Post-quantum security and digital sovereignty will define the next decade

In this in-depth conversation, Voice&data caught up with Gabriel von Mitschke-Collande, Chief Digital Officer of Giesecke+Devrient (G+D), to explore how innovations like eSIM, iSIM, passwordless authentication, and tokenisation are transforming mobile connectivity, digital identity, and IoT ecosystems. From India's digital ambitions to the global urgency of post-quantum cryptography, Neb outlines how G+D is enabling secure, scalable digital ecosystems for people and devices alike.

G+D has been working with eSIM technology for a very long period of time, and you have recently collaborated with AWS for cloud-based eSIM solutions. How do you see this landscape evolving in terms of mobile network operators and IoT device manufacturing?

eSIM is a very important technology in the progress of mobile connectivity, and it plays a crucial role not just for mobile devices but significantly in the IoT space as well. Let me emphasise that G+D is the market leader in eSIM technology. This is also a testament to our journey as a company, perhaps you know that G+D was among the first to file a patent for the physical SIM card.

Over the course of our evolution, we transitioned into eSIM leadership. So, we have been actively pushing forward this technology. eSIM is critical not just for smartphones and tablets but also within IoT use cases. It enables easier deployment, better scalability, and enhanced connectivity for a wide range of connected devices, which is key to the success of the IoT ecosystem.

What is your vision towards the adoption of integrated SIMs (iSIM), specifically in India? What are the key security and efficiency benefits it offers to both consumers and the IoT devices ecosystem?

I believe you're familiar with the concept of the S-curve, technologies go through phases of inception, growth, and maturity. eSIM is currently at a stage where it is starting to scale and accelerate.

Now, speaking about iSIM, it represents the next evolutionary step in connectivity. Between these two technologies, eSIM and iSIM, another essential concept comes into play: the digital twin. Unlike the physical SIM card encased in plastic, the digital twin allows us to fully virtualise the identity and credentials embedded in the SIM, thereby reducing the physical footprint.

This move from physical to virtual also supports sustainability by eliminating plastic use, while offering additional benefits in size, cost, and device design. On the functionality side, iSIM allows profiles to be uploaded and downloaded securely. They can also be pre-integrated into devices during manufacturing, which enables easier, faster deployments. These features make iSIM an extremely efficient and secure solution, particularly for the expanding IoT ecosystem.

Moving beyond SIM solutions, what is the broader strategy that G+D harbours in terms of end-to-end security in the landscape of cloud and connected devices?

Our corporate mission is to make the lives of billions of people more secure, and that certainly applies to the connectivity landscape as well. From a technological standpoint, we began by enabling secure connectivity, first through physical SIMs, then eSIMs and today, we are expanding up the technology stack towards full IoT enablement.

Security plays a central role in this transition. For example, when we talk about bringing transparency into supply chains or enabling logistics through IoT, data protection becomes absolutely critical. This includes how data is stored, transmitted, and processed.

At G+D, our solutions are designed with compliance and security by default. This is deeply embedded in our DNA. We adhere to all underlying data protection and security requirements, particularly those associated with IoT ecosystems and regulatory expectations across global markets.

G+D has introduced an in-factory profile provisioning platform aimed at streamlining IoT deployments. How will this technology help accelerate large-scale IoT adoption, particularly in smart cities and industrial IoT initiatives in India?

I have spent the past week in India engaging in various discussions on this topic, and I must say the momentum towards IoT adoption here is extremely encouraging.

India is building a robust tech stack that supports IoT enablement. This includes efforts in mobility, for instance, through standards like AIS 140, as well as agriculture, through the agri-stack, and also across the smart device ecosystem.

India is very well-positioned, both in terms of technological infrastructure and policy support, to lead in IoT. Our in-factory provisioning platform helps facilitate this further by allowing eSIM or iSIM profiles to be embedded during the manufacturing process. This reduces time-to-market, simplifies deployments at scale, and is especially impactful in high-growth sectors like smart cities and industrial IoT.

Could you elaborate briefly on what G+D is doing in the computing space, particularly in relation to future technologies?

Let me give you a two-part answer. First, regarding quantum computing, we at G+D are not directly experimenting with quantum computers. However, what’s important to us is preparing for a future where quantum computing becomes mainstream.

This brings us to post-quantum cryptography, or PQC. With the advent of quantum computing, today’s encryption methods may become vulnerable. Thus, we are investing in PQC to develop and implement new algorithms that will continue to protect our products and platforms in the post-quantum era.

We are studying the entire product lifecycle to assess what it means to be PQC-safe. We recently published a white paper on this topic because, as a security technology company, developing post-quantum secure solutions is critical to our long-term strategy.

There is a global conversation around digital sovereignty and data localisation, especially in countries like India. How does G+D address these requirements and ensure secure cross-border data flows and services?

This is an important issue that requires a differentiated approach. Right now, for instance, we are conducting this interview over Microsoft Teams, which is operated by a multinational corporation using a global infrastructure. So, there are international applications where data flows across borders naturally.

However, when it comes to sensitive data, it is crucial that both technology providers and end users understand the importance of digital sovereignty. This means setting up infrastructure, data centres, secured tech stacks, on national soil when required by regulation.

At GD, we support and develop technology that enables digital sovereignty. This includes the ability to localise data, manage it securely within defined jurisdictions, and maintain trust in how data is handled. Ensuring regulatory compliance in this space is a top priority for us.

India is also investing significantly in securing digital identity through initiatives like Aadhaar and DigiLocker. What are the specific advantages of secure digital identity and authentication technologies?

When we look at the digital economy, especially where critical use cases are concerned, digital identity becomes essential. And this is true not just for people but also for things, which is a key component in IoT.

For IoT applications, we need to be able to uniquely identify individual devices. That’s where digital identities for things come into play. For people, providing a secure digital identity opens up the possibility for numerous applications.

As I understand it, India issued digital identities to its citizens before launching UPI, thereby laying the foundation for a secure digital financial ecosystem. Similarly, digital IDs are now being issued to farms and farmers under the agri-stack. These identities are not merely identifiers; they are enablers of future services.

In short, digital identity is a prerequisite for secure, scalable digital governance and interaction between government and citizens, between businesses and customers, and between individuals themselves. And G+D views secure authentication as a cornerstone for protecting citizen data and enabling trust in digital systems.

How do technologies like tokenisation, biometric authentication, and passwordless access help reduce cyber threats and payment fraud in an increasingly digital world?

The more we digitise the world, the more critical the issue of fraud becomes. This is not a new phenomenon. History has shown us that every good idea or invention has had someone trying to circumvent it. But today, in the digital era, the pace and scale at which fraud is evolving have significantly accelerated.

The first line of defence starts with the user, the awareness that fraud is a real and constant risk. Especially with the advent of AI, it's becoming easier for bad actors to impersonate individuals or organisations. We're seeing sophisticated presentation fraud, where attackers use realistic digital personas to deceive people into transferring money or sharing sensitive information.

That said, technology can play a significant role in mitigating these threats. For example, AI-powered sensors and network intelligence can help identify unauthorised activity in real-time, such as detecting unfamiliar devices or unusual network behaviour.

Technologies like tokenisation and biometric authentication add another layer of security by eliminating static credentials that can be intercepted or reused. Passwordless technologies, such as device-based authentication or facial recognition, reduce reliance on weak or compromised passwords. All these innovations work in tandem to create a more secure digital ecosystem.

But we must remain vigilant, especially with the rise of post-quantum computing (PQC). While PQC might still be years away, we already need to think about making our digital infrastructure PQC-safe. Fraudsters are already thinking ahead, and so should we.