Quantum-safe Transition Advances Cybersecurity, Mapping Twelve Actor Groups for Future Resilience

The looming threat of quantum computing necessitates a rapid transition to quantum-safe cryptographic systems, as today’s encrypted data becomes vulnerable to future decryption. Ailsa Robertson, Siân Brooke, and Sebastian De Haro, alongside Christian Schaffner, all from Universiteit van Amsterdam and QuSoft, investigate the complex landscape of this crucial transition. Their research delivers a comprehensive, system-level mapping of the actors, influence pathways, and governance responsibilities shaping the move to quantum-safe cryptography, identifying critical gaps in ownership and coordination. This work, stemming from an expert workshop, moves beyond technical solutions to address the social and governance challenges inherent in securing digital infrastructure against the quantum threat, offering insights applicable to national contexts worldwide.

Dutch Quantum Cryptography System Actors and Roles

This research comprehensively analyses the Dutch national innovation system for quantum-safe cryptography (NISQSCN), examining the roles, responsibilities, and interactions of various actors involved in the transition to post-quantum cryptography (PQC). The core argument is that understanding both the formal and interpretative roles of these actors, how they actually behave, their motivations, and the dynamics of power, is crucial for a successful transition. This moves beyond simply defining who should do what, to understanding how things get done and why. The analysis is grounded in the framework of National Innovation Systems, which views innovation as a complex process involving multiple actors and relationships.

The research identifies twelve key actor groups, including Branch, Consulting and Advisory, End Users, Financiers, Manufacturers, Network Ops, Promoters, Regulators, Research and Education, Standards, and Supervisors. Each actor possesses both formal and interpretative roles; for example, Regulators set regulation and mandate interoperability, but also exert influence with standardization bodies. The study highlights that interpretative roles, the actual behaviours and motivations, often outweigh formal roles in determining success. A comprehensive systems analysis, focus on interpretative roles, practical implications for policymakers, and clear organisation are key strengths of the paper. The research acknowledges potential limitations, including a lack of detailed methodology and limited empirical evidence, and notes that the analysis is specific to the Netherlands. However, it provides a valuable contribution to the literature on innovation systems and cybersecurity, offering nuanced insights into the challenges and opportunities involved in the transition to post-quantum cryptography.

Mapping Stakeholders in Quantum Cryptography Transition

This study pioneers a novel approach to understanding the transition to quantum-safe cryptography, moving beyond technical assessments to examine the socio-institutional landscape. Researchers conducted an expert workshop in Amsterdam, leveraging insights from twelve key actor groups to develop a socially informed vision for a quantum-safe future. The methodology centres on a qualitative, iterative focus group design, enabling researchers to elicit stakeholder insights and refine analytical frameworks. This facilitated a deep understanding of policy coordination failures constraining the Dutch innovation system, revealing several responsibilities with unclear ownership.

The study integrates technically informed perspectives into its social scientific analysis, enabling effective communication and engagement with stakeholders. This involved detailed explanations of cryptographic systems, quantum properties, and the potential impact of cryptographically relevant quantum computers (CRQCs). Researchers defined Quantum-Safe Cryptography (QSC) as encompassing all cryptographic methods expected to withstand both classical and quantum attacks, with Post-Quantum Cryptography (PQC) as a major subset. This comprehensive approach frames the cryptographic transition as an innovation-system challenge, revealing how agency, expertise, and institutional coordination collectively shape societal readiness for the quantum threat.

Dutch Quantum-Safe Cryptography Innovation System Mapped

This research delivers a detailed mapping of the Dutch innovation system for quantum-safe cryptography (QSC), identifying twelve key actor groups and their roles in the transition to secure communication. Through a respondent-led workshop and reflexive thematic analysis, scientists established a shared understanding of terminology and defined the boundaries of the innovation system, focusing on accountability and responsibility. Participants unanimously accepted definitions for traditional cryptography, post-quantum cryptography (PQC), quantum key distribution (QKD), and hybrid cryptography, defining the latter as the combination of traditional cryptography with PQC. The thematic coding schema reveals that actors involved in financing and raising awareness are considered central to the innovation system.

Further analysis revealed that participants emphasized steering and conferring responsibility as key functions, with technical development receiving less prominence. The research highlights a clear distinction between ‘Intended’ and ‘Fulfilled’ roles for each actor group, providing a visual representation of the Dutch QSC innovation system and identifying areas where responsibilities remain unclear or unfulfilled. Scientists documented instances of role tensions and ambiguities, providing valuable insights into the challenges of coordinating a complex, multi-actor transition.

Governance Drives Quantum-Safe Cryptography Transition

This research delivers new understanding of the complex process required to transition to quantum-safe cryptography, identifying key actors and their roles within the innovation system. The study maps twelve groups involved in this transition, revealing that regulators currently exert the strongest direct influence, while standardisation bodies play a crucial, though indirect, role in shaping the process. Importantly, the analysis highlights areas where responsibilities remain unclear, demonstrating a need for coordinated governance to ensure a smooth and effective transition. The findings demonstrate that simply providing incentives or penalties is insufficient to drive widespread adoption of quantum-safe cryptography; a strong governance foundation is essential. The research team developed a method for detailed discussion of the innovation system through an iterative workshop design, and demonstrated the value of combining technical expertise with qualitative research methods to facilitate strong stakeholder dialogue. While centred on the Dutch context, the study’s insights are applicable to other national efforts navigating this critical technological shift.