Prague-based Wultra raised €6.8 million in a late-June Series A round to expand its post-quantum digital identity technology beyond Europe.
Seventure Partners led the round, joined by Marc Norlain and Guillaume Despagne, founders of French identity-verification firm ARIADNEXT, investing as individuals, alongside returning backers J&T Ventures and Elevator Ventures.
The raise takes Wultra’s total funding to roughly €10.8 million, following a €3 million round in January 2025. Wultra has not disclosed a valuation.
Julien Cazor of Seventure Partners said Wultra “sits precisely at that intersection of innovation and market readiness.”
What Wultra sells banks
Wultra builds authentication and identity software designed to resist attacks from quantum computers, a category that barely existed as a funded market two years ago. Founder and chief executive Petr Dvořák said the business now supports more than 70 clients across 25 countries, up from a narrow base in Czech retail banking at its 2014 founding.
The pitch: replace SMS passcodes and hardware tokens with passwordless, phishing-resistant authentication built on post-quantum cryptography. Named clients include Czech lenders Raiffeisenbank, ČSOB and Air Bank, plus OTP Bank’s Moldovan subsidiary, crypto exchange Coinmate and Hong Kong custodian Hex Trust, per Wultra’s own case studies rather than the banks themselves.
Dvořák said the company spent the past year widening its product beyond authentication into onboarding, identity proofing, transaction authorisation and electronic signatures, moving from a login feature towards infrastructure a bank cannot easily remove.
Wultra positions its platform against a set of European rules due over the next few years: the revised Payment Services Directive and Regulation (PSD3/PSR1), the updated eIDAS framework, and the European Digital Identity Wallet. The European Commission recommended in April 2024 that member states begin a coordinated transition to post-quantum cryptography, naming banking as an early priority, and published a fuller roadmap in June 2025.
The data banks are already losing
The case for buying post-quantum authentication now, years before a quantum computer capable of breaking today’s encryption is expected to exist, rests on “harvest now, decrypt later”: an attacker copies encrypted data today and waits. Once a sufficiently powerful quantum machine exists, historic records once considered permanently secure become readable.
Researchers at the Federal Reserve Board and the Federal Reserve Bank of Chicago described this risk in a September 2025 paper as “a present, active, and in some circumstances unavoidable data privacy risk posed by future-state quantum computers.” Customer records and authentication credentials issued today may need to stay confidential for a decade or more; if a capable quantum computer arrives within that window, anything harvested today under traditional encryption is exposed retroactively.
Nobody knows exactly when such a machine will exist, though the Federal Reserve paper cites a 2024 industry survey in which around one in three cybersecurity experts forecast one before 2032.
The National Institute of Standards and Technology finalised the first three quantum-resistant encryption standards in August 2024, then added a fifth, HQC, in March 2025. NIST mathematician Dustin Moody said organisations should “start integrating them into their systems immediately, because full integration will take time.”
Regulators are now testing this live
The clearest sign this has moved from theoretical to operational sits with central banks, not vendors. The Bank for International Settlements published results in December 2025 from Project Leap’s second phase, a trial run by its Eurosystem innovation centre with the Bank of Italy, the Bank of France, Deutsche Bundesbank, payments processor Nexi-Colt and Swift, replacing digital signatures with post-quantum cryptography while sending real liquidity transfers through an operational euro-area payment system.
The result was not a clean win. The BIS reported “significant performance differences between traditional and post-quantum algorithms,” concluding the switch is achievable but needs further testing before a full migration.
That is the gap Wultra and peers including PQShield, SEALSQ and ID Quantique are trying to fill. Banks now have a regulatory reason to move, but no easy internal path to doing so.
Dvořák said the company grew its headcount by close to 50% in 2025 and opened a Singapore hub that August to serve banks across Southeast Asia, a regional bet that predates this round by nearly a year. Whether the technology can hold up at the speed of a real bank’s transaction volumes, not just a pilot between two central banks, is the question this round doesn’t settle.