This positioning, at the crossroads of technology, compliance and trust, has never been more strategic. Remaining true to its pioneering culture, LuxTrust now monitors and analyses emerging trends with the aim of anticipating the risks that will weigh on digital trust in the years ahead.

  • Digital sovereignty: preserving the strategic autonomy of identities and data remains a challenge when US hyperscalers (AWS, Microsoft and Google) control 72% of the European cloud market.
  • Next-generation cybersecurity: in the face of industrialised, AI-enhanced attacks, the protection of digital identities must be rethought.
  • Quantum computing: since the publication of the first Federal Information Processing Standards (FIPS 203–205) by NIST in August 2024, the countdown has begun. Migrating to so-called quantum-resistant protocols before the arrival of machines capable of compromising current encryption has become an urgent priority.

To decipher these trends and outline the roadmap for the coming years, our CEO, Fabrice Aresu, shares his analysis.

Digital sovereignty: when geopolitics steps into the heart of our digital practices

One of the first challenges to address in the years ahead is digital sovereignty. With rising geopolitical tensions, unilateral decisions taken by a state can now interrupt – overnight – access to critical digital assets.

The most recent example is Microsoft’s suspension, in May 2025, of the International Criminal Court’s Outlook email service, in response to pressure from the US government targeting the institution – a stark reminder that an extraterritorial decision is enough to cut off access without warning.

As a result, the way we use digital tools must now take this possibility into account. Could choosing a product whose operation depends entirely on foreign software solutions expose me, for example, in the event of retaliatory measures?  

It is a fair question to ask.
 

From data localisation to anticipating disruption scenarios

Until recently, “achieving sovereignty” largely meant hosting data in a national data centre, protected by well-configured firewalls. That vision quickly became more complex, and today anticipating disruption scenarios is essential.

As Fabrice Aresu points out: “The real concern is identifying the IT assets – software and infrastructure – that could undermine a company’s information systems. Could they be taken out of service, deliberately or unintentionally, resulting in an inability to access data?

As recent geopolitical events have shown, it has become essential to rely on sovereign, European technologies.

The European response: building sovereign services

To address these challenges, a number of initiatives are emerging in Europe, aimed at controlling those infrastructure elements that make up the internet, and also software components and cloud-computing infrastructure. For example, the IPCEI-CIS is mobilising more than €2 billion to bring together 19 industrial players from seven EU Member States around a sovereign cloud-edge consortium.

In this context, LuxTrust is involved in initiatives alongside organisations such as OVH, which puts sovereignty guarantees – data localisation and technical governance – at the forefront of its service model.

The goal is not self-sufficiency; for most companies aiming for 100% sovereignty is unrealistic. What matters is identifying which components must remain under direct control, and which can be delegated to trusted partners without undermining the integrity of the system,” explains Fabrice Aresu.

Companies are becoming increasingly aware of this issue: “We are seeing more and more organisations include sovereignty as a selection criterion in their calls for tender. This trend goes hand in hand with the rise of a civil society in which an increasing number of citizens are demanding to control their personal data.

Towards a secure European digital identity

This expectation among citizens finds a natural extension in the EU Digital Identity Wallet, a flagship project that should, within a few years, allow every EU citizen to carry out everyday actions – such as signing a document, renting a car or proving the authenticity of a qualification – from a single application.

We fully support the European eWallet project and have been involved from the outset. LuxTrust and Luxembourg’s Government IT Centre (CTIE) were pioneers with the first signatures using the Luxembourg wallet. Similar work is under way to integrate other wallets, such as the French digital identity wallet, France Identité.

The model is attracting attention for two reasons: it is European – and therefore subject to a unified legal framework – and it is open source, which allows any expert to audit the code. “It’s not a black box. Contributors from around the world review code changes, which systematically strengthens security,” notes Fabrice Aresu.

Cybersecurity and data control: preparing for tomorrow’s threats

Behind the growing digitalisation of everyday activities, a deeper trend is emerging: all companies are becoming technology companies, with sovereignty and security requirements becoming the norm.

On this last point, a new generation of cybersecurity threats and challenges calls for even more innovative responses and shared vigilance.

Better support for users in the face of evolving threats

Despite the progress made in securing online transactions, the human factor is still the preferred entry point for cybercriminals. “We are seeing an increase in fraud based on social engineering,” observes Fabrice Aresu. Attacks are no longer confined to the digital sphere: fraudsters now visit their victims’ homes, as in the case of scams involving fake bank advisers. All socio-professional categories are affected.

To counter this phenomenon, the first step is to strengthen user awareness of these new forms of fraud, and then to return to the fundamentals of multi-factor authentication – something you know, something you have, something you are.

Here again, LuxTrust provides a practical response. As a qualified trust services provider, we issue certified digital identities, orchestrate authentication journeys that do not degrade the user experience, and continuously monitor fraud signals to block attacks proactively.

AI: both a threat and an ally for cybersecurity

The growing sophistication of available tools – deepfakes, voice impersonation, fake websites and more – is amplifying the phenomenon. Fraudsters are exploiting advances in artificial intelligence (AI) to create increasingly convincing documents and scenarios. “The main source of concern today is the quality of fakes made possible by AI. Authentication solutions must therefore adapt constantly to deal with these hybrid threats.

At the same time, AI can also strengthen defences. When integrated into verification tools, it can detect deepfakes or behavioural anomalies, thereby reducing the risk of identity fraud.

To respond to these developments, LuxTrust is stepping up cooperation with its partners to monitor the dark web, for example, with a view to identifying the sale of fake documents and ready-to-use attack kits, and is continuously investing in improving its tools.

The post-quantum revolution: disruption or opportunity?

While AI is already revolutionising our daily lives, the advent of quantum computing could also profoundly disrupt security protocols in the coming years.

As the French Cybersecurity Agency (ANSSI) noted in its May 2025 report, no one is currently fully prepared for the impact of quantum computing. More than half of the organisations monitored by ANSSI are already exposed to this new threat.

Investing in research: a must for preparing for the future

In the face of this risk, LuxTrust has chosen to invest in research at an early stage. “We have been working on quantum-related issues for five years now,” explains Fabrice Aresu. “Our efforts focus on two main areas: implementing so-called quantum-resistant algorithms capable of withstanding attacks from quantum computers, and studying the secure transmission of keys using advanced technologies such as satellite-based laser communications.”

In this respect, LuxTrust supports academic research and actively participates in European consortia to remain at the forefront of innovation. As Fabrice Aresu points out: “We believe that our smartcards and Hardware Security Modules (HSMs) already incorporate promising algorithms, but they still need to be tested under real-world conditions against quantum computers, which is expected to happen in 2026–2027.

Even though access to quantum computing power remains, for now, the preserve of states – quantum computers being expensive and complex – the risk of attacks by third parties cannot be ignored. “In the longer term, we can expect these technologies to become accessible to organised criminal groups, which will expand the threat landscape.

The post-quantum challenge does not apply only to data encryption; it also affects digital identity management. For example, a biometric passport or a digital identity issued today is generally valid for ten years. “If quantum computers become a real threat by 2030, there will still be many vulnerable documents in circulation.

The risk is that we will see the emergence of fake documents or unauthorised access to sensitive services.

LuxTrust: a key player in staying ahead of tomorrow’s challenges

Through its investments, partnerships and role as a trusted third party, LuxTrust demonstrates a strong conviction: only anticipation can preserve security and digital sovereignty over the long term.

Whether preparing for the quantum shift, integrating AI into defence mechanisms or promoting a transparent and interoperable European eWallet, our roadmap reflects a clear determination to stay ahead of the challenges of tomorrow.