Seizing quantum opportunities requires ‘future-proofing’ against emerging risks

Quantum computing is expected to open up a world of exciting opportunities in a number of sectors, such as powerful medical advances and accelerated risk analysis in financial services. Its importance has been highlighted by the United Nations, which has proclaimed 2025 as the International Year of Quantum Science and Technology (IYQ). While quantum science and its applications are celebrated annually on ‘World Quantum Day’ on 14 April, technology law expert Sarah Cameron of Pinsent Masons said that many companies have engaged in extensive discussions, not only on opportunities but also on the risks and the need for responsible innovation.

“Quantum computing will provide a competitive advantage to early adopters as the technology progresses. These opportunities come, however, with significant challenges. It is imperative for businesses to start preparing for migration and mitigating future risks before they materialise. This entails early monitoring of quantum standards, conducting internal system assessments, reviewing obligations in key contracts, including liability regarding security, and engaging stakeholders within the business to implement effective strategies,” she said.

Among the most pressing risks all businesses must address is the serious cybersecurity threat posed by quantum computing. Encrypted data could become vulnerable to decryption when quantum computers become powerful enough to break current encryption methods that help protect everything from personal data to national security information. “It is crucial for the UK to help industry prepare for quantum readiness by developing guidance such as that recently produced by the National Cyber Security Centre (NCSC),” Cameron said.

In the NCSC guidance, post-quantum cryptography (PQC) is highlighted as the main proposed approach to address the cybersecurity risk posed by quantum technologies. The NCSC recognises the need to both offer guidance on some of the early-stage migration activities, and set some indicative timelines that UK industry, government and regulators can follow. According to the NCSC’s key milestones, by 2028, companies will need to define their migration goals, and carry out a full discovery exercise to build an initial plan for migration. Early, highest-priority PQC migration activities should be carried out by 2031, while initial plans should be refined to provide a thorough roadmap for completing migration. By 2035, companies should have completed mitigation to PQC across all systems, services and products.

The role of standards agencies in developing technical standards to ensure interoperability and compatibility across different quantum systems will be crucial and monitored closely by key actors as the technology develops.

A prime example is a standardisation project by the National Institute of Standards and Technology (NIST) in the US, which has begun drafting standards for post-quantum cryptography and outlining a future roadmap for quantum technologies. In the UK, the NCSC is currently building a pilot scheme to accredit companies providing advice on post-quantum cryptography, as part of its broader efforts to prepare for the advent of quantum computing.

Intellectual property expert Jake Townsend of Pinsent Masons said standard-essential patents (SEPs) would be vital in this context. SEPs are patents that must be used to comply with a technical standard, and which typically must be made available to users on terms that are fair, reasonable and non-discriminatory (FRAND). A balanced SEP ecosystem is needed to both protect innovations and ensure fair competition, he said.

“The UK is a global hub for SEP disputes and global rate setting for licensing SEP portfolios,” said Townsend. “It is important that standards-setting agencies, quantum computing innovators and lawyers work together at this early stage to ensure the UK retains its competitive edge. Those active in the quantum space will need to develop or license quantum technologies to keep up with competitors in what we anticipate will become a highly competitive patent landscape,” he said.

The UK’s National Quantum Computing Centre recently published an ‘insights paper’ on healthcare and pharmaceuticals. The paper set out how quantum computing can revolutionise drug discovery by enabling complex molecular simulations that are currently unattainable with classical computing. This could lead to faster development of new medications and personalised treatments. It also incorporated a strategic roadmap for quantum implementation in the pharmaceutical industry.

“The UK pharmaceutical industry is a global leader, we’ve got some of the largest and most innovative companies out there. For the UK to maintain its leading role, the pharmaceutical sector needs to be ready to implement quantum computing into their drug discovery process right from the outset,” said Townsend.

In the financial services sector, quantum computing has the potential to transform the industry by delivering unparalleled computational power and efficiency for tackling complex problems. One area of potentially opportunity is risk analysis: quantum computing can greatly improve financial risk modelling, allowing for the earlier detection of potential issues and better management of financial exposure. However, system security in the sector faces serious disruption at the same time. In a recent report on quantum technologies, the UK Information Commissioner’s Office (ICO) suggested that large organisations, such as digital service providers and financial institutions, should start to prepare for the transition now and develop quantum resilience. They can do so by identifying and reviewing at-risk information, systems and cryptography assets, for example.

Another sector likely to be impacted is telecommunications, said technology law expert Julie Campana of Pinsent Masons.

“Quantum computing has indeed the potential to enhance telecommunications networks by improving security, speed, efficiency and customer experience, notably through advanced data analysis,” she said. “However, it poses substantial risks to encryption methods, as quantum computers could potentially compromise current encryption standards and jeopardise system security.”

Export controls present another potential risk for investors and companies operating in the quantum computing space. Governments in the UK, the EU and beyond have tightened export controls on quantum technologies due to their strategic importance, as unauthorised transfers could pose significant risks to national security. “This will progressively lead to the introduction of more licensing requirements for exporting quantum-related items, which would have an impact on investments,” said Campana.

In the UK, the National Security and Investment Act 2021 gives the government powers to intervene in acquisitions posing risks to national security, and the Export Control (Amendment) Regulations 2024 introduce new controls on exporting dual-use technologies, including quantum computing, requiring an export licence for such technology.

“Organisations need to be aware of the legality of specific transactions under the UK and the EU sanctions and export control laws.  Determining whether a transaction can proceed requires careful review of licensing and authorisation requirements, as well as whether any contractual controls should be implemented to minimise risk,” Campana said.