Workshop 3: Quantum Computing: Global Challenges and Security Opportunities

Summary

This EuroDIG 2025 workshop focused on quantum computing’s global challenges and security opportunities, examining both the threats and benefits this emerging technology presents. The session was moderated by Wout de Natris-van der Borght and featured three key speakers who provided different perspectives on quantum computing’s implications for society.

Tim Smith from CERN’s Open Quantum Institute presented an optimistic view, emphasizing that the second quantum revolution is already underway through hybrid quantum-classical computing systems. He stressed the importance of international collaboration and multilateral governance to ensure quantum computing benefits everyone, not just a few countries or corporations. Smith highlighted the Open Quantum Institute’s work in exploring quantum applications for UN Sustainable Development Goals and warned against repeating past mistakes with AI by failing to establish proper governance frameworks early.

Mark Mattingley-Scott from Quantum Brilliance addressed the security threats, explaining how quantum computers will eventually break current cryptographic methods through algorithms like Shor’s and Grover’s. He emphasized the “harvest now, decrypt later” problem, where encrypted data stored today could be vulnerable to future quantum attacks. Mattingley-Scott stressed the urgent need to migrate to post-quantum cryptography (PQC) now, comparing the required effort to being at least an order of magnitude greater than the Y2K problem.

Elif Kiesow presented preliminary findings from ongoing research on quantum computing’s social implications, focusing on practical steps organizations can take today. She emphasized creating cryptographic inventories and migration roadmaps, while highlighting concerns about IoT security vulnerabilities in a post-quantum world. The discussion concluded with key messages emphasizing the need for immediate action on quantum-safe encryption, international cooperation to prevent digital divides, and public awareness to ensure inclusive development of this transformative technology.

Keypoints

## Major Discussion Points:

– **Quantum Computing Timeline and Current State**: Discussion of where quantum computing technology currently stands (hundreds of qubits available now vs. millions needed for full capability) and the uncertainty around when “quantum day” – the point where quantum computers can break current encryption – will arrive, though hybrid quantum-classical systems are already being used today.

– **Cryptographic Threats and “Harvest Now, Decrypt Later”**: The immediate security concern that adversaries may be collecting encrypted data today to decrypt it once quantum computers become powerful enough, particularly threatening blockchain systems, long-term stored data, and current encryption methods that rely on mathematical problems like factoring large numbers.

– **Post-Quantum Cryptography (PQC) Migration**: The urgent need to transition to quantum-resistant encryption methods that can run on classical computers, including the practical challenges of updating legacy systems, creating cryptographic inventories, and ensuring this migration doesn’t create a new digital divide between countries and organizations with different resources.

– **International Cooperation vs. Technological Divide**: The tension between quantum development being driven by national security and commercial interests versus the need for multilateral collaboration to ensure equitable access and prevent quantum technologies from being concentrated in just a few countries and corporations.

– **Regulatory and Policy Implications**: Discussion of how existing regulations like GDPR already mandate quantum-proof encryption once it becomes the standard, and the need for proactive governance frameworks, public awareness, and industry investment to properly manage this technological transition.

## Overall Purpose:

The discussion aimed to examine the current state and future implications of quantum computing, focusing on both the opportunities it presents and the security threats it poses. The session sought to inform policymakers, industry representatives, and other stakeholders about the need for immediate action in preparing for quantum computing’s impact on cybersecurity, particularly through post-quantum cryptography adoption and international cooperation frameworks.

## Overall Tone:

The discussion maintained a balanced but urgent tone throughout. It began optimistically with Tim Smith emphasizing opportunities for international collaboration, shifted to a more cautionary perspective with Mark Mattingley-Scott outlining security threats, and concluded with practical recommendations from Elif Kiesow. While acknowledging the serious challenges ahead, the overall tone remained constructive and solution-oriented, emphasizing that proactive action now can help avoid the security-by-retrofit problems that plagued earlier internet technologies. The participants consistently stressed that while quantum computing is inevitable and potentially disruptive, proper preparation and international cooperation can harness its benefits while mitigating risks.

Speakers

Р**J̦rn Erbguth**: Focal point for the session, rapporteur, mentioned helping with GDPR compliance requirements for quantum-proof encryption

– **Elif Kiesow**: Project Lead of the IGF Dynamic Coalition Internet Standards, Security, and Safety, Working Group 9 on Quantum Computing; Chair of Working Group 9 on Emerging Technologies of DCISVC

– **Online moderator**: Session moderator providing technical instructions and guidelines for the Zoom session

– **Panelist**: [Generic identifier used in transcript – appears to refer to Elif Kiesow in context]

– **Wout de Natris-van der Borght**: Session moderator, Internet Governance and Cybersecurity Consultant, Coordinator of the Internet Governance Dynamic Coalition Internet Standards, Security and Safety

– **Audience**: [Generic identifier for audience members asking questions]

– **Mark Mattingley-Scott**: Chief Revenue Officer at Quantum Brilliance based in Germany

– **Marijana Puljak**: Member of the Croatian Parliament, Member of the Parliamentary Assembly of the Council of Europe, 25 years of IT background

– **Tim Smith**: Coordinator, Open Quantum Institute at CERN

**Additional speakers:**

– **Isti Marta**: From the University of Warsaw

– **Biljana Zaslova-Friedrich**: Senior project manager from the European Centre of Quantum Sciences, based in Strasbourg, working on European projects on AI, machine learning and quantum

– **Karen Mulberry**: Focal point for the session (mentioned in acknowledgments)

– **Konstant Weisse**: Background coordinator who helped make the session possible

– **Sandra**: EuroDIG team member working behind the scenes

– **Rainer**: EuroDIG team member working behind the scenes

# EuroDIG 2025 Workshop: Quantum Computing’s Global Challenges and Security Opportunities – Discussion Report

## Executive Summary

This EuroDIG 2025 workshop examined quantum computing’s implications for global security and governance, bringing together experts to discuss both opportunities and challenges. The session, moderated by Wout de Natris-van der Borght, featured three primary speakers: Tim Smith from CERN’s Open Quantum Institute (participating remotely), Mark Mattingley-Scott from Quantum Brilliance, and Elif Kiesow representing the IGF Dynamic Coalition Internet Standards, Security, and Safety. Despite significant technical difficulties with Zoom rooms and audio feedback that disrupted parts of the presentation, the discussion revealed consensus on the urgent need for post-quantum cryptography migration and international cooperation to prevent digital divides in quantum technology access.

## Key Presentations

### International Cooperation and Positive Applications (Tim Smith, CERN)

Tim Smith emphasized that the second quantum revolution is already underway through hybrid quantum-classical computing systems. He argued that quantum computers will serve as specialized co-processors for difficult calculations rather than replacing classical computers entirely. Smith’s central message focused on the critical importance of multilateral governance and international cooperation to ensure quantum computing benefits everyone rather than being monopolized by a few countries or corporations.

“Humanity’s biggest challenges today are shared global challenges,” Smith argued, “so therefore, it necessitates transnational collaboration to ensure that it will be able to benefit and unlock the potential of quantum computing for everyone and not just a few.” He warned against repeating past mistakes with artificial intelligence by failing to establish proper governance frameworks early in the technology’s development.

The Open Quantum Institute’s work exemplifies this approach by exploring quantum applications for UN Sustainable Development Goals and providing a neutral platform for international collaboration. Smith emphasized that development driven solely by strategic or commercial interests risks diverging from societal benefits, making demand-driven solutions and public awareness crucial next steps.

### Security Threats and Cryptographic Vulnerabilities (Mark Mattingley-Scott, Quantum Brilliance)

Mark Mattingley-Scott provided a comprehensive analysis of quantum computing’s security implications, focusing on immediate threats posed by future quantum capabilities. He explained how quantum computers will eventually break current cryptographic methods, fundamentally undermining the mathematical foundations of today’s encryption systems.

The most critical concept Mattingley-Scott introduced was the “harvest now, decrypt later” problem, which transforms quantum threats from future concerns into immediate security issues. This means adversaries may already be collecting encrypted data today with the intention of decrypting it once quantum computers become sufficiently powerful. “We don’t know exactly when, to what degree specific threats will become real threats. But we do know that we’re running out of time. There’s no time left to wait. We need to act now.”

Despite presenting these security challenges, Mattingley-Scott maintained that quantum technology should be embraced rather than avoided, arguing that it offers significant benefits alongside the risks. He positioned Europe as having unique advantages in quantum development, including a large pool of quantum skills and potential for global policy influence.

### Practical Implementation and Social Implications (Elif Kiesow, IGF Dynamic Coalition)

Elif Kiesow presented preliminary findings from ongoing research on quantum computing’s social implications, though her presentation was partially disrupted by technical issues. She focused on actionable measures that organizations can implement immediately to prepare for the quantum transition, emphasizing that post-quantum cryptography can run on classical computers and doesn’t require quantum hardware.

Kiesow outlined critical steps for organizational preparedness: creating comprehensive cryptographic inventories, developing migration roadmaps for transitioning to quantum-resistant systems, and ensuring public procurement policies consider devices capable of migrating to post-quantum cryptography. She highlighted particular concerns about Internet of Things (IoT) security vulnerabilities during PQC migration.

A central theme was the risk of creating new digital divides through the quantum transition. “Migration to quantum proof encryption could create a new digital divide if some countries do it and some other countries don’t,” she argued, reinforcing the international cooperation themes while providing concrete steps for inclusive implementation.

## Audience Discussion and Stakeholder Perspectives

The discussion was enriched by contributions from several stakeholders who highlighted practical implementation challenges. Marijana Puljak, a member of the Croatian Parliament with IT background, provided a pragmatic perspective, noting the dual-use nature of technology and identifying a critical gap between researchers and industry in quantum development.

Biljana Zaslova-Friedrich from the European Centre of Quantum Sciences raised questions about stakeholder targeting and governance frameworks, highlighting the ongoing EU quantum strategy consultation process. Isti Marta from the University of Warsaw posed questions about dual-use technology risks and the consequences of failed PQC migration.

Jörn Erbguth provided important clarity on legal obligations, stating that GDPR makes quantum-proof encryption mandatory once it becomes the state-of-the-art standard for secure encryption, eliminating debate about voluntary versus mandatory adoption.

## Technical and Implementation Challenges

The session highlighted several ongoing challenges despite the comprehensive discussion. The exact timeline for when quantum computers will achieve cryptographically relevant scale remains uncertain, creating difficulties for resource allocation and priority setting. The significant gap between quantum researchers, industry, and policymakers requires ongoing attention to ensure effective technology transfer.

Funding challenges due to unpredictable return on investment timelines present obstacles to development and deployment. Educational challenges, including engaging younger generations in quantum sciences, threaten the talent pipeline needed for quantum technology development. The challenge of making quantum computing relevant and understandable for policymakers and the general population remains essential for informed governance and public support.

## Key Outcomes and Next Steps

The session concluded with several concrete commitments and action items. The Dynamic Coalition committed to presenting a second draft of their quantum computing report within two weeks, followed by a public consultation period for stakeholder feedback. The final report will be published and presented at the IGF.

Participants agreed on immediate organizational steps, including creating cryptographic inventories and developing migration roadmaps for post-quantum cryptography transition. Public procurement policies should begin considering devices capable of migrating to post-quantum cryptography. The EU quantum strategy consultation process was identified as an important venue for continued stakeholder input.

## Conclusion

The EuroDIG 2025 quantum computing workshop successfully established a framework for understanding quantum computing’s global implications despite technical difficulties that affected the session. The discussion revealed that quantum computing presents both unprecedented challenges, particularly in cybersecurity, and significant opportunities for addressing global challenges through international cooperation.

The session’s key insight is that quantum computing requires immediate action due to the “harvest now, decrypt later” security threat and existing legal obligations under frameworks like GDPR. The emphasis on hybrid quantum-classical systems provides a realistic pathway for quantum adoption, while the strong focus on international cooperation offers a roadmap for ensuring quantum computing benefits humanity broadly rather than exacerbating existing inequalities.

The frameworks and action items established provide a foundation for continued collaboration in ensuring responsible quantum technology development and deployment across research, industry, policy, and civil society communities.

Wout de Natris-van der Borght:

Online moderator: Good morning, everyone, and welcome to today’s session. We’re really glad to have you here. Before we begin, I’d like to quickly go over a few session rules. Please enter your full name on this Zoom session. To ask a question, raise hand using the Zoom function. You will be unmuted when the floor is given to you. When speaking, switch on the video, state your name and affiliation. Do not share links to the Zoom meetings, not even with your colleagues. Now I’ll hand over to our session moderator to guide our through the session. Thank you.

Wout de Natris-van der Borght: Thank you. Welcome and good morning. After a good party last night, I think, here at the Council of Europe. Welcome to Eurodig’s 2025 Workshop 3, and that is called Quantum Computing, Global Challenges and Security Opportunities. My name is Wout de Natris-van der Borght. and I am your moderator of the day and I, to introduce myself, I work as an Internet Governance and Cybersecurity Consultant and I’m the coordinator of the Internet Governance Dynamic Coalition Internet Standards, Security and Safety. This morning we’re going to take a close look at the future of computing and as you will find look at what people in decision-making positions need to decide on in the present to be secure in the future. That makes this workshop topic extremely timely as the world’s government, scientists and industry face some tough choices. Sorry? I can move a little bit closer. Hopefully that works. I can only do one at the same time. Yes, maybe because I’m the boss here at the moment. I hope this is better. So, I’ll go a little bit back and say that today we have a choice because looking back we can compare the launch of the public internet or social media and IoT and everything connected to the internet to a new vehicle being launched from the top of a mountain. So, here’s a new driver sitting in the car and he’s going down the mountain slowly but surely but while driving the driver starts finding out that there are no security features built in. into that car by design in any way. There’s no braking lights and no brakes. There’s no handbrake, there’s nothing. He just goes down the hill faster and faster and then he sees a side of the road, people, I’ve got brakes for you, and they start running behind him, trying to put it on while he’s speeding ever faster and faster down that mountain. And that is ICT for you. Comes on, it works, it goes, and then we have to start thinking about security. And you have to buy them as end user. Yourself is not there secure by design. So why am I looking at an empty chair on the screen? Or is that? I think it’s because that microphone is also used. This one. Okay. No. No. Yes, I think this is better than looking at an empty chair. So I think you got the picture on this car going down the road. And now we’re at the advent of quantum computing. And as everybody is warning us, that is going to change the whole ballgame once again. And we got that option now to fix this new technique before it starts its descent down the mountain. We also got the option to secure everything that is here now and protect it from the speed of quantum computing. And we don’t know if that is tomorrow, next year, or 10 years from now, but the fact is it will probably be here somewhere in the near future. Today, we will look at the threats and opportunities that quantum computing poses, such as cryptography and data protection. Quantum computing threatens today’s encryption, but it also provides new ways to secure data. It will require new frameworks. that take proactive steps to ensure compliance with the regulatory requirements and security standards while enabling innovation to flourish. What we’re not discussing is what quantum computing is. I hope you have taken the time to participate in the Eurodig webinar on 30 April, or you had the time to view it later to prepare for this session. You can also do that after the session, of course, but without further ado, let’s start and introduce the key participants. I have here, to my furthest right, we have Mark Mattingley-Scott. He’s Chief Revenue Officer at Quantum Brilliance based in Germany. I have Elif Kiesow, who is the Project Lead of the IGF Dynamic Coalition Internet Standards, Security, and Safety, Working Group 9 on Quantum Computing, and hopefully, Tim is there, Tim Smith is there, because I’m not watching the Zoom at this moment. Tim Smith is there, and he’s Coordinator, Open Quantum Institute at CERN, and they all go three, gonna talk about quantum computing from a different angle. But first, I give the floor to Tim Smith, and I think he’s going to make a positive statement about how to approach developments and to avoid the worst. And in a sentence, he described it as keeping the QC opportunities in focus through international collaboration and applications for society. So, Tim, the floor is yours, and what I have to mention first, we have three presentations. After that, we have time for questions and dialogue, as that is what this session is supposed to be about. So, we have about half an hour to discuss this topic. Thank you very much, and Tim, the floor is yours.

Tim Smith: Fantastic. Thanks very much. Can you hear me well?

Wout de Natris-van der Borght: Yes, thank you.

Tim Smith: Perfect. Okay, well, thank you very much for this opportunity. I’m really sorry I can’t be there. there in person to be with you. But nonetheless, I’d like to join in with the discussion by, as was just said, making a bit of a positive outlook on the opportunities because the second quantum revolution is already underway. It’s already here. It’s not a question of waiting. It’s a question of being part of it and shaping it. Okay, a handful of algorithms have been created already to harness the potential, but just a handful, and we’re still looking for more, algorithms such as factoring of large numbers, searching of unsorted databases, Hamiltonian simulations, solving linear systems of equations or optimizations. And we’re looking for ways of applying these to applications that are beneficial to society. But we do know that to run these at the moment needs millions of qubits with low error rates and long coherence times. And we don’t have those in the current hardware. So we’re some years off exploiting. So people have said we have time and we’re talking of a year, five years, 10 years, but we don’t actually, because already we found ways of using hybrid techniques to use these already modest scale quantum computers that have been built, even if they have curtailed coherence as co-processors basically in a hybrid mode. So we’ve created these noisy intermediate state quantum computers with algorithms that can be used today, variational quantum algorithms, which alternately delegate the classically difficult parts to the co-processor quantum computer, and then perform some of the difficult, some of the steering on the sufficiently powerful classical devices. So we’re using quantum computers today already to make tough calculations. They’re not going to take over the world, they’re not going to replace all of classical computers, but they’re going to augment in the most difficult calculations by giving us new ways of doing things faster. So the question is, which calculations? Now, unfortunately, in today’s geopolitical context, the developments of these algorithms are being done with a focus on sovereignty, security, race for supremacy. But we learned to our peril from past tech waves like AI, that unless you do multilateral governance and international cooperation on R&D in advance, it will not land on society correctly.

Online moderator: So now is the time to shape global governance and explore impactful applications for society and our planet. And in this optic, we launched at CERN here, the Open Quantum Institute. It was conceived by JESDA and we’re now hosting at CERN, which focuses on exploring these future applications with a focus on the UN Sustainable Development Goals, on accelerating them. So we’re a novel science diplomacy instrument offering a neutral platform for international collaboration between researchers, diplomats, the private sector, philanthropy, because we believe humanity’s biggest challenges today are shared global challenges. So therefore, it necessitates transnational collaboration to ensure that it will be able to benefit and unlock the potential of quantum computing for everyone and not just a few. And we also think this is the only way to make solutions which reflect the genuine needs of diverse population. So not only are we looking for the applications, but if we want the. global population to be involved, we need to do capacity building. So we’re also trying to do capacity building in the underserved geographies, quantum hackathons, educational material and educational programs in quantum computing. But not just that, with the doers, but what about all the decision makers? So we’re trying to raise awareness as well with the lawmakers and the diplomats by getting them to play a serious game, the quantum diplomacy game, to understand the geopolitical implications of developing a new type of technology. So in summary, the quantum opportunities also bring risks. The rapid development is outpacing equitable access frameworks and exacerbating existing global inequalities. The infrastructure, supply chain, intellectual property is again being concentrated in just a few countries, just a few private corporations, creating yet again the risk of technological monopolization. So without anticipatory governance, this dual-use technology could undermine digital security and fuel even more geopolitical tensions. So if development is driven solely by strategic or commercial interests, it risks diverging from the potential impact on the SDGs and impact on society. As a little bit of hope, governance-oriented frameworks are already taking shape, such as the World Economic Forum’s quantum computing governance principles that define global guidelines to assess and manage the opportunities and risks of quantum computing, and the OQI itself. which exemplifies how quantum innovation can be guided by multilateral cooperation and SDG-focused governance. So we need more of these international collaborations and we hope that the OQI will provide the neutral platform where we can accelerate these dialogues and shape the effective governance. Thank you.

Wout de Natris-van der Borght: Thank you Tim and I think also from a hopeful point of view and that you see the first positive steps going but there’s also a strong warning coming with your hope and message so thank you for that. From the positive side we’re going to move to the dark side and we have Mark here sitting to my left. Mark Mattingley-Scott and as I said he’s Chief Revenue Officer at Quantum Brilliance and as he said in his introduction to me somebody has to deal with the bad side so Mark I give the floor to you and tell us how bleak our future is.

Mark Mattingley-Scott: Well thank you for that introduction. I don’t quite know what to make of that other than the fact that in my circle of friends in Germany there are many people from the Balkans and they told me that if you slightly mispronounce my first name it means darkness so I guess that fits. So I want to talk about the quantum threat and the race for quantum safe security but I’m also posing the question of is it really a threat. So there is a real growing issue posed by quantum computing, quantum technologies that touches all of us working in security and engineering and Let’s go down the rabbit hole a little bit and look at what that means for encryption and digital security. Quantum computers, as Tim said, will one day be able to break today’s cryptographic methods. Cryptography, as we know it today, relies on mathematically hard computations, typically factoring a number, so it’s very easy to multiply 3 by 5 and understand that the answer is 15. We can also, we can all do the reverse operation, because we all know that 15 is 3 times 5, but for arbitrary large numbers, those two operations are highly asymmetrical. A lot of the cryptographic infrastructure we rely on today relies on that and other similar mathematical asymmetries. In quantum computing, one of the founders of quantum computing, a guy called Peter Shaw, who’s a professor at MIT, invented an algorithm which basically takes that problem of factoring a number and it makes it look a little bit like playing a chord on a piano. I’m oversimplifying here. And then you can use a quantum computer to essentially extract what amount to the notes, and those notes are then the factors of that number. And this algorithm is extremely high-performance if run on qubits. There is another algorithm called Grover’s algorithm. Lev Grover invented that, which has a similar effect on calculating checksum-based cryptography. And there are other approaches, compromises, approximations to both. Grover and Shor’s algorithm, which will one day pose a threat. So when I say will one day, where’s this technology right now? We are in the position that we can, depending on the hardware, underlying hardware, generate a handful of qubits up to maybe a hundred, hundred and fifty qubits, maybe a couple of hundred qubits, reliable, low error, sometimes low error qubits. Just to give you a feel for where we need to be, it’s a bit like saying we’ve just built a paper airplane, but we need to fly to Mars and build a colony. So we’re still a way away, but the principles have been established. Now the question comes, well why do we care if that’s first going to be a real threat in 10, 20, 30 years? And the problem here is called harvest now and decrypt later. So encrypted data is very often used in situations where it’s stored and becomes amenable or possibly attackable at some future point. Think of anything based on a blockchain, where essentially you’re signing each epoch in the blockchain. If you can in 20, 30, 40 years break that blockchain, break the encryption, you can essentially rewrite the entire blockchain. And if you’ve got a currency based on that, that might be a bit of a problem. Symmetric cryptography is also not immune. As I mentioned, Glover’s algorithm halves basically the key strength of any cryptographic key. So a 256-bit key becomes effectively 128-bit key, which is a very different problem to attack. We now have a thing called post-quantum cryptography. It’s based on what are called quantum-resistant problems. So there are some problems which are still computationally unfeasible even for quantum computers, and this new type of cryptography is based on such methods. Things, if you hear about things like lattice codes and hash-based codes, then that’s what we’re talking about. Additionally, the United States National Institute of Science and Technology recently published and recommended a series of methods for ensuring quantum robust cryptographic protocols, and if I look at the organization I’m representing or indirectly representing today, the IEEE, we have nine working groups working on quantum computing, two of which working specifically on quantum communication and quantum key distribution. The challenges we face in migrating from a pre-quantum world, in which we find ourselves at the moment, to a post-quantum world revolve around using those different methods, updating cryptographic and non-cryptographic protocols, so SSH, TLS, all the things we’re used to using today to ensure secrecy and confidentiality will need to be upgraded. There will be a lot of work to be done on changing and upgrading legacy systems. I think for those of you who remember it, the year 2000 bug, the year 2000 event, involved also upgrading a lot of systems. Quantum is going to be, at least an order of magnitude, have at least an order of magnitude more impact, and it’s also essential to be agile. Agile in the sense of from an organizational point of view. Quantum key distribution, a A key topic, short to medium term topic, using secure physics-based methods to exchange cryptographic keys is increasingly a focus. It’s still expensive and impractical at scale, but there’s a lot of money being invested and a lot of effort being made to change that. So the message I give to my customers, my investors, and the industry in general is start to understand where you use any kind of cryptography, and you’d be surprised by the list of places. Identify and mitigate any long-term data. Begin to start to use the new cryptographic methods as they become available. And of course, push your vendors to provide the technology to do that. From a policy point of view, all these changes represent both opportunities and risks in terms of ensuring that the methods and procedures and processes we use remain open and transparent and available to all. Finally, quantum is coming. It’s unavoidable. Actually, we shouldn’t think about avoiding it. We should embrace it. We don’t know exactly when, to what degree specific threats will become real threats. But we do know that we’re running out of time. There’s no time left to wait. We need to act now. And that means from a policy perspective, we also need to act now. Thank you.

Wout de Natris-van der Borght: Thank you, Mark. There’s some consternation here, as you see, because the three of us are in a different Zoom room than all of you. and that’s why you can’t see the presentations. So we’re trying to see if we can fix it very fast. The link that we’ve got is apparently a different one that the rest of the audience received. So that’s all I can give as an explanation. Elif is next, but I think it’s going to work. So let me introduce Elif Kiesow-Cortez to you. As I said, she is the chair of Working Group 9 on Emerging Technologies of DCISVC. And we’re doing a research at this moment into the social implications of quantum computing when that hits society. And with that, I give the floor to Elif to give a preliminary draft version of the report that will be published at the IGF in June in Lillestrøm in Norway. Elif, the floor is yours.

Elif Kiesow: Thank you very much, Wout. I will just need everyone on Zoom to put on mute, including our room, if that’s possible. Otherwise, we are getting feedback. Okay, no, then we get feedback. Okay. I will just… Okay, is this good enough? It’s not… …or what you need to care about is… …to a level where they will achieve a… …to sell not the brain for a thing that sells. So that was your reviews and what we mean when… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Susan. And if you wanted to take home something, Sorry, I’m getting echo again. Did anything change? Okay, yeah. I think… Am I only hearing it or are you guys also hearing some feedback? All good? Okay, it’s perfect. Okay, if it’s good, then let me continue. So the first thing that you can maybe take to your organization after this presentation when it comes to organizational needs can include the planning stage. Again, you will want to look at what algorithms are being used in your current encryption methods, but that is also called a cryptographic inventory. So even if maybe you won’t be able to convince the management yet to take steps towards post-quantum cryptography, I think it would be important to look into at least creating something like a cryptographic inventory. And then, of course, eventually these steps that we will be publishing in our research should lead to a migration roadmap also at the organizational level. So we will be creating it in a way that it’s building up on each other in steps. So that’s also the examples that I wanted to use here. Okay, so then I mentioned at the opening that I will say a few things about IoT security and PQC as well. There, what we see as a main issue is already IoT security is a big problem, right? Because there are many layered problems. I just use one here that there are legacy devices. So the security vulnerabilities that are being caused for legacy devices is going to be multiplied in the future if we are doing this migration to PQC. So that’s why we want to bring it forward in this research and say that let’s pay attention to it from the get-go this time. Let’s not make the same mistakes of forgetting that IoT devices are our main vulnerabilities in many aspects. So in that sense, we are also bringing together, they advised to put together the need for IoT security with this new migration to PQC policies. And of course, a part of it, an important part of it, is public procurement. Just a taster, we can mention that probably whomever is deciding on, of course, also using IoT devices, for example, for sensitive data, for public data, should also consider while at the procurement stage to purchase devices that at least have the capacity to migrate to post-quantum cryptography. That’s pretty much what I wanted to cover. Just maybe one note, one thing that was mentioned by Mark was QKD. What we like to differentiate is when we are talking about QKD, we are talking about more quantum encryption, but when we are talking about post-quantum cryptography, some of you maybe already caught the clues there, but this is something that can run on classical computers, so you do not need quantum computers to run PQC, and that’s why we are now already ready, if we make the necessary investment, to upgrade our systems to better algorithms. Thank you.

Wout de Natris-van der Borght: Thank you, Elif, and I think that the three presentations struck a sort of a balance about hope, about the dark side, what may be waiting us, but also the options that we have today to actually start protecting ourselves from what may come one day, what we call on quantum day. We just don’t know when quantum day is, and I suppose that even researchers working on it continuously today don’t know when quantum day is unless somebody is keeping some big surprises for the world, which is also an option, of course, because it gives you a major advantage. With that, I want to open the floor for comments or questions or a debate, and that’s all up to you. So, online, if there are any comments, then please let me know. Who would want to take the first question in the room? Yes, please introduce yourself first.

Audience: Can you hear me well? So my name is Isti Marta, I’m from the University of Warsaw. So my question is to Mark and also to Elif. So first question is about the quantum key distribution. What are the possible risks for dual use technology, both present and the future? And for Elif, for the PTC migration. So what do you think, what are the risks for this PTC migration to fail? And if it does fail, probability wise, what sort of dire consequences that will be faced by a country? So yeah, thank you.

Mark Mattingley-Scott: Okay, so if I understood your question correctly, you are interested in what are the risks associated with dual use of this technology and risks in the context of risks in the context of weaknesses or ways that the technology can be attacked or risks in the sense of the technology may not be up to it or risks in the sense of the technology may be misused. Can you clarify please?

Audience: I think three of them, if that’s possible. If you have any insights as for now, when it comes to dual use technology.

Mark Mattingley-Scott: So I think the quantum key distribution The design parameters of the methods that are being investigated are, obviously, to design systems and technologies that are robust to design against weaknesses from the start. Obviously, at a certain level, that’s a naive position because every technology always has some weaknesses somewhere, but I think that is happening out in public. That is a transparent process, at least as far as we can tell. I don’t see currently any issues there. The second point was potential misuse of the technology, and I guess there’s two ways to look at that. One is from the point of view of can an aggressor misuse this technology, can a defender use this technology, particularly in the situation in Europe and in Ukraine at the moment. I think the answer to that is we can theorize about that situation as much as we want without getting or trying to avoid being very political about it, but what we do see is every technology, or the potentials and the weaknesses of every technology, become glaringly obvious the moment it hits the battlefield. So for the dual use, in the sense of dual use, it’s impossible for me to predict. I think we just have to wait and see.

Panelist: Yes, and thank you for the question that is more focusing on the international aspect, I guess. I think maybe the main one that is most relevant also for our community is it can increase the risk of digital divide when we are thinking about PQC migration, right? Because now we are seeing already some countries coming up with roadmaps. They have maybe the resources to come up with the roadmaps, maybe they have the resources to develop the algorithms and then they will maybe have the resources to implement and make this migration happen. And then it can lead to a situation that we will be having, of course, the states that manage to do it and are in a much secure place maybe when it comes to cybersecurity, whereas those that could have been left behind. But since we are already able to discuss this at an earlier stage where the migration did not happen yet for any country, I think that our community has a chance to think about this further and definitely to advise, I think, also for further international cooperation and support so that we are not really running into a situation that we can pretty much predict. Thank you.

Wout de Natris-van der Borght: Another question? Yes, please.

Marijana Puljak: Hello. It’s maybe not a question but a comment. Please introduce yourself. Oh, sorry. Marijana Puljak. I’m a member of the Croatian Parliament and a member of the Parliamentary Assembly of the Council of Europe and I must say with 25 years of IT background, so maybe I will have an IT comment on all this. When talking about technology, about all these questions, can technology be used and misused? Of course. We have a fire so you can burn the house or you can cook dinner with the same tool. So every technology can be used and misused is the question of how fast are we with regulating it and how fast are we with, you know, who is the faster, bad guy or good guy? And also I must say my daughter is in research of quantum computing at CERN specifically and through her experience I see and I’m aware that there is still a significant gap between researchers and industry, especially in diplomacy, as you said. And so when trying to commercialize this technology. Maybe it’s hard, you also said about the funding, you are trying to find funding. Maybe the funding is hard to find because no one can predict how the return of investment will be in 5, 10, 20 years or maybe next week. That’s why the problem is with all of this. But I’m interested how do you see, you know, this is really new and fast development, fast new technology. How do you see this bridging this gap between researchers and industry? Thank you.

Panelist: Yes, so I can give a comment and I’m going to assume that maybe Tim would like to jump in as well because definitely the Open Quantum Institute is working on that. And for example, I’m working with industry associations that are both in the US and in the EU that are focused on quantum. And we are looking into these kind of governance issues as well. So I can say that there are different groups also, as far as I know, in Australia, as well as in the UK, that are looking at it from more responsible technology angle as well. And of course, even that research is not very easy to do, because exactly, correctly as you put it, when you say there is this technology which might be a problem in 10 years, it’s not something that people really feel like they should care about, right? So that is, I think, one of the main issues that we are still running into, even if there is work. And just before giving the floor to Tim, I can say that the difference with the PQC is I think now we are seeing government action. So then I think as long as we see, for example, government action, which is in form of policy, which is maybe even saying by this date we want to see these results, I think that really gives good support also to bridge that gap. Yes, Tim.

Wout de Natris-van der Borght: Thank you, Tim. And before I give the floor, I would like to expand the question a little bit. As you said, you’re working together with a lot of different organizations. organizations. What I would like to know also is the enthusiasm, let’s call it that, to cooperate larger in governments or in academia or in the industry. And secondly, do you think that we can afford to make it a voluntary action to deploy these post-quantum encryption beforehand, or can we leave it to industry just like we did with all the other techniques that came along online? So I think that expands the question a little bit. Over to you, Tim, thanks.

Tim Smith: Thanks very much, it’s a great question. Exactly, the fact that fire is both good and bad and every technology similarly is both good and bad shouldn’t be ignored in the sense that we should embrace the fact that we know this is happening and embrace the learning we’ve had from previous tech waves, is that exclusion from solutions, exclusion from discussions, causes even greater misuse, it causes even greater divides, the haves and the have-nots. So in fact, we see the best way of developing the technology responsibly is by having these conversations with all of the actors in the room to investigate all these different aspects simultaneously and to come to common understandings of how to steer it. It’s not clear up front that one entity can be doing the steering. I think there’s all these different perspectives have to be taken into account. So the way we’re doing it is having these multilateral workshops, multilateral discussions on responsible computing, responsible quantum computing, and also forming teams that are working on solutions that are also multi- multilateral. So bringing industry, bringing academia, bringing the funders, bringing the decision makers, bringing the domain experts all into the same teams that are trying to perform solutions to bring all these different aspects, because I think it’s only through common understanding that we can see a common way of beneficially developing this in the future.

Wout de Natris-van der Borght: Thank you, Tim. I’m getting to use our focal point first and then I’ll come to you. Jörn has helped us tremendously to make this session happen and he has a comment to one of the questions.

Jörn Erbguth: You ask whether it is mandatory and we have current laws that make it mandatory. GDPR makes it mandatory to use quantum proof encryption because it makes it mandatory to use secure encryption and once the standard is out and it is state-of-the-art to use quantum proof encryption, it is mandatory and it’s a GDPR violation if you don’t use it for relevant data. So it is mandatory and we don’t need to change any law to make it mandatory.

Wout de Natris-van der Borght: Thank you, Jörn. I think that is a very clear statement. Should people from industry be in the room? I saw your hand up, please introduce yourself first.

Audience: Biljana Zaslova-Friedrich, do you hear me? Biljana Zaslova-Friedrich from the European Centre of Quantum Sciences, based here in Strasbourg, not far away from the Council of Europe. I’m a senior project manager working on different European projects on AI, machine learning and quantum. Our centre is a transdisciplinary, transnational centre, working on the Rhine Valley but also with the whole region contest. And we have a lot of programmes actually, not only of course training, research, but also innovation because we are also an innovation hub with one start-up for a quantum simulator. And we also now dwell more into the governance and the policy making issues because we have understood that there is a huge problem in making quantum relevant and interesting. for policy makers, but also for overall, for the population. We have huge problems in training younger generations. They are not so interested in sciences, so that’s one of our first fight. The second fight that we have in the near and middle term process is to try to make the industry in the Grandes, but also in France, to try to adapt their solutions and include quantum. It’s quite a risk actually for industry makers. Their R&D are not trained into looking into quantum solutions when it comes to training them is also quite a big deal. So what we try to do is really to find user cases that will make our quantum computer and our simulators work, so that we have more experience and try to correct the errors and try to find out how we can manage to develop this, to better develop, to improve our technology. By the way, for Mark, it’s a neutral atoms, ion traps technology. It’s quite different from the diamond, for your diamonds. So my question is, do you think that we should target only the industry or should we target also policy makers and what the European Union could do in this in this perspective? Because now that I know that they have a new quantum strategy that is launching, there’s a consultation process, by the way, about the quantum strategy and my center will definitely try to contribute to this new quantum strategy. Thank you.

Panelist: So I think It’s definitely great that you already mentioned both the great work and also what’s happening right now. Maybe we can also highlight that it is true that right now there is a call for evidence from also the EU that is looking into feeding their quantum strategy with more feedback from the citizens. What we highlight is exactly on the point that you are mentioning. One point is of course to look into future workforce and to make sure that there are trainings that are targeted so that we can get more quantum talent. But the other part is how are we going to make sure that we are also informing citizens as well as policymakers in time so that they can be a part of this discussion in an informed way. And I think that would be something that we are definitely looking into solving in the recent or in the coming years. So I would say that’s definitely one key point. And I’m going to again mention that for Tim, for example the Open Quantum Institute’s role is I think exactly for looking at bringing together different stakeholders, but we think that IGF can also be an important power in this. So we started our working group in the Dynamic Coalition Internet Safety Security Standards, so IS3C as you know our common name. So we started this working group nine that is looking at quantum already two years ago. So we started reaching out actually to policymakers saying that this is going to be an important issue, would you like to work with us? So let’s also use this platform then to make our call that we think that IGF is also perfectly positioned to bring together different stakeholders and look at it from more adoption and governance angles because we need those voices as well. Yeah, thank you.

Wout de Natris-van der Borght: Thank you, Edith. And looking at the time, we have to start wrapping up unfortunately, but I suggest that we exchange cards in a moment and with you as well, Tim, and see what we can do in the future because this is hopefully not the end, the presentation of this report. We have now to go to the messages, to discuss the messages. I’m going to ask, how much time do we have left? Can we do five minutes extra? Yeah. We have five minutes extra. Okay, then I’m going to ask Tim and Mark and Elif to say in one sentence. In one sentence, what it is they think the next step should be right now. So, in one sentence, Tim.

Tim Smith: Building on the previous question, public awareness. I think demand-driven, demanding the solutions, expecting the integrations is perhaps the biggest thing that we should do now. Awareness-raising so that people ask for the right things and get inspired to help create the right solutions to be part of the future workforce.

Wout de Natris-van der Borght: Thank you, Tim. Mark.

Mark Mattingley-Scott: Europe is in a unique position as far as quantum technologies is concerned. In addition to having the largest pool of skills and talents in quantum technologies, a critical mass of consumers, ultimate consumers, industrial consumers of quantum technologies. And also in terms of the technologies themselves, we need to enable investment. I’m speaking as a startup here. Investment, critical growth capital will fuel that system. If we bring quantum technologies to Europe as a core key technology, then the decisions we make, the policy decisions we make, will have corresponding weight globally. And I think that’s key.

Wout de Natris-van der Borght: Mark, Elif.

Elif Kiesow: I will just echo the comments of Tim and Mark, but let me just also make it a bit more specific on what we discussed on PQC. And let me just say that I really loved what you mentioned. So if this will become the new industry standard, we have to make sure that we are not leaving any actor behind. So that would be, I think, one message from me.

Wout de Natris-van der Borght: Thank you, Elif. And before we wrap up, I would like to give the floor to Jörn Erbguth, who will share the messages of this session with you. Jörn.

Jörn Erbguth: Thank you, Wout. I share the draft of the messages. So I took from your presentation, your comments, that… It cannot be read. It’s too small? Yes. Better? Much better, yes. No, too big? Yes. Okay. So the first message is quantum computers at scale are not there yet. However, they start to be able to solve some problems faster than classical computers. We need to open quantum computing to everyone, not only a few countries and corporations. And then second, quantum computers will be able to break current cryptography. Quantum computers, quantum technology is unavoidable. There is no option to stop it. And we should not try to prevent it, but embrace it. We need to raise awareness. And concerning encryption, current risk is harvest now, decrypt later. So nobody can, as we know, can decrypt current encrypted texts, but if you store them, you can decrypt them later. We need to do the migration to quantum proof encryption now, because it will take years to do it. Countries need to take an inventory of the cryptography used and include all devices as, for example, IT devices as well. So migration to quantum proof encryption could create a new digital divide if some countries do it and some other countries don’t. And it’s an avoidable digital divide. It’s not something that is dependent on some countries not being able to do it. It is possible, but we need to roll it out. But so these are the messages they will be taking into consideration. If you have a strong disagreement with one of the messages, please raise it now. If you have editorial concerns, we can do that in the later process. Thank you.

Wout de Natris-van der Borght: Does anybody has a very strong objection? I see one finger, please. No, no.

Audience: Maybe not an objection, but maybe we can talk about hybrid computers, classical plus quantum, because there is a huge hybrid technology that is on the way that could fasten the quantum advantage actually. When you talk about the first one, quantum computers or hybrid computers.

Jörn Erbguth: I agree that hybrid computers can be an issue, but we didn’t discuss them, so I didn’t include them in the messages. I think Tim mentioned them. Okay, okay, sorry.

Wout de Natris-van der Borght: Unless you disagree, Tim, but I was very, very clearly thought I got that.

Tim Smith: Exactly, they’re the ones that are most practical now.

Jörn Erbguth: Thank you. Where would you include them?

Wout de Natris-van der Borght: Yes, they should be in the first one, Björn.

Tim Smith: I would say about steering hybrid developments collaboratively. Because I’m always hoping to push towards the good rather than the bad.

Wout de Natris-van der Borght: While Jörn is typing, is there another strong objection? I don’t see any hands up, so I take it that the draft version is accepted. Thank you very much, Jörn. That brings us to the end of this first session of this morning in this room. Just to promote the Dynamic Coalition again a little bit, if you’re interested in our work, you can join it by going to the IGF website and join the mailing list. And if you go to Dynamic Coalitions, you’ll see Internet Standards, Security and Safety Coalition. and you can join there. We have our own website, is3coalition.org, where results and reports are published. What I can announce is that we will present the second draft of our reports to the AFNIC organization about two weeks from now. And after that, if they agree, then we’ll have a short public consultation on the report that will be announced on our website and in other places around the internet. And you have about two weeks to respond to our findings. And then we publish the report at the IGF and present it there, probably on the day zero. That ends my part of making publicity for our own coalition. I would like to thank first our key participants. Tim in Geneva, thank you very much for your hopeful contribution to this discussion. And I think that it would be good if we discussed further in the near future. Mark Mattingley-Scott to show to us what the threats are, but also what the future holds for us and what could be a positive outcome and Elif for presenting the draft report to us. But I’d also like to mention the other org team mentioned people because we got together as a team to make this session happen. And the first is our focal points, Karen Mulberry and Jörn Erbguth, but also Konstant Weisse, who coordinated a lot in the background for us and made it possible for us to meet. I’d like to thank our rapporteur, who’s also Jeroen, thank you very much. But also the people at EuroDIG here in the room, but also especially behind the scenes who make everything possible that we do, Sandra and the team and Rainer. So without them, there would be no EuroDIG. And I think that gives a round of applause for them as well. So thank you very much. And then I’ll hand over to you to wrap up.

Agreement points

Urgency of immediate action despite uncertain quantum timeline

Speakers

– Tim Smith
– Mark Mattingley-Scott
– Elif Kiesow
– Wout de Natris-van der Borght

Arguments

We don’t have those in the current hardware. So we’re some years off exploiting. So people have said we have time and we’re talking of a year, five years, 10 years, but we don’t actually, because already we found ways of using hybrid techniques

We don’t know exactly when, to what degree specific threats will become real threats. But we do know that we’re running out of time. There’s no time left to wait. We need to act now

Organizations need to create cryptographic inventories and migration roadmaps now

Decision-makers must act in the present to ensure future quantum security despite uncertain timelines

Summary

All speakers agree that despite uncertainty about when quantum computing will reach full capability, immediate action is required now to prepare for quantum threats and opportunities. Waiting is not an option.

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Need for international cooperation to prevent technological monopolization

Speakers

– Tim Smith
– Elif Kiesow
– Panelist

Arguments

Multilateral governance and international cooperation are essential to prevent quantum technology monopolization

PQC migration could create new digital divide between countries with and without resources

International cooperation essential to prevent digital divide in quantum security migration

Summary

Speakers consistently emphasize that without proper international cooperation, quantum technology development will create or exacerbate global inequalities and technological monopolization by a few entities.

Topics

Development | Legal and regulatory | Cybersecurity

Quantum computers will augment rather than replace classical computing

Speakers

– Tim Smith
– Mark Mattingley-Scott

Arguments

Quantum computers will augment classical computers in difficult calculations rather than replace them entirely

Current quantum computers already solving some problems faster than classical computers

Summary

Both speakers agree that quantum computers are specialized tools that will work alongside classical computers for specific difficult calculations, not universal replacements.

Topics

Infrastructure | Economic

Post-quantum cryptography migration is essential and feasible now

Speakers

– Mark Mattingley-Scott
– Elif Kiesow
РJ̦rn Erbguth

Arguments

Current encryption standards will become vulnerable, requiring migration to post-quantum cryptography

Post-quantum cryptography can run on classical computers and doesn’t require quantum hardware

GDPR already makes quantum-proof encryption mandatory once it becomes the standard

Summary

All speakers agree that migration to post-quantum cryptography is both necessary and technically feasible with current classical computing infrastructure.

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Similar viewpoints

All three speakers advocate for neutral, multi-stakeholder platforms that can facilitate international collaboration and inclusive governance of quantum technologies.

Speakers

– Tim Smith
– Elif Kiesow
– Panelist

Arguments

Need for neutral platforms like Open Quantum Institute to facilitate international collaboration

IGF positioned to bring together stakeholders for quantum adoption and governance discussions

Multi-stakeholder approach to quantum governance

Topics

Legal and regulatory | Development | Sociocultural

These speakers share the view that public awareness, citizen engagement, and government policy support are essential for successful quantum technology development and governance.

Speakers

– Tim Smith
– Elif Kiesow
– Panelist

Arguments

Public awareness and demand-driven solutions are crucial next steps

Need for government action and policy support to bridge the gap between research and implementation

Public awareness and citizen engagement crucial for informed quantum policy development

Topics

Sociocultural | Legal and regulatory | Development

Both speakers emphasize the critical role of investment and government support in bridging the gap between quantum research and practical implementation.

Speakers

– Mark Mattingley-Scott
– Elif Kiesow

Arguments

Investment and critical growth capital essential to fuel quantum technology development in Europe

Need for government action and policy support to bridge the gap between research and implementation

Topics

Economic | Legal and regulatory | Infrastructure

Unexpected consensus

Embracing rather than avoiding quantum technology

Speakers

– Mark Mattingley-Scott
– Tim Smith

Arguments

Quantum technology is unavoidable and should be embraced rather than avoided

Quantum revolution is already underway with hybrid techniques using current quantum computers as co-processors

Explanation

Despite Mark being positioned as presenting ‘the dark side’ and Tim the positive outlook, both speakers unexpectedly agree that quantum technology should be embraced rather than feared or avoided. This consensus bridges the supposed divide between optimistic and pessimistic perspectives.

Topics

Infrastructure | Legal and regulatory | Economic

Hybrid quantum-classical systems as current practical solution

Speakers

– Tim Smith
– Audience
– Mark Mattingley-Scott

Arguments

Hybrid quantum-classical computers are the most practical solution currently available

Significant gap exists between quantum research, industry, and diplomacy that hinders commercialization

Current quantum computers already solving some problems faster than classical computers

Explanation

There was unexpected consensus that hybrid systems represent the most practical current approach to quantum computing, bridging the gap between theoretical potential and current limitations. This agreement emerged organically during the discussion.

Topics

Infrastructure | Economic | Development

Legal frameworks already exist for quantum security requirements

Speakers

РJ̦rn Erbguth
– Elif Kiesow

Arguments

GDPR already makes quantum-proof encryption mandatory once it becomes the standard

Public procurement should consider devices capable of migrating to post-quantum cryptography

Explanation

Unexpectedly, there was consensus that existing legal frameworks like GDPR already provide the foundation for quantum security requirements, suggesting less need for entirely new legislation than might be anticipated.

Topics

Legal and regulatory | Human rights | Cybersecurity

Overall assessment

Summary

The discussion revealed strong consensus on key issues: the urgency of immediate action despite timeline uncertainty, the need for international cooperation to prevent technological monopolization, the complementary rather than replacement role of quantum computing, and the feasibility of post-quantum cryptography migration. Speakers also agreed on the importance of multi-stakeholder governance, public awareness, and government policy support.

Consensus level

High level of consensus with significant implications for quantum technology governance. The agreement across speakers with different perspectives (optimistic, cautionary, and technical) suggests these viewpoints represent well-established expert consensus rather than partisan positions. This strong alignment indicates that policy makers can move forward with confidence on these agreed principles, focusing implementation efforts on the areas of consensus while addressing remaining technical and logistical challenges.

Different viewpoints

Timeline urgency vs. collaborative development approach

Speakers

– Mark Mattingley-Scott
– Tim Smith

Arguments

No time left to wait – action needed now despite uncertain timeline for quantum threats

Building on the previous question, public awareness. I think demand-driven, demanding the solutions, expecting the integrations is perhaps the biggest thing that we should do now

Summary

Mark emphasizes immediate action due to running out of time, while Tim focuses on building awareness and demand-driven solutions as the priority, suggesting different approaches to urgency

Topics

Cybersecurity | Legal and regulatory

Technology focus: European competitiveness vs. global collaboration

Speakers

– Mark Mattingley-Scott
– Tim Smith

Arguments

Europe has unique advantages with largest pool of quantum skills, critical mass of consumers, and potential for global policy influence

Multilateral governance and international cooperation are essential to prevent quantum technology monopolization

Summary

Mark emphasizes Europe’s competitive advantages and the need for investment to maintain leadership, while Tim stresses the importance of preventing monopolization through international cooperation

Topics

Economic | Development | Legal and regulatory

Implementation approach: Technical solutions vs. governance frameworks

Speakers

– Elif Kiesow
– Tim Smith

Arguments

Organizations need to create cryptographic inventories and migration roadmaps now

Need for neutral platforms like Open Quantum Institute to facilitate international collaboration

Summary

Elif focuses on immediate technical and organizational steps for quantum readiness, while Tim emphasizes the need for international governance platforms and collaborative frameworks

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Unexpected differences

Regulatory approach necessity

Speakers

РJ̦rn Erbguth
– Wout de Natris-van der Borght

Arguments

GDPR already makes quantum-proof encryption mandatory once it becomes the standard

Decision-makers must act in the present to ensure future quantum security despite uncertain timelines

Explanation

Unexpectedly, there’s a subtle disagreement about whether new regulations are needed. Jörn argues existing GDPR is sufficient once quantum-proof encryption becomes standard, while the moderator’s framing suggests new decision-making frameworks are needed

Topics

Legal and regulatory | Human rights

Technology readiness assessment

Speakers

– Tim Smith
– Mark Mattingley-Scott

Arguments

Quantum revolution is already underway with hybrid techniques using current quantum computers as co-processors

Current quantum computers already solving some problems faster than classical computers

Explanation

While both acknowledge current quantum capabilities, Tim is more optimistic about present applications through hybrid systems, while Mark emphasizes the significant gap between current capabilities and the scale needed for cryptographic threats

Topics

Infrastructure | Economic

Overall assessment

Summary

The discussion reveals moderate disagreements primarily around prioritization and approach rather than fundamental opposition. Main areas include: timeline urgency vs. collaborative development, European competitiveness vs. global cooperation, and technical implementation vs. governance frameworks

Disagreement level

Low to moderate disagreement level. Speakers share common goals of quantum preparedness and security but differ on strategic priorities and implementation approaches. These disagreements are constructive and reflect different expertise areas rather than fundamental conflicts, suggesting potential for synthesis of approaches

Partial agreements

Similar viewpoints

All three speakers advocate for neutral, multi-stakeholder platforms that can facilitate international collaboration and inclusive governance of quantum technologies.

Speakers

– Tim Smith
– Elif Kiesow
– Panelist

Arguments

Need for neutral platforms like Open Quantum Institute to facilitate international collaboration

IGF positioned to bring together stakeholders for quantum adoption and governance discussions

Multi-stakeholder approach to quantum governance

Topics

Legal and regulatory | Development | Sociocultural

These speakers share the view that public awareness, citizen engagement, and government policy support are essential for successful quantum technology development and governance.

Speakers

– Tim Smith
– Elif Kiesow
– Panelist

Arguments

Public awareness and demand-driven solutions are crucial next steps

Need for government action and policy support to bridge the gap between research and implementation

Public awareness and citizen engagement crucial for informed quantum policy development

Topics

Sociocultural | Legal and regulatory | Development

Both speakers emphasize the critical role of investment and government support in bridging the gap between quantum research and practical implementation.

Speakers

– Mark Mattingley-Scott
– Elif Kiesow

Arguments

Investment and critical growth capital essential to fuel quantum technology development in Europe

Need for government action and policy support to bridge the gap between research and implementation

Topics

Economic | Legal and regulatory | Infrastructure

Key takeaways

Quantum computing revolution is already underway with hybrid quantum-classical systems currently providing practical solutions for complex calculations

Immediate action is required for post-quantum cryptography migration despite uncertain timeline for full-scale quantum computers, due to ‘harvest now, decrypt later’ attack risks

Organizations must create cryptographic inventories and migration roadmaps now, as GDPR will mandate quantum-proof encryption once it becomes the industry standard

International cooperation and multilateral governance are essential to prevent quantum technology monopolization by a few countries and corporations

Europe has unique advantages in quantum development with the largest talent pool, critical mass of consumers, and potential for global policy influence

Post-quantum cryptography can run on classical computers and doesn’t require quantum hardware, making migration feasible with current technology

Public awareness and demand-driven solutions are crucial for responsible quantum technology development and adoption

Resolutions and action items

Dynamic Coalition to present second draft of quantum computing report to AFNIC organization within two weeks

Public consultation period of approximately two weeks to be announced for feedback on the report findings

Final report to be published and presented at the IGF, likely on day zero

Organizations should begin creating cryptographic inventories immediately to prepare for post-quantum migration

Public procurement policies should consider devices capable of migrating to post-quantum cryptography

Continued collaboration between session participants through card exchanges and future discussions

EU quantum strategy consultation process to receive input from various stakeholders including the European Centre of Quantum Sciences

Unresolved issues

Exact timeline for when quantum computers will achieve cryptographically relevant scale remains unknown

Significant gap between quantum researchers, industry, and policymakers needs bridging

Funding challenges due to unpredictable return on investment timelines for quantum technologies

Training and education challenges for younger generations showing less interest in quantum sciences

How to effectively make quantum computing relevant and understandable for policymakers and general population

Specific mechanisms for ensuring no countries or organizations are left behind in the quantum transition

Integration challenges for legacy IoT devices in post-quantum cryptography migration

Suggested compromises

Embrace quantum technology development while simultaneously implementing protective measures rather than trying to prevent or delay it

Use hybrid quantum-classical computing approaches as practical interim solutions while full-scale quantum computers are being developed

Implement multilateral cooperation frameworks like the Open Quantum Institute to balance national interests with global collaboration needs

Focus on both immediate post-quantum cryptography migration and long-term quantum technology development simultaneously

Target both industry adoption and policymaker education in parallel rather than focusing on one stakeholder group exclusively

Combine voluntary industry adoption with regulatory frameworks like GDPR to ensure comprehensive quantum-safe transition

So now is the time to shape global governance and explore impactful applications for society and our planet… humanity’s biggest challenges today are shared global challenges. So therefore, it necessitates transnational collaboration to ensure that it will be able to benefit and unlock the potential of quantum computing for everyone and not just a few.

Speaker

Tim Smith

Reason

This comment reframes quantum computing from a purely technical or security threat perspective to a global governance and equity issue. It introduces the critical concept that quantum development could exacerbate global inequalities if not managed through international cooperation, shifting the discussion from ‘what quantum can do’ to ‘who gets to benefit from quantum.’

Impact

This comment established the positive, collaborative framework for the entire discussion. It influenced subsequent speakers to consider equity and access issues, and led to later discussions about digital divides and the need for inclusive development. It also prompted questions about bridging gaps between researchers, industry, and policymakers.

And the problem here is called harvest now and decrypt later. So encrypted data is very often used in situations where it’s stored and becomes amenable or possibly attackable at some future point… If you can in 20, 30, 40 years break that blockchain, break the encryption, you can essentially rewrite the entire blockchain.

Speaker

Mark Mattingley-Scott

Reason

This comment introduces a crucial temporal dimension to the quantum threat that makes it immediate rather than distant. The concept that adversaries could be collecting encrypted data today to decrypt later fundamentally changes the urgency of the problem, making it a present-day security concern rather than a future one.

Impact

This insight shifted the discussion’s urgency dramatically. It transformed the conversation from ‘we have time to prepare’ to ‘we need to act now,’ influencing the entire tone of subsequent discussions about migration timelines and policy responses. It directly led to discussions about mandatory compliance and the need for immediate cryptographic inventories.

You ask whether it is mandatory and we have current laws that make it mandatory. GDPR makes it mandatory to use quantum proof encryption because it makes it mandatory to use secure encryption and once the standard is out and it is state-of-the-art to use quantum proof encryption, it is mandatory and it’s a GDPR violation if you don’t use it for relevant data.

Speaker

Jörn Erbguth

Reason

This comment provides a crucial legal reality check that cuts through theoretical discussions about voluntary versus mandatory adoption. It demonstrates that existing legal frameworks already create obligations that will automatically extend to quantum-safe encryption, making the transition legally inevitable rather than optional.

Impact

This intervention definitively answered a key policy question and eliminated debate about whether quantum-safe migration could remain voluntary. It grounded the discussion in current legal reality and reinforced the urgency established by the ‘harvest now, decrypt later’ concept. It influenced the final messages to emphasize the unavoidable nature of the transition.

When talking about technology, about all these questions, can technology be used and misused? Of course. We have a fire so you can burn the house or you can cook dinner with the same tool… And also I must say my daughter is in research of quantum computing at CERN specifically and through her experience I see and I’m aware that there is still a significant gap between researchers and industry, especially in diplomacy.

Speaker

Marijana Puljak

Reason

This comment introduces a pragmatic, experienced perspective that acknowledges the dual-use nature of technology while identifying a critical structural problem in quantum development. The personal connection through her daughter adds credibility, and the identification of the researcher-industry-diplomacy gap addresses a fundamental governance challenge.

Impact

This comment redirected the discussion toward practical implementation challenges and governance gaps. It prompted detailed responses about bridging stakeholder divides and influenced the conversation toward concrete solutions for multi-stakeholder collaboration. It also reinforced the need for the kind of international cooperation that Tim Smith had advocated for.

Migration to quantum proof encryption could create a new digital divide if some countries do it and some other countries don’t. And it’s an avoidable digital divide. It’s not something that is dependent on some countries not being able to do it. It is possible, but we need to roll it out.

Speaker

Elif Kiesow (reflected in final messages by Jörn Erbguth)

Reason

This comment crystallizes a key equity concern by distinguishing between unavoidable and avoidable digital divides. It suggests that unlike some technological gaps that emerge from resource constraints, the quantum-safe transition could create artificial divisions based on policy choices rather than capabilities, making it a moral and strategic imperative to ensure inclusive adoption.

Impact

This insight became central to the session’s final messages and reinforced the international cooperation theme established by Tim Smith. It elevated the discussion beyond technical implementation to questions of global digital justice and influenced the emphasis on ensuring no actors are left behind in the transition.

Overall assessment

These key comments fundamentally shaped the discussion by establishing three critical dimensions: temporal urgency (harvest now, decrypt later), global equity (avoiding digital divides), and governance complexity (multi-stakeholder coordination needs). The comments worked synergistically – Tim Smith’s opening call for international cooperation set an inclusive tone, Mark’s security insights created urgency, Jörn’s legal clarification established inevitability, and Marijana’s practical observations highlighted implementation challenges. Together, they transformed what could have been a purely technical discussion into a nuanced exploration of quantum computing as a global governance challenge requiring immediate, coordinated, and inclusive action. The discussion evolved from explaining quantum threats to developing a comprehensive framework for responsible quantum transition that balances security, equity, and practical implementation concerns.

What are the possible risks for dual use technology in quantum key distribution, both present and future?

Speaker

Isti Marta (University of Warsaw)

Explanation

This question addresses the security implications and potential misuse of quantum key distribution technology, which is critical for understanding both defensive and offensive applications of quantum technologies.

What are the risks for post-quantum cryptography (PQC) migration to fail, and what dire consequences would a country face if it does fail?

Speaker

Isti Marta (University of Warsaw)

Explanation

This explores the potential failure scenarios of transitioning to quantum-resistant encryption and the national security implications of being unprepared for quantum threats.

How can the gap between researchers and industry in quantum computing be bridged, especially regarding commercialization and funding challenges?

Speaker

Marijana Puljak (Croatian Parliament/Council of Europe)

Explanation

This addresses the practical challenge of translating quantum research into commercial applications and securing investment when return timelines are uncertain.

Should quantum development efforts target only industry or also focus on policy makers, and what role should the European Union play in this perspective?

Speaker

Biljana Zaslova-Friedrich (European Centre of Quantum Sciences)

Explanation

This question explores the governance and policy framework needed to support quantum technology development and implementation across different stakeholder groups.

Can we afford to make post-quantum encryption deployment voluntary, or should it be mandatory like other security measures?

Speaker

Wout de Natris-van der Borght (session moderator)

Explanation

This addresses the regulatory approach needed to ensure widespread adoption of quantum-resistant security measures before quantum computers become capable of breaking current encryption.

How can hybrid quantum-classical computers be integrated into the quantum development strategy and governance framework?

Speaker

Biljana Zaslova-Friedrich (European Centre of Quantum Sciences)

Explanation

This explores the role of hybrid computing systems that combine classical and quantum processing, which may be more practical in the near term than pure quantum computers.

How can public awareness and demand-driven solutions be effectively created for quantum technologies?

Speaker

Tim Smith (Open Quantum Institute at CERN)

Explanation

This addresses the need for public understanding and engagement to drive appropriate development and adoption of quantum technologies for societal benefit.

How can international cooperation prevent quantum technologies from creating new digital divides between countries and corporations?

Speaker

Multiple speakers (Tim Smith, Elif Kiesow, session discussion)

Explanation

This explores the governance mechanisms needed to ensure equitable access to quantum technologies and prevent concentration of quantum capabilities in only a few entities.