Quantum Risk Intelligence · Public Research Report

Harvest Now, Decrypt Later: Football's Most Sensitive Data Is Living on a Quantum Clock

Cardiac, medical, and identity records from players across 211 nations, collected for life and protected by classical public-key cryptography with a published migration and deprecation horizon. We do not claim to know whether FIFA has a post-quantum plan. This report shows why the risk is material, time-sensitive, and impossible to remediate after the fact.

QQ-FIFA-HNDL-2026 · Rev NPublic / For ReleaseHNDL Risk Rating: Critical

Read the full report Download PDF

For the decision-maker

Executive brief

This report examines the structural harvest-now-decrypt-later (HNDL) risk facing FIFA's global data infrastructure. It is not an allegation of a specific breach or of any harvesting operation. It is an analysis of whether the data FIFA collects, the encryption protecting it, and the routes it travels create a risk profile that warrants differentiated attention relative to other organizations facing the same general quantum-cryptanalysis threat.

The problem

FIFA mandates lifetime-sensitive cardiac, medical, and identity data collection across its global competition and registration environment. Where biometric elements are present, the risk is more severe — they cannot be rotated, reissued, or expired. This data is protected by classical public-key cryptography, which has a published migration path under NIST and government guidance. The data's confidentiality horizon is measured in decades; the encryption's guarantee is not.

Why FIFA specifically

Mandatory, no-opt-out cardiac and medical screening compulsory for all competitions since 2010; player data from 211 member associations concentrated through a single integrated platform; a documented pattern of footballers later becoming heads of state, so future political value is unknowable at collection time. To our knowledge, no major football governing body has publicly announced a post-quantum migration program.

Timeline pressure

The 2026 FIFA World Cup (US / Canada / Mexico) is likely to generate one of the most concentrated bursts of cross-border medical and registration data transfers — beginning with no announced PQC migration plan identified in reviewed sources.

The asymmetry of regret

Migrate and be wrong about the quantum timeline: stronger cryptography deployed, implementation cost incurred, no downside to data subjects. Do not migrate and be wrong: lifetime-sensitive data across 211 nations is permanently compromised, with no remediation possible after the fact.

The risk in four views

What the analysis measures

The report renders the finding across four qualitative, source-based views. Three are shown here — why the data cannot be remediated after the fact, why its sensitivity outlives the encryption protecting it, and why the migration runway is already short; the fourth, the collapsing resource estimate to break today's public-key cryptography, is in the full report. These figures are illustrative of the analysis — they are not predictions and not numerical scores.

Remediability comparison: a password, payment card, or TLS certificate can be reset or reissued in minutes to weeks; cardiac, medical, and biometric identity records can never be rotated, reissued, or expired. — Remediability — a stolen password can be reset; a decrypted cardiac record cannot.Download full-resolution (4K)

Exposure window: cardiac, medical, and biometric identity data stays sensitive through roughly 2084 and beyond, while plausible quantum decryption falls inside that window (~2030–2036+), leaving decades of exposure with no way to revoke. — Exposure window — football's data will outlive the encryption protecting it.Download full-resolution (4K)

Migration runway: a five-phase post-quantum migration begun in 2026 lands on target before the draft NIST 2030 deprecation; begun in 2028 it overruns into the threat window. — Migration runway — start in 2026 to land on target; start in 2028 to land in the threat window.Download full-resolution (4K)

These graphics are available for editorial use. Full-resolution files are linked under each figure.

Evidence discipline

How to read this report

Every claim is assigned to one of three categories, marked inline where it matters: documented fact (C1), reasonable inference (C2), and structural risk analysis (C3). The integrity of the analysis depends on transparent sourcing and clearly bounded claims. The report has no access to internal FIFA systems and makes no statement about any specific intelligence operation; its threat model is structural, not operational.

Read the full analysis

Twelve sections and seven appendices, including the data-flow diagram, the quantum cryptanalysis timeline, the recommended cryptographic-inventory first step, and the honest counter-argument.

Read the report Download PDF Request a printed copy

Read the full report in your browser or download the PDF. For a hard (printed) copy, contact us.