What changed
FACT (cited): Swift launched a blockchain ledger with a 17-bank tokenized-deposit pilot for 24/7 cross-border settlement (Cointelegraph, CoinDesk, 2026-07). FACT (cited): a White House executive order sets a 2030 deadline for post-quantum cryptography migration (Cloudflare blog). INFERENCE: new signature-dependent bank ledgers are being built on classical cryptography that the EO schedules for replacement, embedding a dateable re-cryptographing liability at design time.
Why now
Design decisions in the Swift pilot cohort are being made this quarter; crypto-agility is cheap to build in now and a rebuild later. The EO gives the liability a clock (2030) and pushes it into existing compliance/security budget cycles starting with FY2027 planning.
Converging signals
(1) PQC executive order with hard 2030 deadline [regulation]; (2) Swift blockchain ledger + 17-bank tokenized deposit pilot [crypto]; (3) 24/7 interbank settlement on the same ledger [crypto]. The bridge is real: blockchains cannot rotate signature schemes without coordinated migration, unlike TLS.
Customer pain
HYPOTHESIS β no demand_evidence was provided. No complaints, no job postings, no procurement signals in the input show anyone at these banks currently asking for PQ-blockchain assessments. The pain is structurally predictable but not yet evidenced as a purchase intent.
Who pays
In theory: CISOs/crypto-engineering teams at the 17 pilot banks, Swift itself, and the tokenization-stack vendors (e.g., core ledger software providers), out of security/compliance budgets. In practice every one of these is an enterprise-procurement buyer with vendor-risk onboarding, security questionnaires, and 6-18 month sales cycles β the exact channel this founder excludes.
Solved today
Banks already have PQC programs driven by earlier NIST/NSA (CNSA 2.0) guidance and buy from established players: SandboxAQ, ISARA, PQShield, Keyfactor/Venafi (cryptographic inventory), IBM Quantum Safe, and the Big 4 consultancies. HYPOTHESIS: blockchain-specific crypto-agility is a gap inside those offerings, but the incumbents own the relationship and can extend faster than an outsider can enter.
Why current solutions are bad
General PQC inventory tools scan certificates and TLS, not on-chain signature schemes, key ceremonies, or smart-contract-embedded crypto. That gap is real but narrow, and the entities feeling it are the least reachable buyers on earth for a solo unknown.
Proposed product
As synthesized: a PQ crypto-agility assessment service + automated cryptographic-inventory scanner for blockchain-based financial infrastructure, later migration tooling. A more founder-shaped variant: an automated 'quantum-vulnerability inventory report' product for the long tail of chains/custodians/fintechs, sold as a data/report product rather than a bank engagement β but demand evidence for that variant is also zero in this input.
MVP version
A scanner that ingests a ledger codebase/config and emits a crypto-agility report (signature schemes, key rotation capability, PQ-migration blast radius) plus a scored gap list mapped to the EO timeline. Technically buildable solo in 30-60 days with AI assistance.
30-day build
Build scanner against open-source ledger stacks (Hyperledger Besu/Fabric, Corda) since Swift's actual stack is closed; publish 2-3 teardown reports ('Is X ledger quantum-agile?') as credibility artifacts.
60-day build
Distribute teardowns to bank-blockchain and PQC communities; attempt conversations with tokenization vendors (smaller, more reachable than banks); validate whether anyone will pay for an assessment.
90-day revenue plan
HYPOTHESIS with low confidence: first paid assessment ($10-25k) from a mid-tier tokenization vendor or custodian. Realistically, bank-adjacent security spend at this specificity closes in 6-18 months, outside the 180-day window, and requires credentials (audit firm affiliation, published research, certifications) the founder does not have.
Distribution path
Weakest link. No marketplace, no self-serve wedge, no forced filing event. Distribution is outbound consultative selling to bank security orgs β relationship sales, which the founder explicitly avoids and has no network for in banking or cryptography.
Pricing hypothesis
Assessments $10-50k; scanner SaaS $1-3k/mo. Plausible numbers, unevidenced buyers.
Technical difficulty
Moderate for the scanner; high for credibility. The product is opinion-about-cryptography, and buyers of cryptographic assurance buy the assessor's reputation, not the tool. A no-degree founder with no published crypto work cannot sell cryptographic assurance to a bank regardless of tool quality.
Legal / regulatory risk
Low direct legal risk; professional-liability exposure if a bank relies on a wrong assessment. The EO is a migration mandate, NOT a filing mandate β nothing compels anyone to submit anything to a portal, so the founder's proven ELDT-style wedge (build the submission layer, charge per filing) does not apply here.
Platform dependency
Low. No app-store or API-platform risk.
Founder fit
Poor despite superficial 'regulation + deadline' resemblance to his ELDT win. The ELDT edge requires: (a) a compelled class of many small filers, (b) a government portal to submit into, (c) per-transaction monetization. Here the compelled class is ~17 global banks + agencies, there is no portal submission, and monetization is consultative. The lesson 'government-portal mandate opportunities fit this founder best' (confidence 0.80) applies in reverse: this is not that shape. The capital/runway lesson (0.90) softens the ramp objection but cannot fix an unreachable buyer.
Breakout potential
If PQC regulation later spawns actual reporting obligations (e.g., agencies or contractors forced to file cryptographic inventories), migration tooling becomes a large market β but that market will be taken by SandboxAQ/PQShield/Big 4, not a solo entrant.
Final recommendation
KILL for this founder in its synthesized form (bank-facing PQ assessments). The convergence is analytically sound and the trend is real, but it fails on reachable buyer, differentiation, and channel β the three things the founder profile requires. REVISIT if/when PQC implementation guidance creates an actual reporting/filing obligation on a broad class of smaller entities (federal contractors, state agencies, custodians) β that would recreate his ELDT-shaped wedge and should be flagged immediately.
Next action
Do not build. Add a standing watch for PQC-derived FILING mandates: monitor Federal Register RULE/PRORULE items and OMB/CISA implementation memos under this EO for any requirement that a class of organizations submit cryptographic inventories or migration attestations. That document, if it appears, is the trigger to re-synthesize this opportunity in the founder's proven shape.