EU Cybersecurity Regulation in the Quantum Age
摘要
This chapter explores the intersection of quantum computing and European Union (EU) cybersecurity law. It examines to what extent cybersecurity regulation in the EU is fit-for-purpose to deal with the challenges of quantum computing. Two key challenges are identified: (i) harvest now, decrypt later (HNDL) attacks, and (ii) the accelerated development of quantum computers outpacing current cybersecurity measures. The chapter argues that concepts like “state of the art” and “appropriate technical and organizational measures” characteristic of EU cybersecurity law fail to sufficiently account for cybersecurity threats anticipated to materialize in the future, but impacting networks and information systems today. Proposed solutions include enhancing judicial clarity of technical cybersecurity requirements, increasing policy focus on post-quantum cryptography, adopting firmer cybersecurity requirements in hard law, and shifting towards alternative terms that properly account for future cybersecurity uncertainties. The chapter concludes by advocating for proactive regulatory approaches anchored in anticipatory governance and multi-layered strategies to safeguard against the quantum threat.