Quantum Computing: Global Challenges and Security Opportunities – WS 03 2025
13 May 2025 | 09:30 - 10:30 CEST | Room 7 | 
Consolidated programme 2025
Get involved!
You are invited to become a member of the Session Org Team by simply subscribing to the mailing list. By doing so, you agree that your name and affiliation will be published at the relevant session wiki page. Please reply to the email send to you to confirm your subscription.
Kindly note that it may take a while until the Org Team is formed and starts working.
To follow the current discussion on this topic, see the discussion tab on the upper left side of this page.
This session will look at the threats and opportunities that quantum computing poses, such as for cryptography and data protection. Quantum computing is a double edge sword – it threatens today’s encryption, but it also provides new ways to secure data. It will require new frameworks that take proactive steps to ensure compliance with regulatory requirements and security standards while enabling innovation to flourish.
Session description
Quantum computing is rapidly evolving from theoretical research to practical implementation, promising to revolutionize industries from healthcare to finance—and redefining the landscape of global cybersecurity in the process. As nations and corporations race to unlock the power of quantum, critical questions arise: How will quantum breakthroughs disrupt current encryption methods? What international norms and collaborations are needed to manage emerging risks? And where do the greatest opportunities lie for advancing security in a quantum future? This dynamic workshop delves into the global implications of quantum computing, with a special focus on cybersecurity. Participants will explore current capabilities, future projections, and the dimensions of quantum innovation. Through interactive discussions attendees will learn how one can prepare for—and leverage—the coming quantum era. This workshop builds on the EuroDIG webinar on quantum computing, Wednesday 30 April at 13:00–14.30 CEST. In this webinar the concept of quantum computing is explained. Here is the link to the webinar: https://www.eurodig.org/get-involved/eurodig-extra/
Format
Please try out new interactive formats. EuroDIG is about dialogue not about statements, presentations and speeches. Workshops should not be organised as a small plenary.
Further reading
- International Year of Quantum Science
- Timelines for migration to post-quantum cryptography (UK)
- How does a quantum computer work (Video, Scientific American)
- Nist: Quantum Computing Explained
- Quantum Networks
- New European Survey Reveals Public Support for Quantum Science and Technology
People
Please provide name and institution for all people you list here.
Programme Committee member(s)
- Jörn Erbguth, University of Geneva
- Karen Mulberry, IEEE Standards Association (SA)
The Programme Committee supports the programme planning process and works closely with the Secretariat. Members of the committee give advice on the topics, cluster the proposals and assist session organisers in their work. They also ensure that session principles are followed and overlook the complete programme to avoid repetition among sessions.
Focal Point
- Jörn Erbguth, University of Geneva
- Karen Mulberry, IEEE Standards Association (SA)
Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective member of the Programme Committee and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles.
Organising Team (Org Team) List Org Team members here as they sign up.
- Wout de Natris-van der Borght, IGF DC Internet Standards, Security and Safety (IS3C), denatrisconsult
- Elif Kiesow, IGF DC Internet Standards, Security and Safety (IS3C)
- Constance Weise, IEEE Standards Association (SA)
- Karen McCabe, IEEE Standards Association (SA)
- Maria Pericas Riera
- Isti Marta Sukma, University of Warsaw
The Org Team is shaping the session. Org Teams are open, and every interested individual can become a member by subscribing to the mailing list.
Key Participants
- Tim Smith, Coordinator, Open Quantum Institute, CERN [remote]
- Mark Mattingley-Scott, Chief Revenue Officer, Quantum Brilliance [in person]
- Elif Kiesow, Project Lead, IGF DC Internet Standards, Security and Safety (IS3C) [in person]
Key Participants (also speakers) are experts willing to provide their knowledge during a session. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance. Please provide short CV’s of the Key Participants at the Wiki or link to another source.
Moderator
- Wout de Natris-van der Borght, Coordinator, IGF DC Internet Standards, Security and Safety (IS3C), denatrisconsult [in person]
The moderator is the facilitator of the session at the event they must attend on-site. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.
Remote Moderator
Trained remote moderators will be assigned by the EuroDIG secretariat to each session.
Reporter
The members of the Programme Committee report on the session and formulate messages that are agreed with the audience by consensus.
Through a cooperation with the Geneva Internet Platform AI generated session reports and stats will be available after EuroDIG.
Current discussion, conference calls, schedules and minutes
See the discussion tab on the upper left side of this page. Please use this page to publish:
- Next Meeting: Wednesday March 26 at 6pm CET.
- We will have a EuroDIG extra (online) on April 30 at 1pm-2:30pm CEST
- It is planned to have three speakers at the EuroDIG extra session that should focus on an introduction to the technology and three speakers at the workshop with a focus on policy issues.
- Speakers are planned to come from IEEE, OQI and government institutions.
Planned moderators
- EuroDIG extra moderator: Jörn Erbguth
- Workshop moderator: Wout de Natris
Messages
- are summarised on a slide and presented to the audience at the end of each session
- relate to the session and to European Internet governance policy
- are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
- are in (rough) consensus with the audience
Video record
Will be provided here after the event.
Transcript
Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.
Wout de Natris-van der Borght:
Online moderator: Good morning, everyone, and welcome to today’s session. We’re really glad to have you here. Before we begin, I’d like to quickly go over a few session rules. Please enter your full name on this Zoom session. To ask a question, raise hand using the Zoom function. You will be unmuted when the floor is given to you. When speaking, switch on the video, state your name and affiliation. Do not share links to the Zoom meetings, not even with your colleagues. Now I’ll hand over to our session moderator to guide our through the session. Thank you.
Wout de Natris-van der Borght: Thank you. Welcome and good morning. After a good party last night, I think, here at the Council of Europe. Welcome to Eurodig’s 2025 Workshop 3, and that is called Quantum Computing, Global Challenges and Security Opportunities. My name is Wout de Natris-van der Borght. and I am your moderator of the day and I, to introduce myself, I work as an Internet Governance and Cybersecurity Consultant and I’m the coordinator of the Internet Governance Dynamic Coalition Internet Standards, Security and Safety. This morning we’re going to take a close look at the future of computing and as you will find look at what people in decision-making positions need to decide on in the present to be secure in the future. That makes this workshop topic extremely timely as the world’s government, scientists and industry face some tough choices. Sorry? I can move a little bit closer. Hopefully that works. I can only do one at the same time. Yes, maybe because I’m the boss here at the moment. I hope this is better. So, I’ll go a little bit back and say that today we have a choice because looking back we can compare the launch of the public internet or social media and IoT and everything connected to the internet to a new vehicle being launched from the top of a mountain. So, here’s a new driver sitting in the car and he’s going down the mountain slowly but surely but while driving the driver starts finding out that there are no security features built in. into that car by design in any way. There’s no braking lights and no brakes. There’s no handbrake, there’s nothing. He just goes down the hill faster and faster and then he sees a side of the road, people, I’ve got brakes for you, and they start running behind him, trying to put it on while he’s speeding ever faster and faster down that mountain. And that is ICT for you. Comes on, it works, it goes, and then we have to start thinking about security. And you have to buy them as end user. Yourself is not there secure by design. So why am I looking at an empty chair on the screen? Or is that? I think it’s because that microphone is also used. This one. Okay. No. No. Yes, I think this is better than looking at an empty chair. So I think you got the picture on this car going down the road. And now we’re at the advent of quantum computing. And as everybody is warning us, that is going to change the whole ballgame once again. And we got that option now to fix this new technique before it starts its descent down the mountain. We also got the option to secure everything that is here now and protect it from the speed of quantum computing. And we don’t know if that is tomorrow, next year, or 10 years from now, but the fact is it will probably be here somewhere in the near future. Today, we will look at the threats and opportunities that quantum computing poses, such as cryptography and data protection. Quantum computing threatens today’s encryption, but it also provides new ways to secure data. It will require new frameworks. that take proactive steps to ensure compliance with the regulatory requirements and security standards while enabling innovation to flourish. What we’re not discussing is what quantum computing is. I hope you have taken the time to participate in the Eurodig webinar on 30 April, or you had the time to view it later to prepare for this session. You can also do that after the session, of course, but without further ado, let’s start and introduce the key participants. I have here, to my furthest right, we have Mark Mattingley-Scott. He’s Chief Revenue Officer at Quantum Brilliance based in Germany. I have Elif Kiesow, who is the Project Lead of the IGF Dynamic Coalition Internet Standards, Security, and Safety, Working Group 9 on Quantum Computing, and hopefully, Tim is there, Tim Smith is there, because I’m not watching the Zoom at this moment. Tim Smith is there, and he’s Coordinator, Open Quantum Institute at CERN, and they all go three, gonna talk about quantum computing from a different angle. But first, I give the floor to Tim Smith, and I think he’s going to make a positive statement about how to approach developments and to avoid the worst. And in a sentence, he described it as keeping the QC opportunities in focus through international collaboration and applications for society. So, Tim, the floor is yours, and what I have to mention first, we have three presentations. After that, we have time for questions and dialogue, as that is what this session is supposed to be about. So, we have about half an hour to discuss this topic. Thank you very much, and Tim, the floor is yours.
Tim Smith: Fantastic. Thanks very much. Can you hear me well?
Wout de Natris-van der Borght: Yes, thank you.
Tim Smith: Perfect. Okay, well, thank you very much for this opportunity. I’m really sorry I can’t be there. there in person to be with you. But nonetheless, I’d like to join in with the discussion by, as was just said, making a bit of a positive outlook on the opportunities because the second quantum revolution is already underway. It’s already here. It’s not a question of waiting. It’s a question of being part of it and shaping it. Okay, a handful of algorithms have been created already to harness the potential, but just a handful, and we’re still looking for more, algorithms such as factoring of large numbers, searching of unsorted databases, Hamiltonian simulations, solving linear systems of equations or optimizations. And we’re looking for ways of applying these to applications that are beneficial to society. But we do know that to run these at the moment needs millions of qubits with low error rates and long coherence times. And we don’t have those in the current hardware. So we’re some years off exploiting. So people have said we have time and we’re talking of a year, five years, 10 years, but we don’t actually, because already we found ways of using hybrid techniques to use these already modest scale quantum computers that have been built, even if they have curtailed coherence as co-processors basically in a hybrid mode. So we’ve created these noisy intermediate state quantum computers with algorithms that can be used today, variational quantum algorithms, which alternately delegate the classically difficult parts to the co-processor quantum computer, and then perform some of the difficult, some of the steering on the sufficiently powerful classical devices. So we’re using quantum computers today already to make tough calculations. They’re not going to take over the world, they’re not going to replace all of classical computers, but they’re going to augment in the most difficult calculations by giving us new ways of doing things faster. So the question is, which calculations? Now, unfortunately, in today’s geopolitical context, the developments of these algorithms are being done with a focus on sovereignty, security, race for supremacy. But we learned to our peril from past tech waves like AI, that unless you do multilateral governance and international cooperation on R&D in advance, it will not land on society correctly.
Online moderator: So now is the time to shape global governance and explore impactful applications for society and our planet. And in this optic, we launched at CERN here, the Open Quantum Institute. It was conceived by JESDA and we’re now hosting at CERN, which focuses on exploring these future applications with a focus on the UN Sustainable Development Goals, on accelerating them. So we’re a novel science diplomacy instrument offering a neutral platform for international collaboration between researchers, diplomats, the private sector, philanthropy, because we believe humanity’s biggest challenges today are shared global challenges. So therefore, it necessitates transnational collaboration to ensure that it will be able to benefit and unlock the potential of quantum computing for everyone and not just a few. And we also think this is the only way to make solutions which reflect the genuine needs of diverse population. So not only are we looking for the applications, but if we want the. global population to be involved, we need to do capacity building. So we’re also trying to do capacity building in the underserved geographies, quantum hackathons, educational material and educational programs in quantum computing. But not just that, with the doers, but what about all the decision makers? So we’re trying to raise awareness as well with the lawmakers and the diplomats by getting them to play a serious game, the quantum diplomacy game, to understand the geopolitical implications of developing a new type of technology. So in summary, the quantum opportunities also bring risks. The rapid development is outpacing equitable access frameworks and exacerbating existing global inequalities. The infrastructure, supply chain, intellectual property is again being concentrated in just a few countries, just a few private corporations, creating yet again the risk of technological monopolization. So without anticipatory governance, this dual-use technology could undermine digital security and fuel even more geopolitical tensions. So if development is driven solely by strategic or commercial interests, it risks diverging from the potential impact on the SDGs and impact on society. As a little bit of hope, governance-oriented frameworks are already taking shape, such as the World Economic Forum’s quantum computing governance principles that define global guidelines to assess and manage the opportunities and risks of quantum computing, and the OQI itself. which exemplifies how quantum innovation can be guided by multilateral cooperation and SDG-focused governance. So we need more of these international collaborations and we hope that the OQI will provide the neutral platform where we can accelerate these dialogues and shape the effective governance. Thank you.
Wout de Natris-van der Borght: Thank you Tim and I think also from a hopeful point of view and that you see the first positive steps going but there’s also a strong warning coming with your hope and message so thank you for that. From the positive side we’re going to move to the dark side and we have Mark here sitting to my left. Mark Mattingley-Scott and as I said he’s Chief Revenue Officer at Quantum Brilliance and as he said in his introduction to me somebody has to deal with the bad side so Mark I give the floor to you and tell us how bleak our future is.
Mark Mattingley-Scott: Well thank you for that introduction. I don’t quite know what to make of that other than the fact that in my circle of friends in Germany there are many people from the Balkans and they told me that if you slightly mispronounce my first name it means darkness so I guess that fits. So I want to talk about the quantum threat and the race for quantum safe security but I’m also posing the question of is it really a threat. So there is a real growing issue posed by quantum computing, quantum technologies that touches all of us working in security and engineering and Let’s go down the rabbit hole a little bit and look at what that means for encryption and digital security. Quantum computers, as Tim said, will one day be able to break today’s cryptographic methods. Cryptography, as we know it today, relies on mathematically hard computations, typically factoring a number, so it’s very easy to multiply 3 by 5 and understand that the answer is 15. We can also, we can all do the reverse operation, because we all know that 15 is 3 times 5, but for arbitrary large numbers, those two operations are highly asymmetrical. A lot of the cryptographic infrastructure we rely on today relies on that and other similar mathematical asymmetries. In quantum computing, one of the founders of quantum computing, a guy called Peter Shaw, who’s a professor at MIT, invented an algorithm which basically takes that problem of factoring a number and it makes it look a little bit like playing a chord on a piano. I’m oversimplifying here. And then you can use a quantum computer to essentially extract what amount to the notes, and those notes are then the factors of that number. And this algorithm is extremely high-performance if run on qubits. There is another algorithm called Grover’s algorithm. Lev Grover invented that, which has a similar effect on calculating checksum-based cryptography. And there are other approaches, compromises, approximations to both. Grover and Shor’s algorithm, which will one day pose a threat. So when I say will one day, where’s this technology right now? We are in the position that we can, depending on the hardware, underlying hardware, generate a handful of qubits up to maybe a hundred, hundred and fifty qubits, maybe a couple of hundred qubits, reliable, low error, sometimes low error qubits. Just to give you a feel for where we need to be, it’s a bit like saying we’ve just built a paper airplane, but we need to fly to Mars and build a colony. So we’re still a way away, but the principles have been established. Now the question comes, well why do we care if that’s first going to be a real threat in 10, 20, 30 years? And the problem here is called harvest now and decrypt later. So encrypted data is very often used in situations where it’s stored and becomes amenable or possibly attackable at some future point. Think of anything based on a blockchain, where essentially you’re signing each epoch in the blockchain. If you can in 20, 30, 40 years break that blockchain, break the encryption, you can essentially rewrite the entire blockchain. And if you’ve got a currency based on that, that might be a bit of a problem. Symmetric cryptography is also not immune. As I mentioned, Glover’s algorithm halves basically the key strength of any cryptographic key. So a 256-bit key becomes effectively 128-bit key, which is a very different problem to attack. We now have a thing called post-quantum cryptography. It’s based on what are called quantum-resistant problems. So there are some problems which are still computationally unfeasible even for quantum computers, and this new type of cryptography is based on such methods. Things, if you hear about things like lattice codes and hash-based codes, then that’s what we’re talking about. Additionally, the United States National Institute of Science and Technology recently published and recommended a series of methods for ensuring quantum robust cryptographic protocols, and if I look at the organization I’m representing or indirectly representing today, the IEEE, we have nine working groups working on quantum computing, two of which working specifically on quantum communication and quantum key distribution. The challenges we face in migrating from a pre-quantum world, in which we find ourselves at the moment, to a post-quantum world revolve around using those different methods, updating cryptographic and non-cryptographic protocols, so SSH, TLS, all the things we’re used to using today to ensure secrecy and confidentiality will need to be upgraded. There will be a lot of work to be done on changing and upgrading legacy systems. I think for those of you who remember it, the year 2000 bug, the year 2000 event, involved also upgrading a lot of systems. Quantum is going to be, at least an order of magnitude, have at least an order of magnitude more impact, and it’s also essential to be agile. Agile in the sense of from an organizational point of view. Quantum key distribution, a A key topic, short to medium term topic, using secure physics-based methods to exchange cryptographic keys is increasingly a focus. It’s still expensive and impractical at scale, but there’s a lot of money being invested and a lot of effort being made to change that. So the message I give to my customers, my investors, and the industry in general is start to understand where you use any kind of cryptography, and you’d be surprised by the list of places. Identify and mitigate any long-term data. Begin to start to use the new cryptographic methods as they become available. And of course, push your vendors to provide the technology to do that. From a policy point of view, all these changes represent both opportunities and risks in terms of ensuring that the methods and procedures and processes we use remain open and transparent and available to all. Finally, quantum is coming. It’s unavoidable. Actually, we shouldn’t think about avoiding it. We should embrace it. We don’t know exactly when, to what degree specific threats will become real threats. But we do know that we’re running out of time. There’s no time left to wait. We need to act now. And that means from a policy perspective, we also need to act now. Thank you.
Wout de Natris-van der Borght: Thank you, Mark. There’s some consternation here, as you see, because the three of us are in a different Zoom room than all of you. and that’s why you can’t see the presentations. So we’re trying to see if we can fix it very fast. The link that we’ve got is apparently a different one that the rest of the audience received. So that’s all I can give as an explanation. Elif is next, but I think it’s going to work. So let me introduce Elif Kiesow-Cortez to you. As I said, she is the chair of Working Group 9 on Emerging Technologies of DCISVC. And we’re doing a research at this moment into the social implications of quantum computing when that hits society. And with that, I give the floor to Elif to give a preliminary draft version of the report that will be published at the IGF in June in Lillestrøm in Norway. Elif, the floor is yours.
Elif Kiesow: Thank you very much, Wout. I will just need everyone on Zoom to put on mute, including our room, if that’s possible. Otherwise, we are getting feedback. Okay, no, then we get feedback. Okay. I will just… Okay, is this good enough? It’s not… …or what you need to care about is… …to a level where they will achieve a… …to sell not the brain for a thing that sells. So that was your reviews and what we mean when… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… …to a level where they will achieve a… Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Karen Mulberry, Tim Smith, Elif Kiesow, Wout de Natris-van der Borght Susan. And if you wanted to take home something, Sorry, I’m getting echo again. Did anything change? Okay, yeah. I think… Am I only hearing it or are you guys also hearing some feedback? All good? Okay, it’s perfect. Okay, if it’s good, then let me continue. So the first thing that you can maybe take to your organization after this presentation when it comes to organizational needs can include the planning stage. Again, you will want to look at what algorithms are being used in your current encryption methods, but that is also called a cryptographic inventory. So even if maybe you won’t be able to convince the management yet to take steps towards post-quantum cryptography, I think it would be important to look into at least creating something like a cryptographic inventory. And then, of course, eventually these steps that we will be publishing in our research should lead to a migration roadmap also at the organizational level. So we will be creating it in a way that it’s building up on each other in steps. So that’s also the examples that I wanted to use here. Okay, so then I mentioned at the opening that I will say a few things about IoT security and PQC as well. There, what we see as a main issue is already IoT security is a big problem, right? Because there are many layered problems. I just use one here that there are legacy devices. So the security vulnerabilities that are being caused for legacy devices is going to be multiplied in the future if we are doing this migration to PQC. So that’s why we want to bring it forward in this research and say that let’s pay attention to it from the get-go this time. Let’s not make the same mistakes of forgetting that IoT devices are our main vulnerabilities in many aspects. So in that sense, we are also bringing together, they advised to put together the need for IoT security with this new migration to PQC policies. And of course, a part of it, an important part of it, is public procurement. Just a taster, we can mention that probably whomever is deciding on, of course, also using IoT devices, for example, for sensitive data, for public data, should also consider while at the procurement stage to purchase devices that at least have the capacity to migrate to post-quantum cryptography. That’s pretty much what I wanted to cover. Just maybe one note, one thing that was mentioned by Mark was QKD. What we like to differentiate is when we are talking about QKD, we are talking about more quantum encryption, but when we are talking about post-quantum cryptography, some of you maybe already caught the clues there, but this is something that can run on classical computers, so you do not need quantum computers to run PQC, and that’s why we are now already ready, if we make the necessary investment, to upgrade our systems to better algorithms. Thank you.
Wout de Natris-van der Borght: Thank you, Elif, and I think that the three presentations struck a sort of a balance about hope, about the dark side, what may be waiting us, but also the options that we have today to actually start protecting ourselves from what may come one day, what we call on quantum day. We just don’t know when quantum day is, and I suppose that even researchers working on it continuously today don’t know when quantum day is unless somebody is keeping some big surprises for the world, which is also an option, of course, because it gives you a major advantage. With that, I want to open the floor for comments or questions or a debate, and that’s all up to you. So, online, if there are any comments, then please let me know. Who would want to take the first question in the room? Yes, please introduce yourself first.
Audience: Can you hear me well? So my name is Isti Marta, I’m from the University of Warsaw. So my question is to Mark and also to Elif. So first question is about the quantum key distribution. What are the possible risks for dual use technology, both present and the future? And for Elif, for the PTC migration. So what do you think, what are the risks for this PTC migration to fail? And if it does fail, probability wise, what sort of dire consequences that will be faced by a country? So yeah, thank you.
Mark Mattingley-Scott: Okay, so if I understood your question correctly, you are interested in what are the risks associated with dual use of this technology and risks in the context of risks in the context of weaknesses or ways that the technology can be attacked or risks in the sense of the technology may not be up to it or risks in the sense of the technology may be misused. Can you clarify please?
Audience: I think three of them, if that’s possible. If you have any insights as for now, when it comes to dual use technology.
Mark Mattingley-Scott: So I think the quantum key distribution The design parameters of the methods that are being investigated are, obviously, to design systems and technologies that are robust to design against weaknesses from the start. Obviously, at a certain level, that’s a naive position because every technology always has some weaknesses somewhere, but I think that is happening out in public. That is a transparent process, at least as far as we can tell. I don’t see currently any issues there. The second point was potential misuse of the technology, and I guess there’s two ways to look at that. One is from the point of view of can an aggressor misuse this technology, can a defender use this technology, particularly in the situation in Europe and in Ukraine at the moment. I think the answer to that is we can theorize about that situation as much as we want without getting or trying to avoid being very political about it, but what we do see is every technology, or the potentials and the weaknesses of every technology, become glaringly obvious the moment it hits the battlefield. So for the dual use, in the sense of dual use, it’s impossible for me to predict. I think we just have to wait and see.
Panelist: Yes, and thank you for the question that is more focusing on the international aspect, I guess. I think maybe the main one that is most relevant also for our community is it can increase the risk of digital divide when we are thinking about PQC migration, right? Because now we are seeing already some countries coming up with roadmaps. They have maybe the resources to come up with the roadmaps, maybe they have the resources to develop the algorithms and then they will maybe have the resources to implement and make this migration happen. And then it can lead to a situation that we will be having, of course, the states that manage to do it and are in a much secure place maybe when it comes to cybersecurity, whereas those that could have been left behind. But since we are already able to discuss this at an earlier stage where the migration did not happen yet for any country, I think that our community has a chance to think about this further and definitely to advise, I think, also for further international cooperation and support so that we are not really running into a situation that we can pretty much predict. Thank you.
Wout de Natris-van der Borght: Another question? Yes, please.
Marijana Puljak: Hello. It’s maybe not a question but a comment. Please introduce yourself. Oh, sorry. Marijana Puljak. I’m a member of the Croatian Parliament and a member of the Parliamentary Assembly of the Council of Europe and I must say with 25 years of IT background, so maybe I will have an IT comment on all this. When talking about technology, about all these questions, can technology be used and misused? Of course. We have a fire so you can burn the house or you can cook dinner with the same tool. So every technology can be used and misused is the question of how fast are we with regulating it and how fast are we with, you know, who is the faster, bad guy or good guy? And also I must say my daughter is in research of quantum computing at CERN specifically and through her experience I see and I’m aware that there is still a significant gap between researchers and industry, especially in diplomacy, as you said. And so when trying to commercialize this technology. Maybe it’s hard, you also said about the funding, you are trying to find funding. Maybe the funding is hard to find because no one can predict how the return of investment will be in 5, 10, 20 years or maybe next week. That’s why the problem is with all of this. But I’m interested how do you see, you know, this is really new and fast development, fast new technology. How do you see this bridging this gap between researchers and industry? Thank you.
Panelist: Yes, so I can give a comment and I’m going to assume that maybe Tim would like to jump in as well because definitely the Open Quantum Institute is working on that. And for example, I’m working with industry associations that are both in the US and in the EU that are focused on quantum. And we are looking into these kind of governance issues as well. So I can say that there are different groups also, as far as I know, in Australia, as well as in the UK, that are looking at it from more responsible technology angle as well. And of course, even that research is not very easy to do, because exactly, correctly as you put it, when you say there is this technology which might be a problem in 10 years, it’s not something that people really feel like they should care about, right? So that is, I think, one of the main issues that we are still running into, even if there is work. And just before giving the floor to Tim, I can say that the difference with the PQC is I think now we are seeing government action. So then I think as long as we see, for example, government action, which is in form of policy, which is maybe even saying by this date we want to see these results, I think that really gives good support also to bridge that gap. Yes, Tim.
Wout de Natris-van der Borght: Thank you, Tim. And before I give the floor, I would like to expand the question a little bit. As you said, you’re working together with a lot of different organizations. organizations. What I would like to know also is the enthusiasm, let’s call it that, to cooperate larger in governments or in academia or in the industry. And secondly, do you think that we can afford to make it a voluntary action to deploy these post-quantum encryption beforehand, or can we leave it to industry just like we did with all the other techniques that came along online? So I think that expands the question a little bit. Over to you, Tim, thanks.
Tim Smith: Thanks very much, it’s a great question. Exactly, the fact that fire is both good and bad and every technology similarly is both good and bad shouldn’t be ignored in the sense that we should embrace the fact that we know this is happening and embrace the learning we’ve had from previous tech waves, is that exclusion from solutions, exclusion from discussions, causes even greater misuse, it causes even greater divides, the haves and the have-nots. So in fact, we see the best way of developing the technology responsibly is by having these conversations with all of the actors in the room to investigate all these different aspects simultaneously and to come to common understandings of how to steer it. It’s not clear up front that one entity can be doing the steering. I think there’s all these different perspectives have to be taken into account. So the way we’re doing it is having these multilateral workshops, multilateral discussions on responsible computing, responsible quantum computing, and also forming teams that are working on solutions that are also multi- multilateral. So bringing industry, bringing academia, bringing the funders, bringing the decision makers, bringing the domain experts all into the same teams that are trying to perform solutions to bring all these different aspects, because I think it’s only through common understanding that we can see a common way of beneficially developing this in the future.
Wout de Natris-van der Borght: Thank you, Tim. I’m getting to use our focal point first and then I’ll come to you. Jörn has helped us tremendously to make this session happen and he has a comment to one of the questions.
Jörn Erbguth: You ask whether it is mandatory and we have current laws that make it mandatory. GDPR makes it mandatory to use quantum proof encryption because it makes it mandatory to use secure encryption and once the standard is out and it is state-of-the-art to use quantum proof encryption, it is mandatory and it’s a GDPR violation if you don’t use it for relevant data. So it is mandatory and we don’t need to change any law to make it mandatory.
Wout de Natris-van der Borght: Thank you, Jörn. I think that is a very clear statement. Should people from industry be in the room? I saw your hand up, please introduce yourself first.
Audience: Biljana Zaslova-Friedrich, do you hear me? Biljana Zaslova-Friedrich from the European Centre of Quantum Sciences, based here in Strasbourg, not far away from the Council of Europe. I’m a senior project manager working on different European projects on AI, machine learning and quantum. Our centre is a transdisciplinary, transnational centre, working on the Rhine Valley but also with the whole region contest. And we have a lot of programmes actually, not only of course training, research, but also innovation because we are also an innovation hub with one start-up for a quantum simulator. And we also now dwell more into the governance and the policy making issues because we have understood that there is a huge problem in making quantum relevant and interesting. for policy makers, but also for overall, for the population. We have huge problems in training younger generations. They are not so interested in sciences, so that’s one of our first fight. The second fight that we have in the near and middle term process is to try to make the industry in the Grandes, but also in France, to try to adapt their solutions and include quantum. It’s quite a risk actually for industry makers. Their R&D are not trained into looking into quantum solutions when it comes to training them is also quite a big deal. So what we try to do is really to find user cases that will make our quantum computer and our simulators work, so that we have more experience and try to correct the errors and try to find out how we can manage to develop this, to better develop, to improve our technology. By the way, for Mark, it’s a neutral atoms, ion traps technology. It’s quite different from the diamond, for your diamonds. So my question is, do you think that we should target only the industry or should we target also policy makers and what the European Union could do in this in this perspective? Because now that I know that they have a new quantum strategy that is launching, there’s a consultation process, by the way, about the quantum strategy and my center will definitely try to contribute to this new quantum strategy. Thank you.
Panelist: So I think It’s definitely great that you already mentioned both the great work and also what’s happening right now. Maybe we can also highlight that it is true that right now there is a call for evidence from also the EU that is looking into feeding their quantum strategy with more feedback from the citizens. What we highlight is exactly on the point that you are mentioning. One point is of course to look into future workforce and to make sure that there are trainings that are targeted so that we can get more quantum talent. But the other part is how are we going to make sure that we are also informing citizens as well as policymakers in time so that they can be a part of this discussion in an informed way. And I think that would be something that we are definitely looking into solving in the recent or in the coming years. So I would say that’s definitely one key point. And I’m going to again mention that for Tim, for example the Open Quantum Institute’s role is I think exactly for looking at bringing together different stakeholders, but we think that IGF can also be an important power in this. So we started our working group in the Dynamic Coalition Internet Safety Security Standards, so IS3C as you know our common name. So we started this working group nine that is looking at quantum already two years ago. So we started reaching out actually to policymakers saying that this is going to be an important issue, would you like to work with us? So let’s also use this platform then to make our call that we think that IGF is also perfectly positioned to bring together different stakeholders and look at it from more adoption and governance angles because we need those voices as well. Yeah, thank you.
Wout de Natris-van der Borght: Thank you, Edith. And looking at the time, we have to start wrapping up unfortunately, but I suggest that we exchange cards in a moment and with you as well, Tim, and see what we can do in the future because this is hopefully not the end, the presentation of this report. We have now to go to the messages, to discuss the messages. I’m going to ask, how much time do we have left? Can we do five minutes extra? Yeah. We have five minutes extra. Okay, then I’m going to ask Tim and Mark and Elif to say in one sentence. In one sentence, what it is they think the next step should be right now. So, in one sentence, Tim.
Tim Smith: Building on the previous question, public awareness. I think demand-driven, demanding the solutions, expecting the integrations is perhaps the biggest thing that we should do now. Awareness-raising so that people ask for the right things and get inspired to help create the right solutions to be part of the future workforce.
Wout de Natris-van der Borght: Thank you, Tim. Mark.
Mark Mattingley-Scott: Europe is in a unique position as far as quantum technologies is concerned. In addition to having the largest pool of skills and talents in quantum technologies, a critical mass of consumers, ultimate consumers, industrial consumers of quantum technologies. And also in terms of the technologies themselves, we need to enable investment. I’m speaking as a startup here. Investment, critical growth capital will fuel that system. If we bring quantum technologies to Europe as a core key technology, then the decisions we make, the policy decisions we make, will have corresponding weight globally. And I think that’s key.
Wout de Natris-van der Borght: Mark, Elif.
Elif Kiesow: I will just echo the comments of Tim and Mark, but let me just also make it a bit more specific on what we discussed on PQC. And let me just say that I really loved what you mentioned. So if this will become the new industry standard, we have to make sure that we are not leaving any actor behind. So that would be, I think, one message from me.
Wout de Natris-van der Borght: Thank you, Elif. And before we wrap up, I would like to give the floor to Jörn Erbguth, who will share the messages of this session with you. Jörn.
Jörn Erbguth: Thank you, Wout. I share the draft of the messages. So I took from your presentation, your comments, that… It cannot be read. It’s too small? Yes. Better? Much better, yes. No, too big? Yes. Okay. So the first message is quantum computers at scale are not there yet. However, they start to be able to solve some problems faster than classical computers. We need to open quantum computing to everyone, not only a few countries and corporations. And then second, quantum computers will be able to break current cryptography. Quantum computers, quantum technology is unavoidable. There is no option to stop it. And we should not try to prevent it, but embrace it. We need to raise awareness. And concerning encryption, current risk is harvest now, decrypt later. So nobody can, as we know, can decrypt current encrypted texts, but if you store them, you can decrypt them later. We need to do the migration to quantum proof encryption now, because it will take years to do it. Countries need to take an inventory of the cryptography used and include all devices as, for example, IT devices as well. So migration to quantum proof encryption could create a new digital divide if some countries do it and some other countries don’t. And it’s an avoidable digital divide. It’s not something that is dependent on some countries not being able to do it. It is possible, but we need to roll it out. But so these are the messages they will be taking into consideration. If you have a strong disagreement with one of the messages, please raise it now. If you have editorial concerns, we can do that in the later process. Thank you.
Wout de Natris-van der Borght: Does anybody has a very strong objection? I see one finger, please. No, no.
Audience: Maybe not an objection, but maybe we can talk about hybrid computers, classical plus quantum, because there is a huge hybrid technology that is on the way that could fasten the quantum advantage actually. When you talk about the first one, quantum computers or hybrid computers.
Jörn Erbguth: I agree that hybrid computers can be an issue, but we didn’t discuss them, so I didn’t include them in the messages. I think Tim mentioned them. Okay, okay, sorry.
Wout de Natris-van der Borght: Unless you disagree, Tim, but I was very, very clearly thought I got that.
Tim Smith: Exactly, they’re the ones that are most practical now.
Jörn Erbguth: Thank you. Where would you include them?
Wout de Natris-van der Borght: Yes, they should be in the first one, Björn.
Tim Smith: I would say about steering hybrid developments collaboratively. Because I’m always hoping to push towards the good rather than the bad.
Wout de Natris-van der Borght: While Jörn is typing, is there another strong objection? I don’t see any hands up, so I take it that the draft version is accepted. Thank you very much, Jörn. That brings us to the end of this first session of this morning in this room. Just to promote the Dynamic Coalition again a little bit, if you’re interested in our work, you can join it by going to the IGF website and join the mailing list. And if you go to Dynamic Coalitions, you’ll see Internet Standards, Security and Safety Coalition. and you can join there. We have our own website, is3coalition.org, where results and reports are published. What I can announce is that we will present the second draft of our reports to the AFNIC organization about two weeks from now. And after that, if they agree, then we’ll have a short public consultation on the report that will be announced on our website and in other places around the internet. And you have about two weeks to respond to our findings. And then we publish the report at the IGF and present it there, probably on the day zero. That ends my part of making publicity for our own coalition. I would like to thank first our key participants. Tim in Geneva, thank you very much for your hopeful contribution to this discussion. And I think that it would be good if we discussed further in the near future. Mark Mattingley-Scott to show to us what the threats are, but also what the future holds for us and what could be a positive outcome and Elif for presenting the draft report to us. But I’d also like to mention the other org team mentioned people because we got together as a team to make this session happen. And the first is our focal points, Karen Mulberry and Jörn Erbguth, but also Konstant Weisse, who coordinated a lot in the background for us and made it possible for us to meet. I’d like to thank our rapporteur, who’s also Jeroen, thank you very much. But also the people at EuroDIG here in the room, but also especially behind the scenes who make everything possible that we do, Sandra and the team and Rainer. So without them, there would be no EuroDIG. And I think that gives a round of applause for them as well. So thank you very much. And then I’ll hand over to you to wrap up.