Irrelevant carrots and non-existent sticks: trust, governance, and security in the transition to quantum-safe systems

TL;DR

This paper analyzes the complex landscape of transitioning to quantum-safe cryptography, highlighting key actors, influence pathways, and governance gaps essential for a secure digital future amid quantum computing threats.

Contribution

It provides one of the first system-level mappings of actors, influence pathways, and governance responsibilities in the quantum-safe transition, emphasizing the need for clearer ownership.

Findings

Regulators exert the strongest direct influence on the transition.

Standardisation bodies play a crucial indirect role.

Multiple governance responsibilities lack clear ownership.

Abstract

Quantum computing poses an urgent and widely recognised threat to global cybersecurity, enabling encrypted government, financial, and healthcare data harvested today to be decrypted in the near future. Transitioning to quantum-safe cryptography is therefore essential, demanding coordinated action across a complex, multi-actor innovation system. Drawing on insights from an expert workshop in Amsterdam, this study develops a socially informed vision for a quantum-safe future and analyses the current innovation landscape to identify critical gaps and the actions needed to address them. We map twelve key actor groups involved in the migration process, finding that regulators exert the strongest direct influence, while standardisation bodies play a crucial indirect role. This research provides one of the first system-level mappings of actors, influence pathways and governance responsibilities shaping the quantum-safe transition, revealing several responsibilities with unclear ownership. Although centred on the Netherlands, our findings are applicable to other national contexts navigating quantum-safe transitions.