Quantum Without Compromise

Blog

The optical foundation for networks that work and last 

By Mark Slater, Director of Solutions Architecture, Zayo Europe  

Introduction 

In boardrooms across every sector — finance, healthcare, energy, government, and enterprise — two questions dominate every conversation about new technology: Will it work? Will it last? 

When people talk about quantum, the spotlight often falls on laboratories — superconducting chips, trapped ions, exotic physics. But here’s the simple truth: the moment those systems need to talk to each other, the medium collapses to photons. And photons only travel two ways: through fibre, or through free space (ITU-T, 2019). 

That means the future of networking for all things quantum isn’t hypothetical — it is built on the optical foundation already beneath our feet and above our heads. If you are building quantum-ready networks, you are really building on glass and light. 

And like anything in life, the most innovative technologies are only ever as good as the foundation they are built on. A skyscraper with weak foundations is destined to fail. Networks are no different. They are the circulatory system of the enterprise, carrying transactions, data, and trust across blurred boundaries of private and public infrastructure (ENISA, 2022). 

To change a network is not a simple upgrade. It is a rip-and-replacement of the foundation that everything depends on. Which is why the choice of foundation now will decide whether your organisation is truly quantum-ready in the decade ahead. 

Defining Quantum-Ready 

Quantum-ready does not mean “quantum-proof.” Nobody can credibly claim that today. Instead, quantum-ready means three things: 

  1. Crypto-Agility – the ability to adopt, upgrade, and evolve cryptographic algorithms continuously as NIST PQC standards (Kyber, Dilithium, Falcon) and ETSI/ENISA guidance mature. PQC is not a one-time fix; it is an agility challenge (NIST, 2024; NCSC, 2020). 
  1. Open Infrastructure – dark fibre and private wavelengths that can carry PQC and QKD under your control, not trapped in a provider’s black-box overlay (ETSI ISG-QKD, 2020).  
  1. Lifecycle Resilience – networks engineered for a 10–15-year horizon, where not just bandwidth but also latency, dB loss, and error rates are designed as table stakes for photon-based technologies (ITU-T, 2019). 

This is the honest definition of quantum-ready: the journey has only begun, but network foundations chosen today must support continuous cryptographic evolution and future quantum adoption. 

The Problem with Managed Services: Minimum Viable Product 

Most provider offerings are managed overlays. They are designed as minimum viable products (MVPs) for the average customer. That means compromise: 

  • Algorithms dictated by providers. 
  • Cryptographic upgrades bound to a carrier’s roadmap. 
  • Opaque attestations instead of lifecycle logs. 
  • Performance engineered for averages, not mission-critical needs. 

Compromise at the foundation accumulates. Each limitation spawns more constraints. Before long, organisations are chasing what the network cannot do instead of focusing on what they must do (EBA, 2019). 

In consumer markets, MVP may be acceptable. In enterprises facing regulatory, competitive, or reputational scrutiny, MVP is not enough. 

What Enterprises Require: Maximum Viable Infrastructure 

Enterprises need the opposite of MVP: they need Maximum Viable Infrastructure (MaxVP). 

  • Tailored Performance – deterministic routes engineered not just for throughput, but for latency, optical loss, and error resilience. 
  • Compliance Sovereignty – direct cryptographic lifecycle control and audit evidence that satisfies DORA, GDPR, NIS2, PCI DSS, HIPAA (European Union, 2022; European Union, 2016; European Commission, 2022; PCI SSC, 2022). 
  • Agility – the ability to adopt PQC, deprecate legacy ciphers, and trial QKD under their own governance, not a provider’s schedule. 

Only dark fibre (DF) and private wavelengths (WL) deliver MaxVP. With DF, enterprises light and govern their own optical foundation. With WL, they gain engineered, deterministic transport provisioned in hours with services like Waves On Demand (Zayo, 2024). 

The Air Gap in Overlay Models 

Provider-led QKD trials demonstrate that quantum keys can be exchanged across backbone networks. For example: 

  • Turkcell and ID Quantique carried out the first intercontinental QKD transmission over fibre in Istanbul, linking Europe and Asia (Turkcell & IDQ, 2025). 
  • Retelit, Telebit and ThinkQuantum trialled QKD over a single fibre with classical traffic, proving coexistence (Retelit et al., 2024). 
  • The Madrid QCI testbed linked QKD modules across 130 km of deployed fibre as a model for European backbones (MadQCI, 2024). 
  • SK Telecom deployed QKD across its dark-fibre 5G backbone for provider- side protection (SK Telecom, 2023). 
  • BT and Toshiba launched a metro QKD service across London (BT & Toshiba, 2021). 

These trials prove one thing: the physics works in the provider domain. But they also highlight the problem. None of these implementations extend keys end-to-end into enterprise-owned environments. Keys terminate at provider backbone nodes. They are not delivered into enterprise-controlled data centres, TLS stacks, or client applications. 

This is the air gap: providers can attest that “keys existed in our backbone,” but enterprises cannot evidence to regulators or customers that their systems — trading engines, patient records, OT control nodes, or APIs — are quantum-safe end-to-end. 

For regulators, that gap is unacceptable. Supervisors will not accept a carrier attestation if enterprise sessions can still be negotiated down to legacy ciphers. Accountability remains with the enterprise (European Union, 2022; NCSC, 2020). 

Zayo’s open optical foundation closes this gap. By deploying QKD endpoints and PQC stacks on dark fibre and private wavelengths, enterprises can govern the cryptographic lifecycle directly. That builds a continuous chain of trust: backbone 

→ data centre → application → client. 

The Customer Playbook: What to Ask For 

When evaluating whether your network foundation is truly quantum-ready, don’t stop at generic claims. Ask your provider the following questions: 

  1. Latency: What deterministic latency guarantee do you give? 
  1. Optical Loss: What is the guaranteed dB loss across the span? 
  1. Error Rates: What BER/FER commitments do you make in writing? 
  1. Control: Can we light the fibre ourselves and govern our own key systems? 
  1. Agility: How quickly can we provision new wavelengths — hours, days, or weeks? 
  1. Audit Evidence: Do we get lifecycle logs, or just your attestations? 
  1. Future-Readiness: Is this span engineered today for PQC/QKD without rip- and-replace? 

These questions separate MVP overlays from MaxVP infrastructure. 

Why Zayo: Answering the Quantum-Ready Playbook 

Zayo is uniquely positioned to deliver the optical foundation enterprises require. Here’s how we answer the playbook: 

  • Latency: Deterministic latency SLAs across Europe’s trading and critical corridors. 
  • Optical Loss: Engineered dB/km loss budgets suitable for both classical and quantum traffic. 
  • Error Rates: Committed BER/FER SLAs, not “best effort.” 
  • Control: Dark fibre you light; private waves you govern. Sovereignty-first by design. 
  • Agility: Waves On Demand provisions capacity in under 24 hours. 
  • Audit Evidence: Your crypto, your logs, your compliance proof. No black-box attestations. 
  • Future-Readiness: Backbone engineered for 400/800G today and QKD modules tomorrow — protecting investment for 10–15 years. 

Example Scenarios 

  • Finance (Tier-1 Bank): DF across London–Frankfurt–Zurich. QKD endpoints at LD4/FRA2. PQC TLS enforced under DORA and ECB resilience testing. 
  • Healthcare (Hospital Trust): Private WL interconnecting data centres. PQC migration cycle governed internally. GDPR audit passed with lifecycle logs. 
  • Utilities (Operational Technology): Traditional SCADA systems were designed to be safe by isolation — offline, vendor-specific, with no cryptography. Modern OT and industrial control systems (ICS) are a completely different generation. They are IP-based, digitally integrated, and explicitly regulated under frameworks like NIS2 as part of Europe’s critical infrastructure. 

In this modern OT environment, latency, dB loss, and error rates are mission-critical for real-time operational safety, while cryptographic agility and audit evidence are increasingly required to prove resilience. Dark fibre and private wavelengths provide the optical foundation utilities need: deterministic, engineered performance for safety-critical traffic today, combined with the sovereignty to integrate PQC or QKD when future standards demand it. 

Legacy SCADA vs. Modern OT: Know the Difference 

  • Legacy SCADA: Built to be safe by isolation — air-gapped, offline, proprietary protocols, no cryptography. 
  • Modern OT/ICS: Built on IP networks, integrated with IT/cloud, regulated under NIS2, requires crypto agility and audit evidence. 

Why it matters: Legacy SCADA will never be “quantum-ready.” Modern OT/ICS must be. Zayo’s optical foundation provides the deterministic performance and sovereignty to achieve this. 

  • Cloud Enterprise (Global SaaS Provider): Waves On Demand for deterministic interconnect between hyperscale regions. PQC migration tested continuously under enterprise governance. 

The common denominator across all verticals: no compromise in the foundation. 

Conclusion 

Provider overlays are compromise: MVPs designed for averages. They leave enterprises with responsibility but without control. 

Zayo delivers Maximum Viable Infrastructure: dark fibre and private waves, engineered for latency, loss, and error performance, provisioned with agility, and governed by the customer. 

Because beyond the physics, boards and regulators only ever ask two questions: 

Will it work? Will it last?  

With Zayo Europe – yes.  

References:

BT & Toshiba (2021) BT and Toshiba launch commercial quantum secure metro network. Toshiba Global. 

EBA (2019) EBA Guidelines on Outsourcing Arrangements. European Banking Authority. 

ENISA (2022) Post-Quantum Cryptography: Current State and Quantum Threats. EU Agency for Cybersecurity. 

European Commission (2022) NIS2 Directive: The EU-wide legislation on cybersecurity

European Union (2016) General Data Protection Regulation (GDPR). Regulation (EU) 2016/679. 

European Union (2022) Digital Operational Resilience Act (DORA). Regulation (EU) 2022/2554. 

HHS (1996) Health Insurance Portability and Accountability Act (HIPAA). U.S. Department of Health and Human Services. 

ITU-T (2019) Y.3800: Overview on networks supporting quantum key distribution. International Telecommunication Union. 

MadQCI (2024) Madrid Quantum Communication Infrastructure. arXiv preprint arXiv:2409.01069. 

NCSC (2020) Preparing for Quantum-Safe Cryptography. UK National Cyber Security Centre. 

NIST (2024) Post-Quantum Cryptography Standardization. National Institute of Standards and Technology. 

PCI SSC (2022) PCI DSS v4.0. PCI Security Standards Council. 

Qunnect (2024) Press release: Long-term entanglement distribution over commercial telecom fibre. Qunnect Inc. 

Retelit, Telebit & ThinkQuantum (2024) Quantum Key Distribution trial over fibre optic communications. The Quantum Insider. 

SK Telecom (2023) QKD deployment across dark-fibre 5G backbone. ITU-T Liaison Report. 

Turkcell & ID Quantique (2025) First intercontinental QKD over fibre in Istanbul. The Quantum Insider. 

Zayo (2024) Waves on Demand Product Brief. Zayo Group.