This chapter explores the intersection of quantum computing and European Union (EU) cybersecurity law. It examines to what extent cybersecurity regulation in the EU is fit-for-purpose to deal with the challenges of quantum computing. Two key challenges are identified: (i) harvest now, decrypt later (HNDL) attacks, and (ii) the accelerated development of quantum computers outpacing current cybersecurity measures. The chapter argues that concepts like “state of the art” and “appropriate technical and organizational measures” characteristic of EU cybersecurity law fail to sufficiently account for cybersecurity threats anticipated to materialize in the future, but impacting networks and information systems today. Proposed solutions include enhancing judicial clarity of technical cybersecurity requirements, increasing policy focus on post-quantum cryptography, adopting firmer cybersecurity requirements in hard law, and shifting towards alternative terms that properly account for future cybersecurity uncertainties. The chapter concludes by advocating for proactive regulatory approaches anchored in anticipatory governance and multi-layered strategies to safeguard against the quantum threat.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

EU Cybersecurity Regulation in the Quantum Age

  • Peter Alexander Earls Davis,
  • Mateo Aboy,
  • Lee Andrew Bygrave,
  • Timo Minssen,
  • Urs Gasser,
  • Marcelo Corrales Compagnucci

摘要

This chapter explores the intersection of quantum computing and European Union (EU) cybersecurity law. It examines to what extent cybersecurity regulation in the EU is fit-for-purpose to deal with the challenges of quantum computing. Two key challenges are identified: (i) harvest now, decrypt later (HNDL) attacks, and (ii) the accelerated development of quantum computers outpacing current cybersecurity measures. The chapter argues that concepts like “state of the art” and “appropriate technical and organizational measures” characteristic of EU cybersecurity law fail to sufficiently account for cybersecurity threats anticipated to materialize in the future, but impacting networks and information systems today. Proposed solutions include enhancing judicial clarity of technical cybersecurity requirements, increasing policy focus on post-quantum cryptography, adopting firmer cybersecurity requirements in hard law, and shifting towards alternative terms that properly account for future cybersecurity uncertainties. The chapter concludes by advocating for proactive regulatory approaches anchored in anticipatory governance and multi-layered strategies to safeguard against the quantum threat.