to examine how quantum technology can both strengthen and threaten India's financial sector, marking India's first formal central-bank-led quantum security initiative.
  • The committee's mandate spans both the opportunities of quantum computing (portfolio optimisation, fraud detection, macroeconomic modelling) and the risks to cryptographic security underpinning payment infrastructure.
  • The initiative reflects a broader global pattern: central banks and financial regulators in the US, EU, and UK have begun mandating quantum risk assessments for systemically important financial institutions.
  • The committee will assess the preparedness of Indian financial institutions — banks, payment operators, and market infrastructure — for quantum-safe cryptography adoption.
  • Its findings are expected to shape RBI's regulatory guidance on cybersecurity frameworks, potentially requiring banks to migrate from RSA and ECC-based systems over a defined timeline.
  • The six-member expert panel (plus convener and member-secretary) brings together academic, government, industry, and institutional expertise for a 360-degree assessment.

Static Topic Bridges

How Quantum Computing Threatens Financial Cryptography

Most internet security — including banking logins, payment transactions, and digital signatures — relies on public-key cryptography, specifically RSA (Rivest–Shamir–Adleman) and Elliptic Curve Cryptography (ECC). These are secure because factoring large numbers or solving elliptic curve discrete logarithm problems is computationally infeasible for classical computers. Quantum computers, running Shor's algorithm, can solve these problems in polynomial time — exponentially faster than the best-known classical algorithm — making current public-key encryption systems fundamentally insecure once sufficiently powerful quantum computers exist.

  • RSA-2048, considered secure against classical computers for decades, could be broken in hours by a quantum computer with ~4,000 fault-tolerant logical qubits.
  • Current leading quantum processors (IBM, Google, IonQ) have hundreds to low-thousands of physical qubits, but fault-tolerant logical qubits require many physical qubits; cryptographically-relevant quantum computers are estimated to be 10–15 years away.
  • Symmetric encryption (AES-256) is less vulnerable: Grover's algorithm reduces its effective security from 256 bits to 128 bits — still strong but requiring longer key lengths.
  • India's core payment systems (UPI, RTGS, NEFT, IMPS) use TLS (which depends on RSA/ECC) for secure communication.

Connection to this news: This is the precise threat the RBI's Q-SAFE committee is established to assess — mapping which payment and banking systems need priority migration before quantum computers reach cryptographic relevance.

RBI's Role in Financial Sector Cybersecurity Regulation

The Reserve Bank of India operates as both monetary authority and prudential regulator, with supervisory jurisdiction over commercial banks, cooperative banks, NBFCs, and payment system operators. Cybersecurity governance forms part of RBI's IT risk framework, formalised through the Cyber Security Framework for banks (RBI circular, June 2016), IT Governance Master Directions (2023), and the requirement for a Board-approved Information Security Policy. The RBI can issue Directions under Section 35A of the Banking Regulation Act, 1949, enforceable on all scheduled commercial banks.

  • Section 35A, Banking Regulation Act, 1949: RBI's power to issue binding directions to banks in public interest.
  • Payment and Settlement Systems Act, 2007: governs security standards for payment system operators.
  • RBI's FinTech Department (established 2022) is responsible for emerging technology regulation, including quantum.
  • The RBI Cyber Security Framework (2016) requires banks to maintain a Security Operations Centre, implement a Security Incident Response Policy, and report cyber incidents within defined timelines.

Connection to this news: The Q-SAFE committee's recommendations will likely be operationalised through fresh RBI Directions or Master Circulars, updating the existing cybersecurity framework to include quantum-readiness requirements.

India's Digital Payments Ecosystem and Systemic Risk

India operates one of the world's largest real-time payments ecosystems, with UPI processing over 18 billion transactions per month as of 2025–26. The National Payments Corporation of India (NPCI) manages UPI, IMPS, NACH, and other retail payment systems. The concentration of transaction volume on a small number of cryptographically-secured rails means a quantum-enabled attack — or even the credible threat of one — could trigger systemic financial instability. NPCI's participation in the Q-SAFE committee (through its MD and CEO, Dilip Asbe) signals awareness that payment infrastructure is the highest-priority quantum-security domain.

  • UPI monthly transaction volume: ~18 billion transactions (FY 2025–26).
  • RTGS and NEFT: managed by RBI, settling high-value and retail inter-bank transfers respectively.
  • SWIFT: India-connected interbank messaging also relies on public-key cryptography; SWIFT itself is evaluating PQC migration globally.
  • India's digital economy value at risk from a quantum cryptographic breach: estimated in tens of trillions of rupees across financial assets.

Connection to this news: The Q-SAFE committee's inclusion of NPCI alongside RBI, SBI, and MeitY ensures that both the regulatory and operational dimensions of India's payment infrastructure are covered in the quantum security roadmap.

Key Facts & Data

  • Q-SAFE: Quantum Secure and Adaptive Financial Ecosystem — RBI's quantum security initiative announced May 25, 2026
  • Convener: Dr. Anil Prabhakar (IIT Madras, Electrical Engineering)
  • Members include: Sunil Kumar (DST), Satish Rao Nagesh (SBI DMD), Dilip Asbe (NPCI MD & CEO), Manoj Kumar Jain (MeitY Scientist-G), Vinayak Godse (DSCI CEO), L. Venkata Subramaniam (ex-IBM Quantum India)
  • Report timeline: six months from first meeting
  • NIST PQC standards: finalised August 2024 (ML-KEM for key exchange, ML-DSA for digital signatures)
  • RSA threat: Shor's algorithm (1994) can factor large integers in polynomial time on a quantum computer
  • "Harvest now, decrypt later": current threat to long-lifetime financial data even before quantum computers mature
  • Section 35A, Banking Regulation Act, 1949: RBI's power to issue binding directions to banks
On this page
  1. What Happened
  2. Static Topic Bridges
  3. How Quantum Computing Threatens Financial Cryptography
  4. RBI's Role in Financial Sector Cybersecurity Regulation
  5. India's Digital Payments Ecosystem and Systemic Risk
  6. Key Facts & Data
Display