In its National Quantum Strategy, which includes £2.5bn of funding, as well as plans for research zones and skills training, the government announced it will establish a regulatory framework “that supports innovation and the ethical use of quantum technologies”. This needs to be stable, agile, simple and ethical while also protecting UK capabilities and national security. One expert told Tech Monitor the focus should be on legislating for post-quantum cryptography before the UK is left behind.
Quantum computing is a potentially transformative technology, once fully realised it has the potential to change our understanding of the universe, the human brain and tackle problems like climate change. But it also comes with risk, including the potential to easily crack encryption and change warfare.
Governments around the world are investing heavily in quantum technology with China leading the world in terms of direct national-level funding followed by the EU and now the UK. Billions of dollars worth of venture capital, private investment and university research funding are also being put into the technology.
Last year Stanford University’s Professor Mauritz Kop declared that we need to learn from our mistakes made around the regulation of AI “before its too late” and said quantum computing has the potential to be “more dangerous than artificial intelligence” without sufficient regulation.
In its National Quantum Strategy the government says it is important to engage early in the debates that will shape the future regulation of quantum technology. Early work will help to identify potential risks with the use of the new technology and develop new shared taxonomies, languages and principles to guide development.
“Eventually new standards, benchmarking and assurance frameworks will increase in importance to facilitate technological development as use cases become more evident, helping to set requirements for interoperability and to measure performance within key sectors,” the strategy says.
How the UK will develop ethical quantum systems
It includes a commitment to put innovation, business growth and the ethical use of quantum technologies at the heart of the UK economy while also trialing technologies within the UK through regulatory testbeds and sandboxes, as well as working with “likeminded partners” around the world to shape norms and standards as the technology evolves and becomes more mainstream.
A lot of the commitment is outward facing, with the strategy calling for the UK to play a role in the World Trade Organisation, the World Economic Forum, the G7, the G20, OECD, NATO, the Council of Europe, the Commonwealth and the UN, including “utilising the UK seat on the International Telecommunications Union (ITU) to ensure that quantum regulation supports UK business and innovation, that the UK’s wider prosperity, security and defence interests are represented and that we continue to uphold the UK’s values including those on human rights.”
The government also outlined proposals to ensure the economy and national security are protected including working with “likeminded allies” to monitor and review current and future controls including through export regimes, security goals and IP protection.
The plan is also to ensure the National Cyber Security Centre (NCSC) continues to publish guidance on the transition to quantum-safe cryptography. "In terms of Government's own preparedness, mitigations have already been put in place for critical information and services," the report declares with specific recommendations to follow the US NIST process.
There will also be work on technical standards, including through quantum safe cryptography in partnership with the ISO, IEC and ITU and efforts on building assurance frameworks for the use of these technologies as they mature. Much of this is following the pattern set out for regulation of artificial intelligence, including sandboxes, standards and regulator-led guidelines.
"The Chancellor bolstered the UK technology strategy with the £2.5bn 'Plan for Quantum', but the writing is on the wall: the extraordinary processing power of quantum computers will have a catastrophic impact on digital systems unless we begin a cryptographic transition now,” Tim Callan, chief experience officer at digital identity and security company Sectigo told Tech Monitor.
“IT leaders need to start paying attention today to the upcoming threat of quantum computing and preparing their organisations to upgrade to new ‘post quantum’ cryptography in order to head off, or at least mitigate, the damage.”
As well as the promise of investment in research, promotion of greater compute power and regulation, the National Quantum Strategy also promises £15m of direct funding to “enable government to act as an intelligent, early customer of quantum technologies,” which James Sanders, principal analyst for cloud and infrastructure at CCS Insight said needs “greater articulation” as currently there are unlikely to be many circumstances where a quantum computer can be used by the government to find efficiency or optimisation that couldn’t be done with a classical machine
Export controls and IP protection for quantum technologies
In terms of regulation, Sanders says it falls under two different priorities: export restriction and intellectual property protection. The first is similar to the approach seen with the export of precision semiconductor manufacturing technology as well as export of advanced GPUs for AI model training, which he says are “two aspects prioritised today by the US government.”
Ben Packman, head of strategy at UK post-quantum cryptography company, PQShield, says quantum technology is developing at speed around the world, and that more up-front funding will be required for the UK to maintain its leadership position in the sector. “Any delays could leave the door open for others to overtake us, which is a real problem if you’re thinking about the UK’s adversaries developing a quantum computer intended for malicious purposes,” he says.
Private and public partnerships are required to protect against this, and other risks associated with the technology, including the adoption of legislative and policy updates. The US has the Quantum Computing Cybersecurity Preparedness Act but, in the UK, this new strategy is “light when it comes to mitigating the risks associated with quantum,” says Packman.
He said that while regulators are already engaging with industry and academics across the quantum value chain to build a regulatory framework, the UK is behind when it comes to cryptography legislation. “The US has already actively legislated for quantum-safe cryptography, and where the US National Security Agency (NSA) has issued a very specific set of guidance and timelines in its CNSA 2.0 framework," he says. "We’d like to see the UK match and even go beyond this if it is to become a true quantum superpower.”
Many British companies, including PQShield, are contributing to the cryptographic standards considered as part of the NIST review. The outcome of this will set the global standard for post-quantum cryptography, including algorithms used across industry and government.
“We’d like to see the UK’s quantum achievements shouted about from the very top,” Packman adds. “The government also needs to align all its departments on the same path, including bodies like GCHQ and the National Cyber Security Centre (NCSC) and MI5’s newly-created National Protective Security Authority (NPSA).
"The strategy doesn’t mention the DRCF or Digital Catapult and how they can support the wider quantum strategy. It seems to me that both schemes could play a relevant role, so it would be good to see the dots being connected at a strategic level.”