Policy Brief No. 222 — February 2026
Global Quantum Governance: From Principles to Practice
Mauritz Kop and Tracey Forrest
Key Points
→ Quantum is moving from theory to deployment; near-term milestones — post-quantum cryptography (PQC) migration and quantum networking — create a governance tipping point after which societal harms may be difficult to remediate.
→ National strategies, including the proposed EU Quantum Act, are necessary but insufficient: quantum’s global reach, dual-use implications and asymmetric capabilities require an international, standards-first framework that enables security-sufficient openness, overseen by overseen by an International Quantum Agency.
→ Operationalizing foundational principles for responsible quantum innovation, the policy brief uses high-stakes use cases — quantum-enhanced diagnostics and clocks, quantum networks and simulation — as legal and regulatory stress tests for oversight.
→ The authors then examine the nexus of intellectual property (IP), national security, supply chains, geoeconomic and geostrategic competition, outlining a coordinated path forward.
Introduction: The Governance Imperative — From National Acts to a Global Accord
The journey toward responsible quantum governance has begun with significant, albeit fragmented, foundational steps. The European Union’s proposed Quantum Act signals a crucial shift by a major techno-economic bloc to combine industrial policy with risk-based regulation, seeking to embed democratic values into the technology’s architecture.1 This initiative, however, represents just one piece of a much larger geopolitical puzzle. The global scientific community has echoed this need for proactive governance, and there are calls for a “standards-first” approach that prioritizes the early development of interoperable globally harmonized technical standards for terminology, benchmarking and safety to foster innovation and forestall regulatory fragmentation (Aboy et al. 2025). Utilizing such soft-law governance tools acts as a
1 See www.european-quantum-act.com/.
About the Authors
Mauritz Kop is a CIGI senior fellow and the founder of the Stanford Center for Responsible Quantum Technology (RQT). His research spans artificial intelligence (AI) regulation, machinelearning training data governance, intellectual property and quantum technologies, with a focus on responsible innovation, standards, geopolitics, and national and economic security. A technology lawyer by training, he supports deep-tech start-ups through RQT Ventures and serves as a quantum AI adviser to Daiki. He is a guest professor at the US Air Force Academy, serves as quantum ecosystem expert on the von Neumann Commission, holds a patent in AI and founded AIRecht.
Mauritz has advised governments and international and multi-stakeholder bodies on responsible quantum and AI governance, including work with organizations such as the United Nations Educational, Scientific and Cultural Organization, the Organisation for Economic Co-operation and Development, the World Economic Forum and the Group of Seven. His work contributes to policy discussions on emerging technology regulation in Europe and the United States, including issues relevant to the EU AI Act and post-quantum security. He is a frequent international conference speaker and has delivered keynote remarks at major academic, policy and industry venues; his work has been published in scholarly journals by Stanford, Harvard, Yale, Oxford and Cambridge Universities, and in leading outlets such as Nature, Science, Foreign Policy and Fortune.
Tracey Forrest is research director of transformative technologies at CIGI. Her experience spans renewable energy to quantum technologies and has included working with multi-sectoral partners to accelerate the transition from a laboratory curiosity to an impactful device. At CIGI, she leads a network of researchers focused on opportunities and challenges relating to the evolving interface of transformative technologies and international governance.
Tracey is a professional engineer, adjunct professor at the University of Waterloo and former board member of technology and environmentally focused organizations. Over the course of a career in both academia and industry, Tracey has become an authority on thoughtfully bridging emerging technology to high-value applications. She formerly served as a member of the Federation of Canadian Municipalities Green Municipal Fund Council, director of the Transformative Quantum Technologies program at the University of Waterloo, and advisory board chair of the National Research Council of Canada’s Nanotechnology Research Centre.
Tracey completed a B.A.Sc. in environmental (chemical) engineering at the University of Waterloo, and a master’s in energy and environmental economics at the Scuola Mattei, Italy. She completed professional training in topics such as quantum, data science and sustainable business strategy at Harvard University and MIT.
critical precursor, offering agility where premature hard law could stifle nascent innovation (Johnson 2019). From a security perspective, the first stress test of this emerging governance architecture is whether allied democracies can organize a timely, interoperable migration to PQC and quantum-secure networks — essential to neutralizing “harvest now, decrypt later” campaigns against long-lived data and to reducing systemic risks to critical infrastructure as legacy cryptography becomes increasingly brittle.
This technical foundation must be guided by a normative compass. Frameworks such as the “Ten principles for responsible quantum innovation” offer such guidance, calling for a holistic approach that balances advancing the technology with safeguarding societal values and engaging diverse stakeholders (Kop et al. 2024a). This governance challenge is amplified by the accelerating convergence of quantum, artificial intelligence (AI) and other emerging technologies (Organisation for Economic Co-operation and Development [OECD] 2024; Forrest et al. 2025; Forrest, Samson and Laflamme 2024). AI already plays a practical role in the design, calibration, control and error mitigation of quantum devices and networks; conversely, quantum capabilities may eventually shift the computational frontier for certain AI workloads. In this convergence context, capability- and risk-driven governance challenges are most apparent where AI is used to advance quantum technologies (Alexeev et al. 2025).
This rapid evolution presents policy makers with the Collingridge dilemma: the difficulty of governing a technology in its infancy, when control is possible but its consequences are unknown, versus waiting until its impacts are clear, by which point the technology may be too entrenched to steer. The OECD’s emerging framework for anticipatory governance underscores that this convergence requires synoptic stewardship of technical standards, risk assessment and experimentation across ministries, rather than siloed, sector-bysector regulation (OECD 2024). This perspective, which calls for “prospective governance” (Ten Holter 2023), is reflected in some international fora, which suggest that the technology readiness levels (TRLs) of many quantum applications are still too low to justify a formal global regulatory framework (Group of Seven [G7] 2025). However, this stance does not preclude governance; instead, it calls for a principles-based engagement strategy to guide policy development within and between
states, building a trusted ecosystem through international dialogue and collaboration on shared values and interests (Dekker and MartinBariteau 2023; Forrest and Murphy 2025).
This dilemma, and the risk that responsible innovation principles are not embedded early in the development cycle (Inglesant et al. 2021), underscores the inadequacy of relying on “classical guardrails.” These slow-moving legal frameworks are ill-suited for the pace of quantum and AI development and point toward the need for novel, adaptive models such as algorithmic regulation. “Algorithmic regulation” here refers to the embedding of evolving policy constraints directly into the code, metrics and dashboards that govern complex systems, enabling continuous monitoring, dynamic enforcement and audit rather than one-off, paper-based compliance. Crucially, this form of governance is distinct from AI regulation; it focuses on governing the quantum system via code — operationalizing policy constraints directly into quantum control stacks — rather than merely regulating the AI that may assist it. Such tools should augment, not replace, accountable human decision making in PQC migration, export-control design and supply-chain governance. However, this approach introduces a profound trade-off: the potential for loss of control, where the very systems designed for governance become too complex for meaningful human oversight.
The trajectory of quantum technology, with its profound security implications, invites parallels to the atomic age. This has spurred far-reaching proposals, from envisioning an “International Quantum Agency” (IQA) — inspired by the International Atomic Energy Agency and focused on a safeguards function (Kop 2025a) — to a “Qubits for Peace” initiative that frames a grand strategy for steering this technology toward global benefit and its concrete translation as conveyed by the “Bletchley Park for the Quantum Age” proposal (Kop 2025b). These concepts offer the conceptual metaphors required to translate the abstractions of quantum mechanics into concrete governance imperatives. Specifically, the Bletchley Park model envisions not merely a diplomatic meeting place, but a robust institutional capacity for declassification and shared threat assessment, taking the form of an allied PQC migration blueprint. Such strategic mandates are actively being steered and executed by policy makers within national governments and security
partnerships — including the North Atlantic Treaty Organization (NATO) and the Australia-United Kingdom-United States (AUKUS) security agreement — often relying on public-private partnerships to advance leadership in quantum computing, sensing, networking and PQC migration. These initiatives find complementary, civilian expression through the joint efforts of industry, academia and think tanks in multi-stakeholder platforms such as the Open Quantum Institute (OQI), which works to align quantum development with the UN Sustainable Development Goals (SDGs) (Bargellini et al. 2024) and the Multilateral Dialogue on Quantum.2 UN-level discussions in 2025 during the International Year of Quantum Science and Technology similarly emphasized that any such architecture must bridge emerging “quantum divides” by ensuring that PQC, secure networks and peaceful applications are accessible to the Global South, preventing a two-tier global digital order rather than serving only first-mover states.
Expanding the Scope: The International Dimension
Quantum technology is not being developed in a vacuum. It is at the heart of an intensifying geopolitical rivalry between the United States, China and the European Union, each pursuing quantum dominance through distinct national innovation systems and plans for technology sovereignty. This divergence creates a complex global landscape fraught with the risk of fragmentation and a potential “quantum divide” between and within nations (Gercek and Seskir 2024; Forrest et al. 2025). Competing technical standards and misaligned export control regimes threaten to accelerate a technological decoupling between democracies and autocracies, creating a “quantum splinternet” that would bifurcate global supply chains and stifle scientific collaboration (Kop 2025a). The nascent and fragile quantum supply chain is the focus of a recent report conducted in the context of the NATO Transatlantic Quantum Community, which calls for a balanced investment landscape between North America and Europe, the avoidance of trade barriers within the NATO
alliance, and further measures to increase collective security (Kingma, Heijman and Williams 2025).
The development of a future quantum internet, for instance, is already subject to “protocol politics,” with different blocs championing competing standards, or placing differing emphasis on complementary standards (for example, divergent trajectories in PQC standardization, and ongoing debates over where PQC, quantum key distribution, or hybrid approaches are appropriate) that could embed geopolitical fault lines into the next generation of global communications infrastructure (DeNardis 2022; Perret and Ribordy 2025). This quantum divide spans not only research capacity but also access to secure infrastructure, skilled talent and PQC-ready cryptographic stacks. Beyond the G7 and other traditional powers, emerging quantum hubs in India, Brazil, South Africa and parts of Southeast Asia will be crucial partners in co-developing test beds, standards and capacity building, not merely standard-takers (Wimmer and Moraes 2022).
As national strategies from players such as Canada, perspectives from national economic development agencies including those in the United States, and analyses from intergovernmental bodies such as the OECD recognize, no single nation can master this domain alone (Council of Canadian Academies 2023; OECD 2025; Merzbacher 2025). Recent practitioner interviews underscore that many national strategies, while sophisticated, remain inward-looking and risk missing opportunities for joint capacity building and shared experimentation on governance tools (Merzbacher 2025). Effective global governance therefore requires bridging these divides through a multi-layered approach, involving the following:
2 See www.quantumwithoutborders.org/multilateral-dialogue-on-quantum.
→ Bilateral and minilateral agreements: Deepen cooperation among like-minded allies on standards, supply chains and security policy, through vehicles such as NATO, the North American Aerospace Defense Command, the Five Eyes intelligence alliance and technologyfocused pacts such as AUKUS (whose Pillar II explicitly covers quantum). Within NATO, the Defence Innovation Accelerator for the North Atlantic (DIANA) is building a network of test centres and start-up accelerators for dual-use technologies such as quantum, providing a practical platform for cross-border experimentation, standardization and support to early-stage firms across the alliance. Building on
proposals such as Kevin Wolf’s 2024 testimony to the US–China Economic and Security Review Commission, partners could experiment with interoperable licence exceptions: “AUKUS-like” treatment of export controls, that is, narrowly tailored, licence-exception-driven arrangements that protect the most sensitive military applications while facilitating frictionless legitimate research and commercial collaboration (Wolf 2024, 20).
→ Multilateral dialogue: Engage all major quantum powers in dialogues within international fora such as the United Nations and the G7/Group of Twenty to establish norms of responsible state behaviour and increase confidence-building measures. This includes using the OECD’s anticipatory governance work as a neutral convening space to test joint approaches to risk assessment, scenario analysis and standard setting across jurisdictions (OECD 2024).
→ Multi-stakeholder collaboration: Involve industry, academia and civil society in governance discussions to ensure that frameworks are technically sound, practical and democratically legitimate. Platforms such as the Open Quantum Institute of the Geneva Science and Diplomacy Anticipator (GESDA) demonstrate how multi-stakeholder initiatives can link quantum projects directly to SDGrelevant use cases while building shared governance norms (Bargellini et al. 2024).
Quantum Governance Stress Tests: Select Thought Experiments
The “quantum imperative” (Jeutner 2021) becomes concrete when quantum-enabled capabilities are mapped onto familiar legal and regulatory categories — due care, disclosure, liability, certification and attribution. The core novelty is not that quantum systems are probabilistic (law routinely reasons under uncertainty), but that certain quantum capabilities can shift what is computationally feasible, what can be measured and what can be securely communicated, thereby resetting baseline expectations for security and safety. In data management, these quantum
characteristics pose problems in identity, privacy, ownership and traceability (Possati 2023). From a cybersecurity standpoint, the most urgent near-term challenge remains the advent of a Shor-capable, cryptographically relevant quantum computer (CRQC), which could undermine today’s public-key schemes, turning “harvest now, decrypt later” campaigns into concrete breaches, especially for long-lived assets in finance, health-care and public-sector archives (Weinstein and Rodenburg 2025). While public debate often focuses on code breaking, quantum simulation is also a near-term, relatively high-TRL application with profound policy implications (Garfinkel and Hoofnagle 2022). These capability shifts, coupled with the complexity of emerging quantum–classical software stacks, strain existing governance tools and motivate anticipatory, standards-based approaches (Kop 2025a).
At the same time, quantum sensing is rapidly progressing from laboratory demonstrations to operational prototypes. In many protocols, repeated measurements and averaging yield effectively binary or thresholded outputs, even though the underlying physics is probabilistic (Degen, Reinhard and Cappellaro 2017). When these signals are integrated into complex software and AI pipelines, governance questions turn less on “quantum randomness” as such than on calibration, drift, uncertainty quantification and the end-to-end auditability of the full socio-technical system.
Illustrative governance stress tests are considered below — not as tests of legality, but as tests of how existing legal and regulatory paradigms perform under select quantum-enabled thought experiments. Whereas strategic foresight is used to illuminate a span of scenarios without projecting their probability, these thought experiments are meant to spark further inquiry into where quantum-enabled advances may collide with existing paradigms and thereby lay the groundwork for future foresight analysis in support of anticipatory governance.
→ Health-care liability (challenging system-level validation): A quantum sensor, integrated into a hospital’s neuro-imaging suite, repeatedly measures weak magnetic fields in a patient’s brain and, after classical post-processing, produces a clinically usable “at risk/not at risk” flag. That signal is then combined with longitudinal health records in a machine-learning model that outputs a probabilistic prognosis (for example, a 70 percent risk of developing
a severe neurological disease). If a physician prescribes a high-risk preventative treatment based on this end-to-end pipeline — whose components are individually validated but whose integrated performance depends on data traceability and model governance — how should liability and the standard of care be assessed when the outcome is poor (Solaiman 2024), is not transparent (Possati 2023) and integrates a highly complex systems chain? This scenario raises practical questions about disclosure duties, informed consent, post-market monitoring and the allocation of responsibility across clinicians, vendors and integrators.
→ Financial regulation (challenging market integrity and auditability): A consortium of high-frequency traders deploys quantumenhanced clocks that synchronize trading algorithms with unprecedented precision, shaving picoseconds off order execution (Troupe et al. 2022). A subsequent flash crash is plausibly linked to this timing advantage, but because the hardware was lawfully purchased and never disclosed, supervisors cannot readily reconstruct events or assess whether conduct crossed the line into unfair market practice under rules written for classical time-stamping granularity.
→ Digital forensics and lawful access (challenging proof and investigatory practice): As PQC and quantum-secure communications become widespread, post hoc decryption and passive interception become less viable even for lawful investigations. This shifts evidentiary practice toward end-point security, key management governance, and behavioural or network-level forensics — raising questions about proportionality, due process and the design of accountability mechanisms in a world where “access by default” no longer holds.
→ International law and cross-border infrastructure (challenging jurisdiction and service obligations): Cross-border quantum networks for secure communications, timing and sensing will increasingly rely on distributed infrastructure (terrestrial fibre, repeaters and satellites) that spans multiple jurisdictions (Bucciol et al. 2024; Quantropi 2025). When communications become provably tamper-evident and decryption-resistant, familiar doctrines around lawful intercept, data localization, service-provider duties and attribution pressure need to be revisited,
including through confidence-building measures and agreed operational norms (Perrier 2024).
→ Health-care data security (challenging temporal due care): A hostile actor decrypts a national electronic health record database that was exfiltrated years earlier, using a CRQC once it becomes available. This renders legacy safeguards mandated by regulations such as the EU General Data Protection Regulation and the US Health Insurance Portability and Accountability Act retroactively insufficient. How should liability and “reasonable security” be assessed for breaches enabled by future capabilities and what constitutes due care today in light of foreseeable cryptographic transition risk (Kop et al. 2024b)? This scenario underscores that PQC migration is not merely a technical upgrade but a temporal rights and resilience imperative: today’s decisions about cryptoagility, key life-cycle management and data minimization determine whether sensitive data remains protected against future adversaries.
Much like AI, quantum technology puts pressure on regulatory systems that were built around slower innovation cycles and clearer lines between research, products and infrastructure. Beyond the thought experiments above, the dual-use potential of quantum sensing, timing, communications and computation raises concrete questions for arms control, surveillance governance and crisis stability — for example, the use of quantum sensors in space for enhanced surveillance, stealth detection or stealth evasion by non-state or rogue state actors (Krelina 2025a, 2025b). Quantum risks also cut across many sectors that integrate critical infrastructure — from finance to energy and aerospace to telecommunications. These dynamics strengthen the case for building legal and technical capacity within regulators, and for relying early on standards, benchmarks and test beds that can translate high-level principles into measurable practice.
The Nexus: IP, National Security and Strategic Competition
The governance challenge is most acute at the nexus where IP, national security and economic strategy converge. This interplay is a dynamic feedback loop: a quantum technology’s dual-use dilemma — its potential for both civilian and military application — triggers national security concerns, leading to state-imposed export controls (Kop 2025a). These controls, in turn, force industry to alter its IP strategies, often favouring trade secrets over public patents, and their pursuit of a strategic dual-use market strategy (Keselman and Murray 2025). Stakeholder analyses reveal significant misalignment on how to balance these competing interests, highlighting the tension between idealistic policy and practical outcomes (van der Enden, Profitiliotis and Croese 2025). Programs such as the Quantum Benchmarking Initiative of the US Defense Advanced Research Projects Agency (DARPA), which independently verify whether commercial architectures can reach utility scale by 2033, illustrate how states can separate hype from reality while still signalling long-term security concerns and investment priorities.3 Taken together, these trends underline the need for security-sufficient openness: calibrated legal access to technology that meets concrete mission needs without collapsing the innovation ecosystems on which resilience depends. This equilibrium is best maintained through an LSI (least-trade-restrictive, security-sufficient, innovation-preserving) test, which ensures that control measures are proportionate to the capability risk they address (Kop, forthcoming 2026). The entire cycle is further complicated by geopolitical manoeuvring through global supply chains for critical minerals and specialized components.
Navigating this nexus requires answering several critical questions:
→ The patent-secrecy dilemma: How can states balance the patent system’s goal of public disclosure with the national security imperative to protect sensitive innovations?
→ Preventing a “quantum thicket”: Unlike previous foundational technologies where basic building blocks often remained public, quantum technology has seen aggressive, early patenting of core concepts. How can policy prevent a “patent thicket” — a dense web of overlapping IP rights — that could stifle downstream innovation (Lemley 2005)?
→ Calibrating export controls: How can export controls be harmonized and narrowly tailored to restrict the most dangerous military applications without stifling essential transnational scientific exchange (McFaul 2025)?
→ Deterrence and strategic stability: How will quantum capabilities in sensing, timing and secure communications affect intelligence, early warning and the credibility of deterrence? These strategic shifts can have legal spillovers — for procurement baselines, alliance interoperability requirements, and the interpretation of due diligence and proportionality norms in cyber operations — warranting sustained analysis alongside technical benchmarking (McKenney 2022; Norman 2025).
→ Securing supply chains: How can democratic nations build resilient supply chains for the critical materials that underpin quantum technologies? A data-driven methodology, such as a Quantum Criticality Index, can help identify and prioritize chokepoints for targeted policy interventions (Lee 2024; Cho, Kop and Lee 2025). Crucially, such indices and mitigation strategies should be designed so that their insights can be shared — at least in part — with trusted partners in the Global South, avoiding a stratified system of resilience where only a handful of states can hedge supply-chain risk.
A coherent global strategy cannot treat these domains in isolation. It requires an integrated approach that harmonizes IP policy with security objectives and coordinates economic statecraft among allies, recognizing that a call for responsible quantum technology must be a shared global endeavour (Gasser, De Jong and Kop 2024). In practice, this will require tools such as FRAND-based licensing4 of foundational patents, open test beds and shared benchmarking data sets so that smaller firms and emerging-economy
3 See www.darpa.mil/research/programs/quantum-benchmarking-initiative.
4 FRAND refers to fair, reasonable and non-discriminatory licensing terms.
institutions can participate meaningfully in the quantum ecosystem.
Future Outlook and Recommendations
The development of a stable and responsible global quantum ecosystem is not a foregone conclusion. A future defined by a zero-sum race for quantum supremacy will be a more dangerous and fragmented one. The international community, therefore, stands at a critical juncture. The governance of past emerging technologies offers a key lesson: a mix of hard law, soft law and coordinated international action is necessary (Marchant et al. 2025). A purely reactive cybersecurity posture is insufficient; the quantum age demands a proactive legal and technical framework built on principles of crypto-agility and privacy by design to defend data before harm occurs (McKenney 2022).
To move forward, the authors recommend a multipronged strategy:
→ Strengthen the foundations: Accelerate the development of international technical standards with an explicit near-term focus on coordinated PQC migration and certification. This includes aligning cryptographic profiles across sectors; updating procurement frameworks so that crypto-agility, key lifecycle management and “harvest now, decrypt later” mitigation are baseline requirements; and adopting a posture of cryptographic resilience — the capacity to respond quickly to unexpected cryptographic breaks through agile standards, testing and incident playbooks. Standards work should be paired with the adoption of a common set of ethical principles for responsible quantum innovation that address the full spectrum of “quantum-ELSPI” (ethical, legal, social and policy implications) (Kop 2023; Aboy et al. 2025; OECD 2024, 2025). The success of this approach hinges on the integrity of the standardization framework itself, ensuring that the “international standardisation processes continue to function by well-established rules, that there are relevant oversight and accountability frameworks in place, and that no one actor — whoever they might be —
is in a position to manipulate the system” (Teleanu 2021, 65). The implementation of standard capacity-building and unity-building measures, such as a shared understanding of terminology, may help alleviate geopolitical tensions (Milne and Wang 2022).
→ Harmonize among allies: Like-minded nations should intensify collaboration to align their approaches to export controls, investment screening and supply-chain security. This could be advanced through existing G7 quantum working groups (for example, the G7 Joint Working Group on Quantum Technologies and the G7 Central Banks Quantum Technologies Working Group) — and through Five Eyes and AUKUS-style arrangements that pilot narrowly scoped licence exceptions and joint review processes. Controls and screening should be capability-targeted and process-disciplined: poorly designed measures can impose high compliance costs, delay benign collaboration and chill legitimate investment, including in joint capacity building with trusted partners (Wolf 2024). The G7 can enhance its quantum supply-chain anticipatory capacity through measures such as a Quantum Criticality Index where insights are shared as appropriate with the Global South (Lee 2024), and address critical vulnerabilities as identified by the NATO Transatlantic Quantum Community through near-term coordinated actions (Kingma, Heijman and Williams 2025). By aligning incentives and investments, the G7 can lead and partner in achieving collective quantum technological sovereignty, dual-use readiness and responsible development objectives.
→ Incentivize global collaboration: To bridge geopolitical divides and foster cooperation on peaceful applications, nations should invest in shared quantum infrastructure and open test beds that are accessible beyond the OECD. In the near term, this means federating existing platforms — such as national quantum clouds, OQI-aligned SDG demonstrators and regional test networks — under common governance rules. In the longer term, a facility in the style of the European Organization for Nuclear Research — a “CERN for Quantum” — could provide shared access to high-end simulators and error-corrected devices, anchored in transparency, joint oversight and equitable access for Global South partners.
→ Institutionalize foresight: Establish and adequately resource international foresight capacities — whether within an IQA-type body or a network of linked observatories — that continuously map emerging capabilities, update risk scenarios and stress-test legal frameworks against them. These bodies should experiment with limited algorithmic regulation in a narrow, well-governed way — using AI-assisted monitoring, dashboards and red-team exercises to inform human decision makers — while drawing on methodologies from prospective governance and anticipatory regulation (Ten Holter 2023; OECD 2024; Marchant et al. 2025). They may also leverage emerging AI-powered causal insights to promote optimal investment and agile regulatory action, drawing upon similar initiatives such as the World Bank’s ImpactAI.5
Effective quantum governance requires a synthesis of geopolitical realism and normative orientation. Realism demands an objective assessment of the current technological, geopolitical and regulatory landscape, while a normative orientation provides the vision for responsible development and equitable access. This dual approach ensures that governance frameworks are pragmatically grounded in present realities yet guided by defensible public values. The governance choices made today will have profound consequences for decades to come. A concerted, global effort is essential to ensure that the quantum revolution unfolds not as a source of instability and fragmentation, but as a force for shared security and human development. Done well, such a strategy can steer quantum technologies toward broad-based diffusion of the security, scientific insight and economic opportunity generated by quantum tools, rather than concentrate benefits and vulnerabilities in a few hands.
Acronyms and Abbreviations
AI artificial intelligence
AUKUS Australia-United KingdomUnited States
CRQC cryptographically relevant quantum computer
DARPA Defense Advanced Research Projects Agency
DIANA Defence Innovation Accelerator for the North Atlantic
G7 Group of Seven
GESDA Geneva Science and Diplomacy Anticipator
IP intellectual property
IQA International Quantum Agency
NATO North Atlantic Treaty Organization
OECD Organisation for Economic Co-operation and Development
OQI Open Quantum Institute
PQC post-quantum cryptography
SDGs Sustainable Development Goals
TRLs technology readiness levels
5 See https://impactai.worldbank.org/.
Works Cited
Aboy, Mateo, Urs Gasser, I. Glenn Cohen and Mauritz Kop. 2025. “Quantum technology governance: A standards-first approach.” Science 389 (6760): 575–78. https://doi.org/10.1126/science.adw0018.
Alexeev, Yuri, Marwa H. Farag, Taylor L. Patti, Mark E. Wolf, Natalia Ares, Alán Aspuru-Guzik, Simon C. Benjamin, et al. 2025. “Artificial intelligence for quantum computing.” Nature Communications 16: 10829. https://doi.org/10.1038/s41467-025-65836-3.
Bargellini, Filippo, Elias X. Huber, Marieke Hood, Catherine Lefebvre, Brigida Melillo, Padmapriya Mohan, Maricela Muñoz, Marianne Schörling and Mira Wolf-Bauwens. 2024. Intelligence Report on Quantum Diplomacy for the Sustainable Development Goals (SDGs). 2nd ed. Geneva, Switzerland: GESDA. https://open-quantum-institute.cern/wp-content/ uploads/2025/11/Intelligence_Report-2024.pdf.
Bucciol, Elena, Katia Boria, Matteo Elia, Domenico Petrucciani, Mario Trinchera, Ivan Luciano Danesi, Lorenzo Demelas, et al. 2024. Quantum technologies in the banking sector. May. Interbank Convention for Automation. www.cipa.it/altre-pubblicazioni/gruppi-lavoro/ tecnologiequantistiche/quantumtechnologies.pdf.
Cho, Dongyoun, Mauritz Kop and Min-Ha Lee. 2025. “Strategic Governance of Quantum Supply Chains: A Criticality-Based Framework for Risk, Resilience, and Data-Driven Foresight.” Preprint, ResearchGate, November 11. www.researchgate.net/publication/397511771_ Strategic_Governance_of_Quantum_Supply_ Chains_A_Criticality-Based_Framework_for_ Risk_Resilience_and_Data-Driven_Foresight.
Council of Canadian Academies. 2023. Quantum Potential Ottawa, ON: Expert Panel on the Responsible Adoption of Quantum Technologies, Council of Canadian Academies. https://cca-reports.ca/wp-content/uploads/2024/03/ Quantum-Potential_Full-Report_March-1-2024.pdf.
Degen, C. L., F. Reinhard and P. Cappellaro. 2017. “Quantum sensing.” Reviews of Modern Physics 89 (3): 035002. https://doi.org/10.1103/RevModPhys.89.035002.
Dekker, Tina and Florian Martin-Bariteau. 2023. “Regulating Uncertain States: A Risk-Based Policy Agenda for Quantum Technologies.” Canadian Journal of Law and Technology 20 (2): 179–224. https://digitalcommons.schulichlaw.dal.ca/ cjlt/vol20/iss2/3/.
DeNardis, Laura. 2022. “CQN Societal Impacts Winter Lecture: Quantum Internet Protocols.” Center for Quantum Networks, January 28. YouTube video, 1:09:49. www.youtube.com/ watch?v=2IT9hefrNIE.
Forrest, Tracey and Michael P. A. Murphy. 2025. Principles for Quantum Governance: Kananaskis and Beyond CIGI Policy Brief No. 207. Waterloo, ON: CIGI. www.cigionline.org/publications/principles-forquantum-governance-kananaskis-and-beyond/.
Forrest, Tracey, Paul Samson, S. Yash Kalash and Michael P. A. Murphy. 2025. “Quantum Technologies and Situational Awareness: The G7 and Beyond.” Draft, October 28. Waterloo, ON: CIGI. www.cigionline.org/static/ documents/Quantum_Technologies_and_Situational_ Awareness_-_Draft.pdf.
Forrest, Tracey, Paul Samson and Raymond Laflamme. 2024. “Quantum Technology, National Security and Defence Spending: A New Frontier.” Opinion, Centre for International Governance Innovation, July 8. www.cigionline.org/articles/ quantum-technology-national-security-and-defence-spendinga-new-frontier/.
G7. 2025. “Kananaskis Common Vision for the Future of Quantum Technologies.” Leaders’ statement, June 17. https://g7.canada.ca/en/news-and-media/ news/kananaskis-common-vision-for-thefuture-of-quantum-technologies/.
Garfinkel, Simson L. and Chris J. Hoofnagle. 2022. “ACM TechBrief: Quantum Computing and Simulation.” July. New York, NY: Association for Computing Machinery, Technology Policy Council. https://doi.org/10.1145/3551664.
Gasser, Urs, Eline De Jong and Mauritz Kop. 2024. “A call for responsible quantum technology.” Nature Physics 20: 525–27. https://doi.org/10.1038/s41567-024-02462-8.
Gercek, A. Ayda and Zeki C. Seskir. 2024. “Navigating the Quantum Divide(s).” Preprint, arXiv, March 12. https://doi.org/10.48550/arXiv.2403.08033.
Inglesant, Philip, Carolyn Ten Holter, Marina Jirotka and Robin Williams. 2021. “Asleep at the wheel? Responsible Innovation in quantum computing.” Technology Analysis & Strategic Management 33 (11): 1364–76. https://doi.org/10.1080/ 09537325.2021.1988557.
Jeutner, Valentin. 2021. “The Quantum Imperative: Addressing the Legal Dimension of Quantum Computers.” Morals & Machines 1 (1): 52–59. https://doi.org/ 10.5771/2747-5174-2021-1-52.
Johnson, Walter G. 2019. “Governance Tools for the Second Quantum Revolution.” Jurimetrics 59 (4): 487–522. www.jstor.org/stable/27009999.
Keselman, Gene and Fiona Murray. 2025. “Dual-Use Is a Strategy, Not a Category (Nor a Trap).” War on the Rocks, January 2. https://warontherocks.com/2025/01/dual-useis-a-strategy-not-a-category-nor-a-trap/.
Kingma, Lukas, Freeke Heijman and Carl Williams. 2025. Critical Vulnerabilities in the Quantum Computing Supply Chain within the NATO Alliance. Conducted in the context of the NATO Transatlantic Quantum Community. www.fheijman.nl/QSC_report.pdf.
Kop, Mauritz. 2023. “Quantum-ELSPI: A Novel Field of Research.” Digital Society 2, 20. https://doi.org/10.1007/s44206-023-00050-6.
———. 2025a. “Towards a European Quantum Act: A TwoPillar Framework for Regulation and Innovation.” Columbia Journal of European Law 31 (1).
———. 2025b. “A Bletchley Park for the Quantum Age.” War on the Rocks, November 6. https://warontherocks.com/2025/11/ a-bletchley-park-for-the-quantum-age/.
———. Forthcoming 2026. “The Nexus of Quantum Technology, Intellectual Property, and National Security.”
Kop, Mauritz, Mateo Aboy, Eline De Jong, Urs Gasser, Timo Minssen, I. Glenn Cohen, Mark Brongersma, Teresa Quintel, Luciano Floridi and Raymond Laflamme. 2024a. “Ten principles for responsible quantum innovation.” Quantum Science and Technology 9 (3): 035013. https://doi.org/10.1088/2058-9565/ad3776.
Kop, Mauritz, Suzan Slijpen, Katie Liu, Jin-Hee Lee, Constanze Albrecht and I. Glenn Cohen. 2024b. “A Brief Quantum Medicine Policy Guide.” Bill of Health (blog), December 6. https://petrieflom.law.harvard.edu/2024/12/06/abrief-quantum-medicine-policy-guide/.
Krelina, Michal. 2025a. “An Introduction to Military Quantum Technology for Policymakers.” SIPRI Background Paper, March. Stockholm, Sweden: Stockholm International Peace Research Institute. https://doi.org/10.55163/DRDQ1599.
———. 2025b. “Military and Security Dimensions of Quantum Technologies: A Primer.” July. Stockholm, Sweden: Stockholm International Peace Research Institute. https://doi.org/10.55163/ZVTL1529.
Lee, Min-Ha. 2024. “Quantum Criticality Index: Understanding Critical Raw Materials Supply Chains in Quantum Technologies.” Presentation at 2nd Annual Stanford Responsible Quantum Technology Conference, Stanford University, May 20. https://youtu.be/ m2qExQqGm6A?si=QjCEvJFmP_ZAZkHN&t=1609.
Lemley, Mark A. 2005. “Patenting Nanotechnology.” Stanford Law Review 58: 601–30. www.stanfordlawreview.org/ wp-content/uploads/sites/3/2010/04/lemley-1.pdf.
Marchant, Gary, Rida Bazzi, Diana Bowman, Justin Connor, Royal Aubrey Davis III, Eunmi Kang, Kaniah Konkoly-Thege, et al. 2025. “Learning From Emerging Technology Governance for Guiding Quantum Technology.” Richmond Journal of Law & Technology 31 (2): 266–391. https://jolt.richmond.edu/files/2025/ 05/Marchant-Final.pdf.
McFaul, Michael. 2025. “The Case for Selective Economic Decoupling with Autocracies.” McFaul’s World, Substack, December 12. https://michaelmcfaul.substack.com/p/ the-case-for-selective-economic-decoupling.
McKenney, Ryan. 2022. “Reconsidering the legal effects of quantum computing: from a reactive to a proactive cybersecurity posture.” Paper presented at the Legal Dimensions of Quantum Computing Conference, Lund, Sweden, April 28.
Merzbacher, Celia. 2025. “Governing the quantum leap.” Interview by Jesse Samasuwo. Apolitical, August 20. https://apolitical.co/solution-articles/en/quantuminterviews-dr-celia-merzbacher-governing-the-quantum-leap.
Milne, Claire and Jufang Wang. 2022. The Geopolitics of Global Technology Standards: Key Issues and Solutions. Oxford Global Society, November. https://oxgs.org/wp-content/ uploads/2022/11/Report-The-Geopolitics-of-GlobalTechnology-Standards-Key-Issues-and-Solutions.pdf.
Norman, Pippa. 2025. “Why quantum technology matters for defence.” The Globe and Mail, September 13. www.theglobeandmail.com/business/ article-why-quantum-technology-matters-for-defence/.
OECD. 2024. “Framework for Anticipatory Governance of Emerging Technologies.” OECD Science, Technology and Industry Policy Papers. Paris, France: OECD Publishing. https://doi.org/10.1787/0248ead5-en.
———. 2025. “A Quantum Technologies Policy Primer.” OECD Digital Economy Papers No. 371. https://doi.org/10.1787/fd1153c3-en.
Perret, Ludovic and Grégoire Ribordy. 2025. “Accelerating the Transition to Quantum-Safe Communication: A Call for Global Collaboration and Action.” Think7 Policy Brief. Waterloo, ON: CIGI. www.cigionline.org/static/documents/ TF1_Perret_Ribordy.pdf.
Perrier, Elija. 2024. “Quantum Information Technologies and Public International Law: A Strategic Perspective.” Stanford Center for Responsible Quantum Technology. https://purl.stanford.edu/vs906nm4136.
Possati, Luca M. 2023. “Ethics of Quantum Computing: An Outline.” Philosophy & Technology 36 (3): 48. https://doi.org/10.1007/s13347-023-00651-6.
Quantropi Inc. 2025. “A Historic Leap in Cyber Defence: NATO DIANA’s Transatlantic Quantum-Secure Communications.” Quantropi, July. www.quantropi.com/ nato-diana-transatlantic-transmission/.
Solaiman, Barry. 2024. “Legal and Ethical Considerations of Artificial Intelligence for Residents in Post-Acute and Long-Term Care.” Journal of the American Medical Directors Association 25 (9): 105105. https://doi.org/10.1016/j.jamda.2024.105105.
Teleanu, Sorina. 2021. The geopolitics of digital standards: China’s role in standard-setting organisations. Geneva, Switzerland: DiploFoundation/Geneva Internet Platform and Multilateral Dialogue Konrad Adenauer Foundation. www.diplomacy.edu/wp-content/uploads/2021/12/ Geopolitics-of-digital-standards-Dec-2021.pdf.
Ten Holter, Carolyn. 2023. “Towards a methodology for prospective governance in quantum computing technologies.” Ph.D. thesis, University of Oxford. https://ora.ox.ac.uk/objects/ uuid:90205589-4ad5-4e3b-95dc-7d8bd8325075.
Troupe, James, Stav Haldar, Ivan Agullo and Paul Kwiat. 2022. “Quantum Clock Synchronization for Future NASA Deep Space Quantum Links and Fundamental Science.” Preprint, arXiv, September 29. https://doi.org/10.48550/ arXiv.2209.15122.
van der Enden, K. L., G. Profitiliotis and D. Croese. 2025. “Advancing a responsible future quantum internet.” Preprint, arXiv, January 15. https://doi.org/10.48550/arXiv.2501.10468.
Weinstein, Yaakov and Brandon Rodenburg. 2025. “Quantum Computing — Quantifying the Current State of the Art to Assess Cybersecurity Threats.” Intelligence After Next Series No. 29. The MITRE Corporation. www.mitre.org/sites/ default/files/2025-01/PR-24-3812-Quantum-ComputingQuantifying-Current-State-Assess-Cybersecurity-Threats.pdf.
Wimmer, Miriam and Thiago Guimarães Moraes. 2022. “Quantum Computing, Digital Constitutionalism, and the Right to Encryption: Perspectives from Brazil.” Digital Society 1, 12. https://doi.org/10.1007/s44206-022-00012-4.
Wolf, Kevin. 2024. “Testimony before the US–China Economic and Security Review Commission. Hearing on ‘Key Economic Strategies for Leveling the US-China Playing Field: Trade, Investment, and Technology.” May 23. www.uscc.gov/ sites/default/files/2024-05/Kevin_Wolf_Testimony.pdf.
About CIGI
The Centre for International Governance Innovation (CIGI) is an independent, non-partisan think tank whose peer-reviewed research and trusted analysis influence policy makers to innovate. Our global network of multidisciplinary researchers and strategic partnerships provide policy solutions for the digital era with one goal: to improve people’s lives everywhere. Headquartered in Waterloo, Canada, CIGI has received support from the Government of Canada, the Government of Ontario and founder Jim Balsillie.
À propos du CIGI
Le Centre pour l’innovation dans la gouvernance internationale (CIGI) est un groupe de réflexion indépendant et non partisan dont les recherches évaluées par des pairs et les analyses fiables incitent les décideurs à innover. Grâce à son réseau mondial de chercheurs pluridisciplinaires et de partenariats stratégiques, le CIGI offre des solutions politiques adaptées à l’ère numérique dans le seul but d’améliorer la vie des gens du monde entier. Le CIGI, dont le siège se trouve à Waterloo, au Canada, bénéficie du soutien du gouvernement du Canada, du gouvernement de l’Ontario et de son fondateur, Jim Balsillie.
Credits
Research Director, Transformative Technologies Tracey Forrest
Director, Programs Dianna English
Program Manager Reanne Cayenne
Publications Editor Lynn Schellenberg
Graphic Designer Sepideh Shomali
Copyright © 2026 by the Centre for International Governance Innovation
The opinions expressed in this publication are those of the authors and do not necessarily reflect the views of the Centre for International Governance Innovation or its Board of Directors.
For publications enquiries, please contact publications@cigionline.org.
The text of this work is licensed under CC BY 4.0. To view a copy of this licence, visit http://creativecommons.org/licenses/by/4.0/.
For reuse or distribution, please include this copyright notice. This work may contain content (including but not limited to graphics, charts and photographs) used or reproduced under licence or with permission from third parties.
Permission to reproduce this content must be obtained from third parties directly. Centre for International Governance Innovation and CIGI are registered trademarks.
67 Erb Street West Waterloo, ON, Canada N2L 6C2 www.cigionline.org