Imagine a regulatory investigation, several years from now, examining the care AI records for a period during which a resident's condition deteriorated. The operator provides a complete log: timestamped vital signs readings, alert thresholds met or not met, care plans executed, override decisions taken. Each entry carries a digital signature generated by the care AI system's identity certificate. The investigator asks for proof that the log has not been modified since it was generated. The answer is complicated: the signatures are present, but the cryptographic algorithm used to generate them is now known to be forgeable by quantum computers. The signature can no longer confirm anything.

Most public discussion of the quantum threat focuses on encryption — intercepted data captured today and decrypted once quantum computing matures. That threat is real, but it is not the only one. Digital signatures serve a different purpose from encryption: they authenticate. A signed record is a claim that a specific system, at a specific time, produced a specific output and that it has not been altered since. When you need to prove in court — or to a regulator, or to an insurer — that the care AI's record is genuine and unmodified, you are not presenting encrypted data. You are presenting a signed attestation. The signature is the evidence that the record is what it purports to be.

Classical signatures — generated by RSA, ECDSA, or related schemes — will become forgeable once sufficiently capable quantum computers exist. This is not theoretical: NIST finalized its first post-quantum signature standards in 2024 specifically because the threat has a known engineering timeline. A forged classical signature is indistinguishable from a genuine one. An adversary who can forge signatures can produce a care record that claims any reading, any timestamp, any decision. More importantly, once forgery is possible, any record signed with classical algorithms becomes contested evidence: it may be authentic, or it may not be, and there is no cryptographic way to determine which.

Care records carry long legal retention requirements. In most jurisdictions, health records must be preserved for seven to ten years after the last care event. Records relating to events that become the subject of litigation, regulatory action, or coronial inquiry often need to survive longer. The records a care AI system generates today will need to be forensically verifiable in 2033, 2036, or beyond.

The overlap between those two timelines is the forensic signature gap. Technical assessments of quantum computing development generally place the capability to break classical signatures somewhere in the next ten to twenty years. There is meaningful uncertainty in that estimate. But "somewhere in the next ten to twenty years" and "records that must be forensically verifiable for the next seven to ten years or longer" are timelines that cannot be assumed to not intersect. The records created today in facilities that have not migrated to post-quantum signing will be entering their period of greatest forensic exposure at precisely the moment the quantum capability window opens.

The intuitive response is to re-sign existing records when migration occurs — apply post-quantum signatures to the existing log as part of a key migration programme. This is how corporate and financial records handle similar transitions. For care records, it does not work. The forensic value of a care record depends on the chain of custody being unbroken from the moment of generation: the signature on a care record must be the original signature, because a re-signed record cannot prove it was not modified between generation and re-signing. For authentication purposes in legal or regulatory proceedings, a re-signed record is a copy with an assertion, not an original with proof. Courts and regulators treat this distinction as material.

The hardware dimension makes the transition harder. Care AI systems operate on embedded infrastructure — in-facility servers, gateway devices, the firmware-locked hardware security modules inside certified medical devices — where signing keys are generated and stored in hardware that may not support post-quantum algorithms. Updating these systems is not a configuration change: it requires firmware recertification, hardware replacement in some cases, and re-enrollment of every device identity in the care infrastructure. In a regulated environment with hardware that may have multi-year certification cycles, this is a programme measured in years, not a patch applied in a maintenance window.

The governance gap this creates is structural. Care AI operators who have not begun post-quantum signature migration are accumulating a forensic liability that most of them have not fully quantified. The records they generate today will be presented, years from now, as accountability evidence — in regulatory investigations, in negligence proceedings, in coronal inquiries. Whether those records can still be authenticated at the time they are needed depends on procurement decisions, certification requirements, and infrastructure upgrade programmes being planned or not planned now.

The specific accountability risk is not simply that signatures will be broken. It is that the resulting ambiguity becomes a structural advantage for any party with an interest in contesting the record. A care record whose authenticity cannot be confirmed does not get excluded from proceedings as useless; it gets treated as contested. Every party that wants to dispute what the care AI did or did not do gains an evidentiary vector. Every party that wants to rely on the record loses one. The forensic signature gap transfers accountability risk from the moment of care to the moment of review — which is precisely when accountability is most needed and the operator has the least ability to regenerate evidence.

Post-quantum signature standards exist and are ready to deploy. NIST's ML-DSA (from the CRYSTALS-Dilithium family) and SLH-DSA (from SPHINCS+) are finalized, available in major cryptographic libraries, and supported in hardware security modules from major vendors. Care AI systems whose records need to be forensically defensible beyond the classical cryptography horizon should be generating records signed with post-quantum algorithms today, with parallel classical signatures maintained during a transition period for backward compatibility with systems that have not yet migrated.

Whether this requirement finds its way into care AI procurement standards before the quantum window opens is an open question. It should not remain one.

护理AI系统生成的记录承载法律权重，须在长期留存期内保持可取证验证——在大多数司法管辖区为七至十年，在涉讼案件中更长。这些记录以经典密码学签名（RSA、ECDSA）。当量子计算机具备伪造经典签名的能力时，今天生成的护理记录将在其法律留存期届满之前，无法证明其真实性或未被篡改。

这一问题与机密性无关，与认证有关。数字签名不加密数据；它们提供认证——即证明某份记录是其所声称内容、且自生成以来未被修改的能力。当签名算法可被伪造时，被签名的记录便成为争议证据：它可能真实，也可能不真实，而无法通过密码学方式加以判定。护理记录无法通过迁移时重新签名来解决这一问题——重新签名会破壞监管规程所要求的不间断监管链，使重新签名的记录在诉讼或监管程序中成为副本而非原件。

硬件维度进一步加大了迁移难度。护理AI运行于嵌入式基础设施——院内服务器、网关设备、经认证医疗设备内的固件锁定硬件安全模块——其中的签名密钥可能不支持后量子算法。更新这些系统需要固件重新认证，在某些情况下需要更换硬件，并重新注册整个护理基础设施中的每一个设备身份。在具有多年认证周期的受监管环境中，这是一个以年为单位的工程项目。

解决方案已经存在。NIST的后量子签名标准——ML-DSA（来自CRYSTALS-Dilithium系列）和SLH-DSA（来自SPHINCS+）——已最终确定，可在主要密码学库和主要厂商的硬件安全模块中部署。今天需要其记录在经典密码学视界之外保持法证可信性的护理AI系统，应当使用后量子算法生成签名记录，同时在过渡期内并行维护经典签名以确保向后兼容。

尚未启动后量子签名迁移的护理AI运营商，正在积累一项大多数人尚未完全量化的法证责任。这一差距将在最需要问责时才显现——彼时已无法补救。

護理AI系統生成的記錄承載法律權重，須在長期留存期內保持可取證驗證——在大多數司法管轄區為七至十年，在涉訟案件中更長。這些記錄以經典密碼學簽名（RSA、ECDSA）。當量子電腦具備偽造經典簽名的能力時，今天生成的護理記錄將在其法律留存期屆滿之前，無法證明其真實性或未被篡改。

這一問題與機密性無關，與認證有關。數字簽名不加密數據；它們提供認證——即證明某份記錄是其所聲稱內容、且自生成以來未被修改的能力。當簽名算法可被偽造時，被簽名的記錄便成為爭議證據：它可能真實，也可能不真實，而無法通過密碼學方式加以判定。護理記錄無法通過遷移時重新簽名來解決這一問題——重新簽名會破壞監管規程所要求的不間斷監管鏈，使重新簽名的記錄在訴訟或監管程序中成為副本而非原件。

硬件維度進一步加大了遷移難度。護理AI運行於嵌入式基礎設施——院內伺服器、閘道設備、經認證醫療設備內的韌體鎖定硬件安全模組——其中的簽名密鑰可能不支援後量子算法。更新這些系統需要韌體重新認證，在某些情況下需要更換硬件，並重新注冊整個護理基礎設施中的每一個設備身份。在具有多年認證週期的受監管環境中，這是一個以年為單位的工程項目。

解決方案已經存在。NIST的後量子簽名標準——ML-DSA（來自CRYSTALS-Dilithium系列）和SLH-DSA（來自SPHINCS+）——已最終確定，可在主要密碼學庫和主要廠商的硬件安全模組中部署。今天需要其記錄在經典密碼學視界之外保持法證可信性的護理AI系統，應當使用後量子算法生成簽名記錄，同時在過渡期內並行維護經典簽名以確保向後相容。

尚未啟動後量子簽名遷移的護理AI營運商，正在積累一項大多數人尚未完全量化的法證責任。這一差距將在最需要問責時才顯現——彼時已無法補救。