Systematizing Responsible AI & Governance

49%

of organizations say they'll institute an AI ethics program

33%

of organizations audit their AI systems for bias

35%

of organization are prepared to meet EU's regulatory requirements

Why AI governance matters

Without clear guardrails, AI systems can introduce bias, security vulnerabilities, legal exposure, and reputational risk. In fact, a lack of oversight is one of the leading reasons AI initiatives stall or fail to scale. *

AI governance provides the structure needed to responsibly manage AI technologies—defining roles, setting ethical standards, ensuring regulatory compliance, and aligning AI with business goals. It helps organizations mitigate risk while building trust among stakeholders, employees, and customers.

As AI becomes deeply embedded in decision-making processes, from hiring to healthcare, governance ensures systems are fair, secure, transparent, and aligned with human values.

With governance, companies can confidently innovate, scale solutions responsibly, and unlock AI’s full enterprise value.

What you can do

Establish an AI Governance program in your organization

Adopt a responsible AI governance program that establishes accountability and escalation paths, decision rights, and oversight structures across your AI lifecycle.

Implement AI risk and impact assessments

Evaluate risks across your AI use cases, applications, and systems using qualitative and quantitative assessments to identify, assess, and mitigate threats, while enhancing security and ensuring compliance.

Train users in AI ethics and literacy

Provide comprehensive AI ethics and literacy training for all your employees and relevant stakeholders across the AI value chain, enabling them to understand AI’s opportunities, risks, security, privacy, legal obligations, and potential harms.

Independent audit of AI systems

Engage independent audits to evaluate AI systems for fairness, accuracy, security, and compliance—ensuring accountability and informed governance.

What you'll achieve

Mitigate risk and ensure compliance

Navigate requirements like the EU AI Act, NIST AI RMF, and internal policies to avoid reputational damage.

Drive the development and maturity of AI governance

Advance accountability and escalation paths, decision rights, and oversight structures across your AI lifecycle.

AI ethics education, training, and awareness (AIETA)

Build a strong and AI-capable workforce that recognizes opportunities, and risk, and are ready to advance organizational goals.

Trending in Responsible AI

Should Organizations Be Concerned About Post-Quantum Cryptography?

AI Governance
January 14, 20263 min read

Post-quantum Cryptography Readiness

Should Organizations Be Concerned About Post-Quantum Cryptography? According to the Capgemini report, the short answer is yes.

But before we go into more detail, let's first answer the question of what post-quantum cryptography is. Post-quantum cryptography refers to the design of cryptographic algorithms that are secure even against the computational power of quantum computers.

Here are key stats from the Report:

  • 70% of surveyed organizations are exploring or deploying PQC.

  • 61% of early adopters expect quantum breakthroughs within 10 years.

  • 57% are preparing for “Q-Day,” regardless of the exact timeline.

  • 70% say PQC is essential to maintaining their competitive edge.

  • Only 16% qualify as fully prepared “quantum-safe champions.

Quantum computing is evolving at a fast pace, and with it comes an impending cybersecurity crisis. Traditional encryption methods, like RSA (Rivest-Shamir-Adleman) and ECC are under threat. Quantum computers promise many changes and improvements, from advancing drug discovery to reimagining climate modeling. But they also pose a danger to cybersecurity. That is, the ability to break current cryptographic systems.

Techniques like “harvest-now, decrypt-later” are already being used by attackers to collect encrypted data in hopes of decrypting it once quantum capabilities catch up.

Capgemini’s report recommends that post-quantum cryptography (PQC) should be included in every organization’s security strategy, warning that time is running out.

65% of organizations surveyed expressed concern about this threat. If this is a real concern, then there should be an urgency to solve this problem

Regulatory Pressure Accelerates the Shift

·    Regulatory bodies are taking notice and action.

  • In 2024, the U.S. National Institute of Standards and Technology (NIST) finalized three post-quantum encryption algorithms - CRYSTALS-Kyber, CRYSTALS-Dilithium, and SPHINCS+ - urging immediate adoption.

  • In addition, according to the report, the NSA has recommended deprecating vulnerable encryption standards by 2030 (like RSA), with a full ban by 2035.

  • The EU has also called for critical infrastructure to be quantum-safe by 2030. These mandates make quantum safety a compliance issue as much as a security one.

How Are Organizations Responding?

Capgemini surveyed 1,000 global organizations with over $1 billion in annual revenue.  This is what they found.

  • 70% - the “early adopters” - are already assessing or deploying quantum-safe solutions.

  • The defense, banking, and aerospace sectors are leading the charge, with adoption rates nearing or exceeding 90%.

  • However, sectors like retail and consumer goods are lagging.

  • 61% of  early adopters believe that a cryptographically relevant quantum computer (CRQC) could emerge within the next decade.

  • 71% of early adopters see PQC as essential to long-term competitiveness and data security.

  • Companies like Vodafone and Apple have already started integrating PQC algorithms into their products

There’s consensus that quantum computing is no longer a distant concern - it’s an imminent risk.

Few Are Truly Ready For Post-quantum Cryptography

Despite growing awareness, only 15% of early adopters - termed “quantum-safe champions”—are fully prepared. These organizations have mature governance structures, cryptographic inventories, and technical infrastructure in place. The rest are still in early planning or pilot phases.

Barriers to adoption remain significant. Only 2% of cybersecurity budgets are currently allocated to quantum-safe initiatives. Most organizations face challenges like lack of training, unclear timelines, integration difficulties, and limited availability of mature PQC tools.

What to do now?

Experts across industries stress that organizations cannot afford to wait. The first public breach using quantum methods will trigger a crisis. Those who delay risk regulatory penalties, business disruption, and erosion of trust.

As Marco Pereira, Global Head of Cybersecurity at Capgemini, puts it:
“Quantum readiness isn’t about predicting a date - it’s about managing irreversible risk.”

The time to transition is now. Organizations that act early will not only protect their assets but gain a strategic advantage in the quantum era.

  1. Become “crypto-agility” - the ability to quickly switch cryptographic algorithms as threats and standards evolve.

  2. Maintain a comprehensive inventory of cryptographic assets.

  3. Plan phased migrations, focusing on crypto-agile infrastructure, and building cross-industry partnerships

Quantum threats are no longer theoretical. The race is on - and every organization needs to gear up for a future encrypted.

Post-quantum cryptographyPQC readinessQuantum-safe securityQuantum computing threatCybersecurity future-proofingQuantum-resistant encryptionCorporate cybersecurity strategyCRYSTALS-KyberDilithiumSPHINCS+Quantum risk managementCryptographic agility
Back to Blog

Let's talk

Copyright 2026. Obi Ogbanufe. All Rights Reserved.