Linklaters’ Albert Yuen explores the transformative impact of quantum computing in Asia and what it will mean for regulatory compliance.
Seen by many as the next technological frontier, quantum computing harnesses the laws of quantum mechanics to handle operations at speeds that are exponentially faster than current conventional computers.
This marks a departure from classical computing (which use binary bits of 1 or 0 to store and process data) by using quantum bits or ‘qubits’, which can exist in multiple states at once and effectively allows much more data to be stored in the string of qubits.
Without binary limitations of true vs false, a quantum computer solves problems by considering all possibilities at once, finding the answer significantly faster than classical computers.
Quantum computing development has become a strategic priority for certain APAC jurisdictions.
An example is China’s 14th 5-year plan (2021–2025), which lists quantum technology as a key ‘high technology’ for national defence and economic growth.
CROSS-BORDER COMPLIANCE
The race for quantum computing supremacy has geopolitical implications that affect how it is treated by regulators from different jurisdictions.
Already, the U.S. has enacted investment restrictions targeting Chinese entities in the quantum computing sector effective from January 2025. The US Treasury’s rule was finalised in October 2024 and aims to implement President Joe Biden’s Executive Order from 2023.
The rule bars US persons from investing in Chinese “quantum information technologies”, including the development or production of (a) quantum computers (including critical components), (b) certain quantum sensing platforms, and (c) quantum networking and quantum communication systems.
“Organisations involved in the production, development, distribution or even use of quantum technologies will need to pay close attention to compliance and sanctions issues.”
This follows an interim final rule to implement export controls on quantum computing technologies implemented in September 2024, and the addition of 22 Chinese entities onto the US Entities List in May 2024.
The implications for risk managers in Asia are similar to those surrounding AI and semiconductors.
Organisations involved in the production, development, distribution or even use of quantum technologies will need to pay close attention to compliance and sanctions issues. This includes reviewing and assessing their supply chains and plan ahead to remain competitive and operationally resilient in order to source availability of such critical technologies.
LEGAL AND REGULATORY RISKS
Quantum computing raises cyber security risks and concerns because such technologies have the potential to circumvent or break current encryption standards used to protect an organisation’s data or system security.
In February 2024, the Monetary Authority of Singapore issued an advisory note to financial institutions on cybersecurity risks associated with quantum computing. The challenge will be to develop and implement quantum-resistant cryptography, which will become the new standard for cyber security.
Cyber security and privacy regulatory authorities in various jurisdictions globally are making post-quantum cryptography a priority and we have seen jurisdictions introduce new (or strengthen existing) laws for critical infrastructure operators with enhanced cybersecurity requirements for their critical IT systems.
“Risk managers must consider how technical and organisational standards to safeguard data under data protection regulation in Asia might be raised to a new level”
Compliance with data protection laws o¦en requires an organisation to adopt a reasonable standard of security over its personal data.
Risk managers must therefore consider how technical and organisational standards to safeguard data under data protection regulation in Asia might be raised to a new level with the risks posed by quantum computing. Indeed, postquantum cybersecurity will not depend on technology alone but new rules and standards.
The National Institute of Standards and Technology (NIST) has already released three finalised postquantum encryption standards and encourages computer system administrators to transition as soon as possible. While NIST standards are U.S. specific they often set a global benchmark.
IMPLICATIONS FOR BUSINESSES
Quantum computing and ‘supercomputers’ have the potential to solve problems for business and governments that are too complex for today’s computers, which in turn may foster new levels of innovation.
However, with such opportunities come new challenges.
Risk managers will need to carefully navigate issues around quantum technology – from sanction and compliance burdens, impacts on global supply chains, and increased cyber security and data protection regulatory compliance issues, to the need to rapidly adopt new technological and organisational standards, and protecting their data and systems.
No comments yet