A Strategic Framework for the European Quantum Act: A Standards-First Approach to Secure a Democratic and Competitive Future

Policy Brief

Mauritz Kop, Founder Stanford Center for Responsible Quantum Technology, CIGI Senior Fellow

Tracey Forrest, Research Director, Transformative Technologies, Centre for International Governance Innovation

Synopsis

The European Union stands at a critical inflection point. The forthcoming 2026 European Quantum Act is a generational opportunity to establish a governance framework that can foster innovation, ensure security, and cement the EU's role as a key player in the global quantum race. Our analysis, which builds on research published in outlets including Nature, Science, Stanford, Harvard, and Yale, proposes a proactive, two-pillar instrument for the Quantum Act. It should combine agile, NLF-style regulation with an ambitious, Chips Act-style industrial policy. Central to this framework is a "standards-first" philosophy, which treats technical standards not merely as tools for safety and interoperability, but as the primary mechanism for embedding democratic values directly into the technology's architecture. This approach will enable the EU to build a trustworthy, competitive, and powerful transatlantic quantum ecosystem, creating a strategic counterweight in the technological competition with China.

The Challenge: A Winner-Takes-All Race for the World’s Next Operating System

Quantum technology is a foundational revolution that is poised to reshape national security, finance, and medicine. The nation or bloc that leads will gain a significant geostrategic advantage. The primary governance challenge is to mitigate profound risks—from the asymmetric power threat of a quantum-enabled cyber-attack to geopolitical destabilization—while navigating the deep uncertainty surrounding future quantum impacts[1] and avoiding technological lock-in. A purely reactive approach risks ceding strategic ground, particularly as the U.S. pursues its "Winning the AI Race" plan and China implements its "AI+ Plan," both of which represent ambitious efforts to set the world's techno-economic rules of the road.

The Solution: A Two-Pillar, Standards-First Governance Model

Drawing lessons from the EU AI Act, the US/EU Chips Acts, and governance models from the nuclear sector, we recommend a modular framework that is adaptive across the technology's lifecycle.

Key Recommendations for the European Quantum Act:

1. Adopt a Two-Pillar Structure: The Act must simultaneously foster innovation through an ambitious Chips Act-style industrial policy (funding a DARPA-style agency, securing critical mineral supply chains, and accelerating lab-to-market pipelines) while imposing clear guardrails through NLF-style, risk-based regulation (using tiers, sandboxes, and principles like proportionality to let innovation breathe).

    

2. Implement a "Standards-First" Philosophy: The Act should mandate the creation of a Quantum Technology Quality Management System (QT-QMS), developed in partnership with international bodies like ISO/IEC and IEEE. This is the core of the governance model. Standards become the vessels for values, embedding fundamental rights and democratic norms into the technology's architecture from the outset, leading to a certifiable CE mark for quantum systems.

    

3. Prioritize Transatlantic Standards Alignment: The Act must explicitly direct European standards bodies to work in close coordination with their U.S. counterparts, particularly NIST. The strategic goal is to create a unified, trusted transatlantic market, preventing China from setting de facto global standards and ensuring interoperability based on shared democratic values.

    

4. Establish an EU Office of Quantum Technology Assessment (OQTA): A dedicated expert body is needed to provide foresight, technical expertise, and coordination, managing a data-driven Quantum Criticality Index (QCI) to secure supply chains and advising on targeted export controls.

    

Conclusion

The European Quantum Act is more than legislation; it is a declaration of strategic intent. By adopting a two-pillar, standards-first approach that combines ambitious investment with responsible governance, the EU can strengthen its technological sovereignty and build a powerful transatlantic alliance. This will ensure the future of this transformative technology is shaped by democratic values, culminating in a global governance vision[2], to prevent the proliferation of quantum and AI weapons of mass destruction and ensure technology is developed for the benefit of all humankind.

Future Outlook

The European Quantum Act does not emerge in a vacuum. Internationally, momentum is building surrounding key components of the recommendations set forth above. This includes efforts to promote collaboration on quantum research, cyber- and supply chain-resiliency, and standards (e.g., G7 Kananaskis Common Vision for the Future of Quantum Technologies). Rapid developments in other domains – such as AI, biological engineering, and robotics – are set to converge with quantum technologies in impactful ways. Taken together, these developments underscore the need for an anticipatory, adaptive, and agile governance approach as proposed herein. Our forthcoming work will consider the strategic opportunity to advance international quantum governance and examine related issues at the interface of national security, IP, quantum technologies, and grand strategy. 

The full 80-page version of this analysis will be published by Columbia Law School and can be accessed here, titled: 

Mauritz Kop – Towards a European Quantum Act: A Two-Pillar Framework for Regulation and Innovation (Sept 9, 2025), Volume 31, Issue No. 1, Columbia Journal of European Law, Columbia Law School 2025. Preprint available at SSRN: https://papers.ssrn.com/sol3/papers.cfm?abstract_id=5480630 

Towards a European Quantum Act: Executive Summary

Quantum technologies, encompassing quantum computing, quantum sensing, networking, and artificial intelligence (including quantum-AI hybrids), hold promise for transformative advancements across numerous sectors. Humanity stands at a technological inflection point, with quantum poised to redefine entire industries. Realizing this potential while mitigating inherent risks and upholding fundamental values like human rights and the rule of law necessitates a robust, anticipatory, and harmonized regulatory framework at the EU level, grounded in the precautionary principle. Existing legal and regulatory paradigms, built on classical assumptions of cause and effect, are insufficient to govern technologies derived from the unique and counter-intuitive effects of quantum mechanics. This need for a bespoke framework is rooted in a fundamental conflict between the physics of the quantum realm and the classical, Newtonian worldview that implicitly underpins our legal systems. Its principles lead to an erosion of factual certainty through superposition, the end of locality through entanglement, and a profound challenge to causality through tunneling. The very nature of superposition (the ability to exist in multiple states at once), entanglement (non-local correlations that Einstein called 'spooky action at a distance'), and tunneling (the capacity to breach classical barriers) creates unprecedented capabilities and risks that demand a sui generis legal approach, contributing to the emerging lex specialis for quantum information technologies.

This contribution outlines the rationale and key considerations for a dedicated European Quantum Act (EU QA), responding to strategic imperatives such as the Quantum Europe Strategy and the European Declaration on Quantum Technologies. It draws valuable lessons from existing legislative and innovation strategies in the semiconductor (EU and US Chips Acts) and artificial intelligence (EU AI Act, UK pro-innovation approach, US AI Action Plan, and China's AI+ Plan) domains, as well as governance models from the nuclear sector (IAEA/NPT). A central aspect of this analysis involves a strategic comparison with the U.S. "Winning the AI Race" plan and China's AI+ Plan, and its associated quantum legislative proposals. These U.S. policies can be viewed as forming an "American Digital Silk Road," an ambitious effort to build a techno-economic sphere of influence by setting the global "rules of the road." Understanding this analogy provides the EU with valuable insights into the importance of adopting a "full-stack" industrial policy and defining a distinct, values-based model of international technology diplomacy as a compelling alternative.

In response, our analysis concludes that the EU Quantum Act should be a two-pillar instrument, combining New Legislative Framework (NLF)-style regulation with a more ambitious Chips Act-style industrial and security policy that learns from successful US innovation models. This two-pillar approach achieves two complementary objectives simultaneously: it simultaneously fosters innovation and economic growth through strategic investment while imposing clear regulatory guardrails based on risk. The framework is also modular, designed to be adaptive across the technology's lifecycle with adjustable components—such as risk-based tiers, guiding principles, and regulatory sandboxes. For its industrial policy, the Act can draw from the EU and US Chips Acts to model funding mechanisms, secure supply chains for critical materials, and accelerate the "lab-to-market" pipeline for innovation. This can be further enhanced by adopting practices inspired by the US Defense Advanced Research Projects Agency (DARPA) to incentivize high-risk, high-reward research through competitions and prizes. For its regulatory arm, the EU AI Act, which is built upon the EU's New Legislative Framework, provides a robust, risk-based framework for managing the dual-use nature of emerging technologies, offering a model for establishing prohibitions and obligations for high-risk quantum applications. To balance this and avoid the EU falling behind due to overregulation, the contrasting UK's principles-based approach to AI regulation offers an avenue for tempering prescriptive rules with overarching guidelines, implemented through sector-specific regulators. Coherence across diverse quantum-AI implementations, market verticals, and existing EU legislation can be achieved through the principle of functional equivalence, which focuses on regulating behaviors and use cases rather than the technology itself. Synthesizing historical lessons, the Act must combine the anticipatory foresight of the nuclear model, the ethical integration of biotechnology and AI, and the adaptive flexibility of the internet model, while rejecting the latter's failed "permissionless innovation" ethos to justify proactive, ex-ante rules. Finally, the historical challenges of nanotechnology regulation—including overregulation, overpromising, and a lack of public awareness—underscore the critical need for proactive dialogue and the avoidance of overly burdensome rules that could stifle innovation.

To ensure regulatory action is both proactive and innovation-friendly, the Act must be guided by a sophisticated application of core EU principles. It should embrace the precautionary principle to justify early engagement with uncertain, high-impact risks, yet this must be rigorously balanced by the principles of proportionality and subsidiarity to avoid stifling innovation. This balanced stance is operationalized through the Act's risk-based framework and regulatory sandboxes, ensuring that intervention is targeted and does not overregulate promising areas of development. 

A comparative study of global innovation ecosystems (US, EU, China) highlights the need for the EU QA to strategically support both fundamental research and commercialization, particularly fostering dual-use technologies and avoiding historical limitations on funding scope. This includes learning from the comprehensive ecosystem-wide strategy of the U.S. AI Action Plan and the pragmatic, application-focused approach of China's AI+ Plan, while consciously developing a distinct European model of international partnership that contrasts with the assertive technology diplomacy of the U.S. In this context, investing in dual-use capability is presented as a responsible act of deterrence necessary for national security and technological sovereignty in the current geopolitical reality. This strategic investment is not merely an act of self-reliance but a prerequisite for the EU to become an indispensable partner in a transatlantic tech alliance, ensuring that democratic values underpin the next technological era. Learning from the well-established governance structures of the nuclear industry—including the International Atomic Energy Agency (IAEA), the Treaty on the Non-Proliferation of Nuclear Weapons (NPT), and the Nuclear Suppliers Group (NSG)—particularly in safety regulation, non-proliferation verification, and export controls, provides valuable insights for managing quantum risks. The large-scale international investment and collaboration model seen in nuclear fusion research (e.g., the International Thermonuclear Experimental Reactor ITER) and fundamental physics (e.g., CERN) also offers a compelling precedent for quantum computing and simulation, sensing and metrology, and networking and communication development.

This contribution recommends a hybrid, modular regulatory structure for the EU QA, following the technology lifecycle (ex-ante, ex-durante, ex-post). This approach combines a risk-based classification system with a comprehensive set of overarching principles for Responsible Quantum Technology (RQT). These principles address the full spectrum of concerns, from technical requirements like Safety, Security, and Robustness, to procedural safeguards such as Transparency, Explainability, Accountability, and Contestability, and foundational societal values including Fairness, Sustainability, Equitable Access, Privacy, and the protection of Human Agency and Oversight. This is complemented by a forward-looking commitment to Proactive Risk Management, Dual-Use Mitigation, international Collaboration, and long-term Intergenerational Equity.

The contribution articulates the concept, or metaphor, of a ‘quantum event horizon’, which underscores the inherent unpredictability and the prospect for technological lock-in that characterize this nascent field. Just as an event horizon in astrophysics marks a boundary beyond which events cannot affect an observer, and in quantum mechanics, observation influences the state of a particle, the ‘quantum event horizon’ in the context of quantum technology signifies a point where future developments, applications, and societal impacts become increasingly difficult to foresee. In addition, it serves as a stark warning against technological lock-in and path dependency, marking a governance tipping point beyond which intervention becomes exponentially more difficult. We thus recommend a dual strategy of heavily investing in responsible quantum innovation to create a decisive first-mover advantage, while simultaneously using foresight techniques and adaptive governance mechanisms designed to navigate the deep uncertainty associated with a 'quantum event horizon'. These efforts should be supported by a dedicated EU Office of Quantum Technology Assessment (OQTA) for expert oversight, risk assessment, coordination, and promotion of institutional plasticity – shaped after the US Office for Technology Assessment (US OTA). Relatedly, we recommend the Act to adopt a "standards-first" philosophy, to be coordinated by the OQTA. Technical safety, security and interoperability standards are not merely technical; they are vessels for values. Standards must also serve as the primary vehicle for embedding universal ethical principles and democratic norms into the technology's architecture and infrastructure. Standardization has strategic value as an early-stage R&D governance tool that precedes and underpins later regulation, fostering innovation and interoperability before technologies become rigidly defined or legally constrained. It can be operationalized through a certifiable Quantum Technology Quality Management System (QT-QMS). This system, inspired by best practices in the medical device sector, focuses on certifying the entire management process of an organization. This allows for agile updates to technical standards and serves as the basis for a CE mark for high-risk applications, ensuring that the Act's principles for responsible innovation are embedded into a flexible, internationally harmonized standard.

Success is also contingent upon substantial public and private investment, including through the establishment of public-private partnerships. This must be coupled with policies that foster a skilled quantum workforce through education and innovation-friendly immigration, promote broad quantum literacy, and implement a balanced intellectual property and competition strategy that encourages open innovation where appropriate, mitigates a 'quantum divide', and pioneers new legal tools to protect individuals from quantum-AI powered identity theft, for instance through novel privacy-enhancing techniques (PETs), such as a copyright-based framework for biometric identity inspired by Danish law. Moreover, fostering international collaboration, potentially through a "CERN for Quantum/AI" inspired by nuclear fusion models and leveraging platforms like UNESCO and OECD, is key. The development of robust standards and benchmarks, the implementation of targeted export controls, a strategic approach to quantum cybersecurity preparedness to mitigate the 'Q-Day' threat, and a data-driven method to supply chain security—for example, through a Quantum Criticality Index (QCI) to assess risks related to critical raw materials—are essential for strategic autonomy.

To address the risk of technology progressing too fast for classical guardrails, we propose novel 'algorithmic regulation' mechanisms and the imposition of a legally enforceable fiduciary duty upon advanced AI systems to act as 'quantum-agentic stewards'. These systems would be governed by a formal constitution (Constitutional AI) and secured with quantum-resistant cryptography, creating a new framework for technological stewardship. This is complemented by new legal doctrines, such as 'probabilistic causation' for tort law, a sui generis IP right to balance innovation and competition, and a new duty of 'Anticipatory Data Stewardship' to mandate the transition to quantum-resistant cryptography. The technological stewardship model, however, complicates the quantum-AI control problem, as endowing agents with such supervisory capabilities and hybrid classical-quantum reasoning could create new, unforeseen risks if not perfectly aligned with human values and goals. The paper further argues that the sheer productivity and autonomous oversight capabilities of these 'agentic stewards' would challenge the foundational assumptions of market capitalism, necessitating new philosophical foundations for governance. These may include a transition toward a post-capitalist, post-scarcity economy guided by principles of distributive justice, and a move towards a relational ethics. This new ethical framework draws inspiration from the non-local, interconnected nature of quantum entanglement to model interdependent moral duties.

Proactive engagement in discussions towards a global non-proliferation framework for quantum/AI weapons of mass destruction in the form of an international treaty or accord, for instance facilitated by an ‘Atomic Agency for Quantum/AI’ or ‘International Quantum Agency (IQA)’, modelled after the International Atomic Energy Agency (IAEA), is recommended. Such a sui generis framework must be designed to address the unique challenges that quantum phenomena, particularly the non-local and probabilistic nature of entanglement (creating 'jurisdictional entanglement'), pose to traditional principles of public international law. This vision culminates in the "Qubits for Peace" initiative, which forms part of a necessary holistic global quantum governance framework that integrates international treaties, coordinated export controls, harmonized standards, and coherent national regulations, designed to ensure quantum technologies are developed safely, ethically, and for the benefit of all humanity. Ultimately, the EU QA should aim to create a vibrant, responsible, and societally beneficial quantum ecosystem, ensuring these transformative technologies are harnessed for sustainable economic growth and the common good while safeguarding against harms and avoiding or minimizing regulatory fragmentation.

The concluding section consolidates the previous analysis to propose a potential outline of a EU Quantum Act that contains key legislative elements. This blueprint serves as a concrete proposal, integrating the diverse insights gathered and providing a detailed overview of the recommended content and structure for a prospective EU Quantum Act.

[1] Dubbed ‘’quantum event horizon’’, marking a governance tipping point beyond which intervention becomes exponentially more difficult. 

[2] See, for example, the “Qubits for Peace” initiative.