1 Introduction

Quantum information technology (QIT) is a dynamic and emerging field with potentially far-reaching economic, geopolitical and even social impacts. While technology governance is a vast discipline Rayfuse (2017), Brownsword and Rights (2008), Brownsword et al. (2017), work focusing specifically on the governance of QIT is nascent by comparison. This is primarily due to the early stage of QIT development and considerable uncertainty regarding the form which QIT will eventually take. As discussed below, despite promising advances and considerable investment in the sector, QIT remains at a prototypical stage of development with the prospect of fully scalable fault-tolerant QIT devices remaining unrealised. Most work on quantum governance has emerged in the context of discussions on either the necessary conditions to support quantum innovation or in the context of security implications of, for example, vaunted cryptographic implications of QIT. Importantly, QIT is not emerging in a vacuum: a raft of existing governance procedures, frameworks, institutions and practices already exist for its regulation. The governance of QIT requires situating QIT within the broader nexus and hierarchy of technology governance in general. Doing so mandates an analysis of how existing governance instruments could relate to QIT and what, if any, novel governance responses are required to meet policy objectives.

1.1 Contributions

Despite uncertainty in the form and shape that scalable QIT will take, a number of works have started to examine the implications of QIT across a variety of governance domains. These include situating the governance of QIT within (i) technology governance more generally Johnson (2018), Kop (2021), (ii) responsible innovation paradigms Ten Holter et al. (2021) and (iii) intellectual property regimes Kop (2021). Other frameworks have also recently emerged seeking to provide guidance on overarching governance principles of use to different stakeholders in QIT sectors World Economic Forum (2022). This paper builds upon such contributions by providing an outline of an (idealised) actor and instrument model of quantum governance. Its focus is upon formal and informal governance instruments as means of mediating benefits and risks of QIT as they affect stakeholder rights, interests and obligations across a hierarchy of international, national, public and private contexts. We denote this hierarchy as the quantum governance stack given the hierarchical nature of governance and its direct relationship to information technologies. Our approach adopts the following taxonomy: (a) states (governments) as the primary agents of regulation, and their role in (i) international and (ii) national formal (legislative) regulation; (b) multilateral institution(s); (c) national instrumentalities, such as parliaments and administrative agencies; (d) industrial and commercial stakeholders; (e) universities and academia; (f) individual producers/consumers of QIT and (g) civil society and technical community groups. By quantum, we mean quantum information technologies, principally quantum computing, communication and quantum sensing that are fundamentally characterised by their informational processing properties; by governance, we mean both ‘hard’ formal enforceable rules and ‘soft’ power or influence driven by particular objectives or outcomes; by models, we mean an idealised methodology and structure for what different parts of the governance stack would ideally resemble. We also aim to make our contribution practical to help guide stakeholders’ thinking about their role in the governance of QIT. Our focus is analysing how existing governance frameworks provide models which may be adapted, reproduced or modified to provide best-practice responses to QIT. To this end, our paper contributes the following: (i) situating the governance of quantum systems within existing technology governance instruments, such as international treaties, legislative regimes and regulation; (ii) a comparative analysis of the governance of QIT by comparison with similar information and engineering technologies; (iii) a survey of different quantum stakeholders, their objectives and their imperatives; and (iv) providing practical guidance for quantum stakeholders.

We argue that our quantum governance stack model, with its focus on stakeholder rights, duties and interests and empirical evaluation, articulates core necessary conditions required for the development of appropriate QIT governance by states, governments, technical communities, private sector participants, public institutions, individuals and civil society groups. This includes providing a systematic means by which stakeholder can frame their participation in QIT governance, a focus on risk management and balancing competing interests. Our contention is that such an empirically focused approach (based upon ongoing assessments of the state of QIT) allows for evolutionary forms of governance that are responsive to the dynamic and highly uncertain trajectory of QIT development in ways that will mitigate risks but also foster development of this critical technology. Our model explicates key characteristics that quantum governance should exhibit, including (i) identification of stakeholders involved in QIT together with an assessment of their rights, interests and obligations which will likely be impacted by QIT; (ii) avenues for stakeholder engagement; (iii) risk-assessment of such impacts; (iv) identification of appropriate instruments by which such impacts are managed and obligations upon stakeholders are encoded; (v) methods for assessing effectiveness; and (vi) processes for dynamically updating the governance architectures as required.

1.2 The What and Why of Quantum Governance

The governance of QIT is likely to be complex and multifaceted. It spans a diverse range of institutional practices and norms across government, corporate, individual and supranational stakeholders. Governance can cover a variety of formal and informal instruments involving complex interconnections among law, regulation, normativity, institutional practice, risk management and discursive power Black (2005, 2012). Quantum governance is therefore naturally a contextual and blended concept. In this paper, we adopt a broad conceptualisation of governance as involving both (i) hierarchical and enforceable rules and decision-procedures together with (ii) normative or discursive approaches.

Even before considering the form of governance for QIT, we must address two threshold questions: (1) why, despite uncertainty around QIT’s technological development, is discussion of QIT governance well-motivated?; and (2) whether QIT requires different, new or novel governance that does not already exist within the technology governance landscape? The answer to the first question is found by reflecting upon the classical Collingridge dilemma Collingridge (1980) of technological governance generally (which we discuss in Sect. 2.4 below), namely that regulation is difficult until technology becomes more developed, widely disseminated and its impact is known, yet by that time regulation can become difficult. Emerging norms of use tend to set the context for later regulation, by embedding ways of using or propagating technology across industry, government and markets. Once such norms are established — and particularly once economic sunk costs associated with them accumulate — it can become difficult for regulatory responses to shift default behaviour. An important way of responding to this dilemma is for stakeholders involved in QIT to concurrently consider appropriate risks, impacts and governance models as the technology is developing, thereby influencing the ongoing use of technology in ways that factor in the objectives of regulation.

The second of these questions can be framed in jurisprudential language: is quantum governance sui generis, requiring its own specific governance regimes? The answer is both yes and no. As we discuss in this article, the web of technology governance instruments regulating the use of technology already apply to the various iterations and manifestations of QIT. Technology has since its inception been entwined with governance Solis (2010). Moreover, technology has also consistently been the subject of multilateral initiatives designed towards their regulation, such as treaties banning certain chemical and biological weapons Geneva (1925), United Nations (1972), (1993) and exceedingly injurious weaponry United Nations (1980), (1996). Thus, the regulation of QIT fits within the broad regulation of emergent technologies such as artificial intelligence Solis (2010), Allenby (2014), albeit with its own unique features.

As a number of authors highlight, while much literature in technology governance focuses on finer-grained questions of what regulation is justified or the form of regulation, often a more relevant or a priori question to ask is how existing legal or regulatory responses may be adapted to QIT and their impacts Brownsword and Yeung (2008), Moses (2017). To this end, technology governance is often framed in terms of technology neutrality, responding to the outcomes effects or impact of technology rather than the technological specifics per se Koops (2006). Such technology-neutral approaches also recognise the disruptive nature that technological innovation can present legal systems Brownsword (2008), Maas (2019), which are themselves developed among a backdrop of economic modes of production and social interaction which are evolving. This is particularly the case given attempts to prescriptively list or even predict the impact of technology, let alone define it, can be fraught. The evolving nature of QIT itself therefore requires a dynamic and evolutionary governance response.

Some scholars Moses (2017) argue that the form of technology is in effect irrelevant to justification of regulation — and that rather the focus of regulation is in its effects. However, the material form of technology will affect the form of regulation and thus such material specificity becomes integral to justifying why regulation takes one form or another. For example, the specific capacities and limitations of QIT, such as the potential regarding decryption and the limited capacity to intervene in quantum systems while maintaining requisite quantum coherences, may mandate that the forms of technical control (and regulatory imperatives) factor in such constraints in novel ways (see Perrier (2021) for a synopsis). While certain risks, such as the downside risks, posed by certain QIT (should they be realised) are not necessarily novel per se (e.g. the risk or harms from access to quantum decryption technology may be adequately covered by laws prohibiting such activities regardless of the technology used), arguably there is a rationale in technology-specific governance regimes beyond mere technical specification. Such rationales include (i) the way in which sui generis regimes act to coalesce various forms of governance around a particular technology, effectively enumerating or articulating how broad abstract principles would specifically apply in the case of QIT (rather than leaving such principles abstract and thus potentially less actionable); and (ii) that governance should match the discourses around technology. This is because doing so enables stakeholders to more readily connect their domain expertise or community activity within a technology context to governance itself, rather than relying on such stakeholders to join the dots as it were. It also helps stakeholders realise that their use or development of technology is governed already. Thus, there are plausible arguments for why it may be of practical use to develop quantum-specific regulation. Rationales for regulation include (i) economic rationales, such as performing coordinating functions or facilitating market efficiency, (ii) the protection of stakeholder rights (human rights) and (iii) regulation for maintenance of order Moses (2017), Prosser (2010). For example, the market efficiency rationale of promoting competition, avoiding monopolistic practices and concentrations of market power Blair and Sokol (2017), American Bar Association (2017) is as applicable to the quantum sector as any other. Similarly, as identified in emerging literature on quantum ethics Perrier (2021), World Economic Forum (2022), QIT poses its own unique risks to be managed in proportional ways Rothstein et al. (2006). Furthermore, normative claims regarding the need to ensure democratic accountability in the management of technology, that it be subject to democratic will Feenberg (1999), apply categorically also to QIT.

2 Quantum Information Technology

2.1 Overview

A useful starting point for governance of QIT is to develop a taxonomy of (i) the significant differences with classical technologies; and (ii) the unique risks (upside and downside) that arise consequential upon those differences. In this article, we focus our approach on quantum information technologies and information processing, such as quantum computation, quantum communication and quantum sensing.Footnote 1 We set out a very brief synopsis of the key features of QIT (such as quantum computing and quantum communications) which differentiate QIT from other classical forms of technology. We eschew detailed technical discussion of quantum information processing (for a synopsis, see Nielsen and Chuang (2011), Aaronson (2013)), instead focusing on the most significant characteristics relevant to governance. Firstly, one must specify what it means to classify a technology as quantum.Footnote 2

Since Feynman’s conceptual inception of quantum computing as a means of simulating physics with computers Feynman (1982), Preskill (2021), global research and engineering efforts have been focused on developing the theory and hardware for achieving scalable and useful quantum information processing devices, i.e. quantum computers. This search is motivated by the prospect that quantum computers expand the boundaries of computation beyond what is not only currently feasible, but what could ever be achieved using classical information processing. The main distinguishing features of quantum as opposed to classical computation are the availability of (i) superposition states and (ii) entanglement. These two primary quantum phenomena are responsible for the (widely believed) effective advantage of quantum computation over classical computation (quantum supremacy). This is the belief that — if certain technical assumptions around scalable fault tolerant quantum computation are met — quantum computing will lead to a drastic expansion in computational resources. As a result, such expansion will (a) enable certain problems that are classically intractable (i.e. cannot be undertaken on any classical computer, no matter its size) to become tractable; and, probably more relevantly, (b) renders practical certain computations which, while theoretically possible for classical computation, in reality exceed available resources on any meaningful spatial or temporal time scale. Quantum sensing Degen et al. (2017) (measurement) and quantum communication (such as quantum key distribution) Rohde (2021) are similarly characterised by enabling activities that are uniquely quantum in nature.Footnote 3

Understanding the (upside and downside) risks of potential QIT is challenging because the exact form, limitations or constraints on how QIT may be realised are largely unknown. The main goal of QIT research is the development of fully scalable fault-tolerant quantum computers, devices whose computational capacity can scale while remaining robust to errors and noise. However, the current state-of-the-art is a long way from realising such devices. In the field of quantum computation, most demonstrations of high-quality (high fidelity) devices are limited to one- and two-qubit systems or at best so-called noisy intermediate scalable quantum devices (NISQs) (see Preskill (2021) for a recent overview of the state-of-the-art) in the order of tens of qubits. None of these devices exhibits for example the error-correction properties required for scalable quantum information processing. This is a reflection of the immense technical hurdles facing the realisation of QIT. In addition, it is unclear which physical form QIT will likely take in the majority of cases: trapped ion, superconducting, photonic etc., each of which carries its own opportunities and constraints. Nevertheless, consistent with anticipatory thinking on quantum governance, it is useful to spell out the primary impacts or risks if the vaunted ‘best case’ scenarios for QIT are realised. To do so, we need a sense of what form QIT would likely take. To this end, we set out below a few parameters of likely realisations of QIT.

2.2 Technical Impacts of QIT

Fault-tolerant scalable quantum computers (if achievable) are almost certainly only going to be realised in large-scale infrastructural setups within universities, industry or governments. That is, quantum is ‘big science’. It requires large-scale investment and considerable infrastructure to develop and maintain. QIT devices will unlikely be, for example, ubiquitous or portable devices as is the case for classical computing devices such as smartphones, personal computers or laptops. This is directly related to the overheads/infrastructure required to handle the extremely delicate physical conditions that must be maintained to realise quantum effects. The distribution of such QIT devices will probably resemble more super-computing or high-performance computing hubs accessed remotely using cloud-style service infrastructure. Early-stage examples of these types of setups include cloud-quantum offerings by IBM, Amazon, Xanadu and others. This underlying mode of production for QIT then affects who may access QIT resources and how such access would be governed and monitored for example. The availability of superposition states and entanglement contribute to the mooted enhanced computational capacity for QIT (see Perrier (2021) for a review of ethical implications of such issues). Somewhat oversimplifying, these two uniquely quantum properties are at the heart of two of the main impacts of QIT, the impact on computational capacity and communications. With this snapshot of the likely landscape of QIT above, we can proceed to identify a few key impacts that would probably arise if the best-case prognoses of QIT are realised (and assuming that quantum computers do exhibit superior performance relative to classical). We focus on the impacts of quantum computing and quantum communication in relation to QIT.

From a computational standpoint, the primary impact of best-case realisation of QIT would be upon the ability to (a) computationally solve problems which currently cannot be solved efficiently (in a loose sense), i.e. they are too resource intensive or take too long; and (b) solve problems which are intractable, that is, could not be solved by any classical computer. In general, the availability of superior computational capacity would likely provide an advantage against classical counterparts in a host of domains, including financial, modelling, predictive analytics, engineering, national security and defence. In industry, access to superior computational capacity would provide in principle (certeris paribus) firms with a competitive advantage (consider financial market trades, product design, chemical synthesis etc.). While having a computational advantage is not necessarily confined to quantum phenomena, the scale at which such QIT devices could outperform classical computers for certain tasks would render this improvement in performance a comparatively unique characteristic of quantum computation. Furthermore, because of the way in which networking quantum computers affects their computational characteristics and capacity, then geostrategic implications may also arise related to how and when/where nation states share computational resources (see Rohde (2021) for a synopsis of such issues).

From a communications’ standpoint, the enhanced computational capacity of QIT would have a number of impacts on how communication is undertaken. Two significant impacts upon communication would include (i) the ability to decrypt certain classically encrypted information Gisin et al. (2002), Bernstein and Lange (2017), and (ii) the ability to encrypt data in a way which could not be (or would be unlikely to be) decrypted classically. The ability to decrypt existing or historically classically encrypted data would have profound impacts. Classical encryption is at the bedrock of modern economies and national security apparatuses: financial transactions, credit card transactions, data security etc. all rely upon the inability of classical computers to decrypt (within any meaningful timescale) data that has been encrypted. This is the basis, for example, of RSA and similar encoding protocols. In principle, access to a sufficiently scaled quantum device (under the above assumptions) would enable decryption of such information, rendering it non-confidential. This could and would have profound implications for how information is communicated and in turn upon the fundamental arteries of modern economies and communication networks. Moreover, entanglement-based communication protocols may, if realised, open up enormous potential for a revolution in communications (for example, enabling higher volume or communication across vast distances) Rohde (2021), Preskill (2021). Put another way, if the speculations about QIT capacity are realised, then it would enable those with access to significantly affect modern information systems or develop superior information architectures. Indeed, this is the primary reason why most quantum research has been thus far, directly or indirectly, funded via governments and associated national defence institutions. We explore this particular impact and its associated risk in detail further on. Such considerations then bear upon questions of how QIT should be developed, whom should have access and the types of use-cases available. For example, permitting mass consumer-access to QIT in a way that would enable mass decryption of classically encrypted data would likely be unacceptable. These are all core issues for the governance of QIT.

Whether such impacts identified above are realised is an open question: we are far from such scenarios currently. Nevertheless, such potential impacts arise as a result of the unique features of quantum information processing as distinct from classical. Thus, it can be said that QIT, in particular cases, does give rise to uniquely quantum impacts or risks per se. These two sets of impacts would in turn likely give rise to normative or governance imperatives seeking to control the use of technology via imposing obligations upon quantum stakeholders related to the development, distribution and use of such technology. The quantum governance stack we articulate below aims to provide a blueprint for reasoning through who should respond to such impacts and means by which they can do so. It is intended to provide a more granular approach which enables analysis of how these and other implications of QIT may be matched to stakeholder interests, rights and duties and appropriate governance instruments. We discuss such impacts in more detail in later sections of the article (see Table 2 below for an example).

2.3 Quantum Objectives and Risks

Our approach to QIT governance proceeds by taxonomically mapping governance objectives, such as QIT development or ensuring secure communications, to the interests, rights and objectives of stakeholders. Governance of QIT incorporates maintaining or establishing conditions that facilitate and foster the development of QIT. Governance should not be narrowly construed as merely managing or responding to negative risks. Positive objectives that governance should facilitate can be categorised into (i) development, facilitating the development of scalable fault-tolerant quantum computer(s) (SFTQC); (ii) infrastructure, including for networked SFTQC such as for the quantum internet; (iii) security, covering primarily data security and encryption issues; and (iv) coordination, covering the use of governance instruments to coordinate behaviour among stakeholders (for example, public-private coordination, or coordination among states, or standardisation and interoperability of technology protocols). Governance must also be cognisant of the milestones and status of QIT development. In this work, rather than seek to enumerate all (speculative) risks of QIT, we instead focus on how existing governance responses could identify, manage and control for such risks as they emerge.Footnote 4

2.4 Development as Objective and Risk

Any approach to quantum governance must factor in the primary objective of developing QIT itself. The development of technology should not be considered separate or parallel to governance. Rather, it should be considered as a primary objective itself to be compared with other fundamental normative objectives, such as maximising social welfare. QIT is technically complex, challenging to develop and uncertain in prospect. Despite enormous advances in QIT over the last several decades, quantum computational devices remain at experimental ‘proof of concept’ stages, largely confined to a few qubits or in the order of tens of qubits with limited capacity to undertake meaningful tasks that would not currently be more efficiently undertaken using classical devices. Furthermore, there remains considerable uncertainty regarding the likely form that quantum hardware will ultimately manifest in: while a variety of candidate architectures, such as photonic, trapped ion, superconductor-based, offer promising results, it is unclear as to which of these, if any, will give rise to both sufficiently scalable and fault tolerant quantum information processing. Such uncertainty about the likely form of SFTQC (indeed whether it is truly achievable) can be reasonably characterised as development risk, reflective of how stakeholders involved in QIT must make resource allocation decisions and set priorities in the face of considerable uncertainty (for example, previously mooted topological approaches to quantum computing which received considerable investment Giacomin (2016) have thus far failed to meet certain key thresholds Ball (2021)). Development risks are crucial considerations in any approach that seeks to govern QIT and how it is governed. Put another way, the upsides of technology can and should be framed in terms of risk. Despite its occasional pejorative framing, risk includes upside risk, the uncertainty or variation in outcomes leading beneficial or desirable outcomes. By factoring in the uncertainty around development via such a risk-based set of measures, governance of QIT can provide a stronger basis for comparing costs and benefits of the development of QIT. Development is an objective and a risk. Moreover, development risk reflects issues at play in the Collingridge dilemma Collingridge (1980). The exact directions of how a nascent technology will develop are unknown at early stages. Stakeholders cannot usually forecast how a technology should optimally develop and thus attempts to impose governance or even sets of guiding principles early-on can risk frustrating development. By framing development using risk-based analysis, stakeholders can assess how proposed governance responses may increase or decrease or change the uncertainty and prospects for QIT development.

2.5 Dual Use Risks

Other development-related (but not solely technical) risk categories relevant to quantum governance of particular importance include ‘dual use’ risks. These emerge when expected utilities from technological use or development are both positive and negative, i.e. potentially beneficial or detrimental Forge (2010). Dual use risks in the quantum area have been primarily focused on geostrategic risks that may emerge from dissemination or distribution of security-impactful technologies to potential adversaries. A primary focus of quantum computing risks Fedorov et al. (2018), Charu (2008) lies in the potential impact of enabling decryption of certain classically encrypted data. The heightened investment in QIT development by governments on national security grounds evidences at least the prevalence of the perception that such risks are likely to become material if QIT can be realised.Footnote 5 Dual-use technologies pose conundrums for stakeholders seeking governance responses. On the one hand, international collaboration is at the epicentre of QIT development: quantum is a truly international endeavour. While on the other, QIT research is already considered as highly sensitive, attracting governance responses such as export controls and limitations on collaboration among strategic adversaries. For example, China is emerging as a global quantum powerhouse when it comes to both theoretical and applied QIT. However, strategic competition and mistrust between China and the West is already posing limitations on how researchers in both arenas may collaborate. Lessening the degree of international collaboration on QIT will impact the development trajectories of the technology. Conversely, strategic considerations are important and ultimately take priority in terms of national interest. This presents stakeholders involved in governance with challenging multi-objective optimisation problems: how to optimise for international development of QIT while subject to geopolitical constraints on collaboration. This is a feature not just for government-funded or developed technology, but also for multinational firms operating across the strategic divide. As such, factoring in and potentially solving for dual-use objectives will be a primary feature of much governance for stakeholders with interests or operations across borders.

3 Governance Models

3.1 Overview

Framing the objectives of and process of governance is itself a complex and multifaceted process, contingent upon underlying values, institutional and social factors and stakeholder interests. Quantum governance comprises heterogeneous objectives, many of which are not necessarily consistent with each other or in form and substance require consideration of trade-offs and compromise.Footnote 6 In this work, we organise the governance stack around different governance instruments for managing multiple stakeholder rights, interests, duties and obligations. We first provide a high-level overview of the stakeholder-driven model for governance of QIT implicit in the governance stack. We then proceed to elaborate on each step of the proposed model and different parts of the governance stack in later sections. We do so in order to adopt an instrumentalist Christopher (2019) approach to governance, concentrating upon the types of instruments, such as treaties, legislation, protocols, policies and procedures, which can be used to regulate (formally and informally) relations among stakeholders, including by providing means by which rights and obligations are negotiated and disputes or differences resolved. In concrete terms, our approach involves (1) identifying categories of ‘quantum stakeholders’; (2) engaging with stakeholders around QIT; (3) identifying the interests (objectives), rights and duties of such stakeholders; (4) identifying how QIT affects such stakeholder rights and what stakeholder duties are with respect to QIT; (5) undertaking risk management assessments of such impacts; (6) identifying existing or newly required governance instruments appropriate or relevant to managing, mitigating and controlling such risks; (7) drafting or building such instruments in a consultative manner; (8) reviewing such proposed instruments for consistency, feasibility and checking they are fit for purpose and (9) finalising such governance architecture along with undertaking its implementation (involving monitoring, reporting, auditing). Such QIT governance procedures are for use by multiple stakeholders (not just governments) and reflect an adaptation of typical deliberative and inclusive governance. A diagram of this approach is set out in Fig. 1.Footnote 7 The underlying idea of our quantum governance stack model is that the procedure summarised in Fig. 1 can be adopted by the various stakeholders identified in Fig. 2. Each stakeholder can adopt the method as a way of identifying the interests, rights and responsibilities of itself and other stakeholders whose actions it may affect. The types of instruments such stakeholders may respond to such risks are set out in the boxes in Fig. 2. For each stakeholder group, we run through examples of existing governance instruments which can provide examples to draw upon for QIT governance. For example, in Fig. 3, we provide a diagrammatic summary of how firms adopting risk-management techniques may factor in QIT risks into their overall governance response.

Fig. 1
figure 1

A stepwise QIT governance process: (1) identification of stakeholders, (2) engagement with stakeholders via surveys to help (3) identify objectives, rights and duties of stakeholders relating to QIT; (4) the impact of QIT on stakeholders is then assessed with (5) a formal risk assessment of such impacts undertaken; (6) identification of existing or new governance instruments to manage such risks occurs followed by (7) draft/deliberative consultation to prepare the governance instrument (e.g. legislation, policy, principles), followed by (8) review and (9) implementation

Full size image

3.2 A Duties and Rights–Based Approach

The practical basis for governance of QIT is then usefully parsed by a taxonomic classification of the objectives, rights, duties and obligations of different quantum stakeholder groups. We pitch such an approach as the duties and rights-based approach of quantum governance: any quantum governance initiative must clearly articulate the rights, interests and duties of stakeholders. Such an account aims to provide pragmatic guidance or idealised models of governance for such stakeholders. It provides examples of the ways in which governance practices can be embedded within the specific priorities of stakeholders themselves. A duties-based approach also enables for example other stakeholders to assess their rights and duties vis-à-vis other stakeholders of different categories. It is also useful because it enables obligations and rights to be mapped as relations among stakeholders who in turn will have their own objectives and interests. Stakeholders may have rights, say to privacy, but such rights may be manifest as the obligation of a government to an individual, rather than as between individuals. Similarly, treaties may espouse rights of individuals, but not commensurate obligations to manifest such rights as between individuals using QIT. In formal jurisprudence, duties-based approaches are presaged by the concept of legal personality, recognised subjects at law, who may be accorded obligations or rights such that they have standing to seek enforcement of such rights according to law. In a normative context, such stakeholder identification is also important in establishing who may ‘speak on behalf’ of communities.Footnote 8

3.3 Formal and Informal Governance

Typical paradigms of governance contrast ‘hard’ or ‘formal’ approaches, characterised by formal legal obligations, prescription of specific procedures or regulatory criteria and delegated administrative oversight Abbott and Snidal (2000), with ‘soft’ or ‘informal’ governance, characterised by normative or unenforceable instruments. Governance literature often represents regulation along such a spectrum Ayres and Braithwaite (1992) with ‘harder’ or more formal governance characterised by formal instruments (e.g. treaties or legislation, dependent upon the relevant governance hierarchy), followed by a mixture of policy-driven government regulation and instruments to motivate private compliance (such as sanctions, punishments or incentives). Softer methods involve, at the communal level, industry codes or conduct or at the firm level Gunningham et al. (1998), Gunningham and Rees (1997), integrated risk management frameworks. Such methods are relevant considerations at step 6 in the governance stack model as set out in Fig. 1 for example.Footnote 9 QIT governance therefore necessitates a consideration of formal and informal instruments.Footnote 10

Instruments of governance can take a variety of forms. These include (i) legislation, treaties, regulatory oversight and advice bodies; (ii) formal stakeholder consultation; (iii) national strategies, agendas and plans; (iv) policy intelligence (evaluations and forecasts); (iv) networking and collaborative platforms; (v) standardisation procedures; and (vi) public instrumentalities. Idealised models of QIT should recognise the importance of socialising the rationales, motivations and drivers of governance among populations and stakeholder communities. Doing so is important to both (x) the process by which governance is developed and evolves and (y) the adherence to and enforceability of governance that is implemented, such as via legislation. Well-established deliberative procedures in modern democratic nations Dryzek (2012) are, when they do function, suited to addressing governance issues in QIT. Such practices tend to involve alerting governmental or parliamentary stakeholders to issues, either via expert or industry lobbying or community activism. This is followed by enquiries or committees that seek to examine the issues and conduct, to differing degrees of formality, usually qualitative or heuristic risk-assessments. These findings can then form the basis for recommendations and regulatory responses ranging from policy adjustments to legislative proposals. Thus, the general policy transmission mechanism Rosen and Gayer (2010), Fisher et al. (2006), Richardson (2003) provides a ready-made and tested method for handling responses to the effects of QIT. Deliberative governance is also central to how other institutions and stakeholders, such as private sector, multilateral or civil society groups respond to QIT. As noted in Holter et al. (2021), developing stakeholder engagement strategies is important in any approach to responsible innovation in the quantum sector, particularly as a method to synthesise or resolve conflict among competing objectives. Deliberative approaches to governance are crucial for effective governance of QIT at each level in the quantum governance stack.

3.4 Principles, Prescriptions and the Precautionary Principle

The ideal form of QIT governance varies between differing degrees of specificity and abstraction, involving both prescriptive and principles-based approaches. Governance requires auditing its effectiveness over time Hemenway (1980). For QIT (as others), specification of purpose or outcomes sought along with prescribing how technology should function is therefore central to the auditing and controllability of technology. Yet the extent to which such requirements can be prescribed (including in advance when the technology remains unproven) is uncertain. The challenge of specificity and generality manifests the uncertainty inherent in technological innovation Paddock (2010), with early iterations of regulation having potentially significant effects in shaping its development. The anticipatory regulation of QIT, legislatively and normatively, is an exemplary case of regulation in the face of uncertainty. QIT, while promising, are several years’ from realisation with considerable uncertainty over the developmental pathways and manifestations the technology will take. Quantum governance therefore requires careful consideration of the application of the precautionary principle Harding and Fisher (1999), the form and manner in which must balance competing trade-offs of anticipatory regulation while fostering research and development Mandel (2009).Footnote 11Footnote 12

One of the key elements of development risk is how governance responses can handle developmental uncertainty. A quantum governance stack approach (as we set-out herein) is particularly adapted to governance in the face of uncertainty. It proceeds via an understanding of stakeholder rights, interests and duties and how these fit with overall objectives of quantum development. Thus at this early stage of quantum development, activities like carrying out audits or taxonomies of quantum stakeholders as envisaged below help to specify the particular objectives, motivations and interests of stakeholders at this early stage. Such methodologies would also enable mapping of likely stakeholder trajectories, that is, likely ways in which stakeholder interests for example may evolve as the technology evolves. This might include how the interests of a quantum startup differ as their technology matures, how the interests of an academic research institution evolve as the quantum sector/industry around them develops (see for example Caltech’s partnership with Amazon) or how and where quantum investment may be prioritised by governments as the technology reaches various stages of maturity. By doing so, hard or soft governance responses (and instruments by which they occur) can be adapted appropriately to the degree of uncertainty in QIT development and stakeholder interests. Indeed given the considerable uncertainty of the developmental trajectory of QIT, soft-governance approaches are particularly useful instruments given their flexibility. Thus at early stages of QIT, policy intelligence or other soft-instrumentalist approaches such as internal policies (see Sects. 5.3 to 5.5 below) can be used to, for example, require consideration by QIT developers of potential impacts early-on. Other soft governance instruments, such as principles developed by civil society groups (e.g. see Sect. 5.6 below) or within academia can also be useful ways of shaping normative development contexts without imposing hard-instrument governance that may be inappropriate or stifle innovation. Moreover, as we argue below, empirical approaches to governance can too be important elements in managing uncertainty in how a technology like QIT develops. Such approaches involve developing dynamic governance models that respond, adjust and update according to the changing status and impact of technology.

3.5 Risk-Based Models

Governance principles and frameworks usually, owing to their generality and the discursive environments in which they are produced, subsist at a level of abstraction beyond operational specificity. A commonplace means of bridging the semantic gap between discursive governance values and operational task, goal and assurance processes is via risk management protocols. These provide variegated approaches to management of risk by or related to institutions, organisations and projects. A risk-management approach specifies methods and decision procedures for how abstract objectives, such as ethical constraints, may be operationalised by stakeholders. The use of risk-management techniques is integrated into our proposed quantum governance stack process as item 5 in Fig. 1 for very specific reasons. Risk management is a mature, ubiquitous and well-known set of techniques familiar to a plethora of stakeholders throughout governance hierarchies and within firms. Thus, it provides an ideal set of familiar methods which can incorporate QIT risks. In modern risk management literature, risk concerns decision-making under uncertainty and the effect of uncertainty upon objectives Purdy (2010). It encompasses both upside (positive) and downside (negative) risks. Risk management also ties in closely with multilateral governance in the form of international standards, including the International Standards Organisation (ISO). For example, ISO 31000 Purdy (2010) and related risk management protocols set out practical guidelines for risk assessment, management of legal risk and institutional risk.Footnote 13 These protocols Calder (2019) provide ready-made and adaptable means applicable to identifying and responding to risks including those associated with unique features of QIT. Risk management for QIT therefore requires operationally (i) an accounting of the objectives of the particular institution or activity (e.g. the policy objectives sought or the business objectives), (ii) how constraints are encoded within those objectives. Moreover, such an approach to governance in effect requires an accounting (at each level within the hierarchy) of heterogeneous objectives. this in turn enables (x) identification of how those objectives give rise to identifiable rights different stakeholders (be they individual, collective or other) and concurrently (y) how such normative rights then in turn give rise to specific, identifiable and proportionate duties of stakeholders as means by which those rights, objectives or outcomes are realised to be identified (such as the duties of say researchers in quantum theory, or engineers, or managers or policy makers).Footnote 14 Pre-existing risk management procedures which are already commonplace and standard means of operationalising governance and executing on objectives can be adapted for quantum-specific risks.

4 Technology Governance Models

4.1 Norms, Ethics and Values

Technology governance is by its nature entwined with normative and ethical assumptions about the types of objectives or outcomes that such governance seeks to achieve. Governance inherently expresses a preference (even if abstract) for one state of affairs or set of duties or obligations over another. The concept of embedding values principles or moral/ethics within technological design and governance is common across related fields that touch upon technology governance. Examples include statements of purpose or intent within formal governance instruments (e.g. legislation or treaties Vienna (1969)), case law on technological governance, scholarly jurisprudence Moses (2017), Van Grembergen (2004), Winickoff and Pfotenhauer (2018), design ethics literature Hoven et al. (2015), and ethics’ literature The Forum Network OECD (2017), Friedman (2008), Friedman et al. (2006), Lessig (2000). Ethical approaches to embedding constraints within QIT are understandably often compared with analogous and burgeoning literature on the ethics of artificial intelligence. It is important that assumptions about what values ought to be enshrined in governance or technology designed are themselves debated.Footnote 15 As we set out in item 3 of our quantum governance stack process in Fig. 1, ethics forms an important consideration when identifying the objectives, rights and duties of stakeholders. This is because often stakeholder interests are encoded in collective norms or ethical principles prevalent within societal responses to governance. Ethical statements or principles, for example, can encode certain values of stakeholders subscribing to such principles which otherwise may not be apparent from other analyses. Governance responses should consider prevailing ethical contexts relating to, for example, technological regulation, which entails considering prevailing ethical standards in like technologies (such as AI).

A recent first-pass at a set of governance principles for quantum computing is the World Economic Forum’s Quantum Computing Governance Principles World Economic Forum (2022) which set out a set of guiding taxonomy and set of principles to inform quantum stakeholders’ governance activities. These high-level principles are addressed to different stakeholder groups, such as governments, academic institutions, corporations and individuals. The principles are structured around a number of core ethical values, which are then explored via a focused analysis on different themes related to quantum governance. These include (i) transformative impact, (ii) innovation, (iii) development, (iv) privacy and security and (v) standardisation, within which objectives, opportunities, risks and recommendations are provided. The role of values in governance as abstract guiding heuristics is a feature of governance and risk frameworks generally. Principles of social benefit, accountability and transparency, equity and access, harm-minimisation tend to be ingrained in many formal and informal instruments Dworkin (1988), Raz (1986). However, governance also involves trade-offs with other stakeholder interests. Of course the nature of ‘values’ let alone which values or outcomes should be prioritised are contestable propositions. While abstract and sweeping statements about technology only being used for ‘social good’ or to meet some standard of ‘fairness’ are commonplace, in practice, the appropriateness of the values that governance might seek to encode is contested either in theory or indeed in practice. Moreover, use, deployment and dissemination of technology involves trade-offs in terms of opportunity costs. So too do decisions over resource allocation given the desire to reconcile scarcity of technology resources with demand for resources.Footnote 16

4.2 Empirical and Responsive Governance

QIT governance methods must also be dynamic, both guiding and responding to the evolution of QIT. Fundamentally this necessitates an empirical and experimental approach to ensure, as much as possible, that governance remains agile, responsive and reflective of overall priorities and objectives. Such ‘responsive regulation’ paradigms Ayres and Braithwaite (1992), Black and Baldwin (2010) aim to bypass typical debates over prescriptive (‘command and control’) approaches to regulation on the one hand and laissez-faire deregulated approaches on the other. Approaches involving decentralised regulation Black (2001) are responses to the fact that the complexity of governance means that no prescriptive model can hope to account for all possible or even all realistic technological evolutions of circumstances Baldwin et al. (2010). Importantly the coordination inimical to governance relies upon the self-policing behaviour of agents, institutions and stakeholders involved; hence, deliberative and inclusive models of governance formation are critical for effective regulation of stakeholder rights.Footnote 17 Responsive governance is evolutionary, based on estimations of the types of prospective risks envisaged at one stage of QIT development will in all likelihood require revision as QIT develops.Footnote 18Footnote 19

Table 1 Quantum governance instruments for international, national and private stakeholder contexts
Full size table

5 Quantum Governance Stack

Having reviewed the conceptual underpinnings of QIT governance in the context of technology governance overall, we now detail different features of the quantum governance stack. We proceed by focusing on different stakeholder constituencies, such as states, individuals and commercial organisations, considering their objectives, risks, rights, interests duties and obligations with respect to QIT. Such a stakeholder-centric approach argues for the importance of deliberative governance that takes into account other stakeholder interests and obligations. Stakeholder categories are not necessarily exclusive. For example, states are the primary actors in all formally enforceable governance, but we for convenience distinguish between states vis-à-vis international governance instruments and municipal governments. For each stakeholder, a number of their key objectives and risks with respect to QIT are identified, along with primary governance instruments for regulating their activities, their mooted rights and duties. A diagram of the stack is shown in Fig. 2 and a summary of relevant governance features is set out in Table 3. Some key types of instruments are set out in Table 1.

Fig. 2
figure 2

Quantum governance stack: (i) inter-state relations are mediated via public international law or multilateral instruments; (ii) government instruments include legislation, executive instruments or policy. Within states, various institutions may contribute to the governance stack, including (iii) technical communities, (iv) commercial private sector organisations, (v) public institutions, (vi) individuals and (vii) civil society groups

Full size image

5.1 International Governance

5.1.1 States and Public International Law

Existing international legal frameworks, including treaties, provide a basis for comparison and idealised governance of QIT at the transnational level. In this section, we list a few key international instruments germane to quantum governance. At an international level, states are the primary actors for which the primary governance mechanisms are (i) formal public international law instruments and (ii) multilateral institutions. The extent to which public international law does or should address governance of QIT is an important consideration of international collaboration. Public international law sets out a legal framework for relations among nation states. It is formally regarded as subsisting in four primary sources Crawford and Brownlie (2019), Zimmermann (2019): international treaties and conventions (expressing rules recognised by states), customary law, general principles recognised by states and judicial decisions, which evidence greater or lesser degrees of normative consensus among nation states. Public international law manifests primarily via states (and their controlling governments) as the relevant primary stakeholders whose rights, duties and obligations are framed within public international law instruments. Duties are generally imposed on states, but where rights may be expressed in terms of the rights of other stakeholders, such as states, institutions (e.g. international institutions) or sometimes individuals. Public international law or treaties regarding QIT will concern primarily regulation of quantum-related activity among states, though such instruments may in principle also establish or normatively frame rights of others, such as individuals.

As states are the primary agents in governance (both nationally and internationally) and the central actors in the development and implementation of both formal and informal governance instruments, state interests tend to be paramount considerations.Footnote 20 At a high level, the motivating factors for supranational governance of QIT arise primarily from the following imperatives: (i) geostrategic, namely managing the strategic risks (both upside and downside) of QIT; (ii) developmental and distributional efficiency, namely that quantum innovation (as with any other) benefits from greater cross-national and cross-disciplinary collaboration; and (iii) maintenance of agreed fundamental individual rights. Furthermore, the increasing reliance of state security apparatuses upon information security Schmitt (2021) renders modern information communication technologies (ICT) essential to the maintenance of such objectives. The unique features of QIT would potentially impact such core existential ICT functionality of states and therefore core state objectives. Other impacts and risks of mooted QIT, such as how the production, use and distribution of such technologies may impact (adversely or otherwise) the social welfare of its citizens, or meet ethical criteria, while important to state interests, can be classified as indirect interests to states in themselves, being relevant to the interests of state constituencies. States share development objectives, namely their interests in terms of national security, their economic and other core interests stand to benefit from access to and use of QIT.

Formal state instruments for quantum governance would follow the typical jurisprudential demarcation between (a) public international law instruments as between states (treaties, customary international law etc.) and (b) municipal governance instruments via legislative and executive capacities (addressed below). States already have sophisticated means of addressing novel technological developments.Footnote 21 A key element (as discussed) is the deliberative policy process behind the development and implementation of quantum governance instruments. We examine two examples below.Footnote 22

5.1.2 Case Study: Nuclear Non-Proliferation

The development and implementation of the 1970 Treaty on the Non-Proliferation of Nuclear Weapons (TNN) Treaty (1970), Popp et al. (2016) provides an example of a formal international technology governance instrument (a treaty) governing the use of a highly sensitive and geostrategic technology (nuclear weapons) which has been relatively successful. While quantum information processing will not directly have the potential for existential risk posed by nuclear weapons, SFTQC-based technologies are expected (if realised) to be a core component of state national security infrastructure. Moreover (as we discuss below), given the existential reliance of modern national security apparatuses on information, it is arguable that maintaining information security (and indeed targeting that of adversaries) may be afforded existential-level security prioritisation. The lessons from the TNN are manifold but for QIT governance, importantly, the TNN represents twofold procedural success: (i) that the TNN was able to be legislatively (via treaty) agreed through protracted deliberative procedures in a highly adversarial setting with limited stakeholder communication and trust; and (ii) perhaps even more remarkably, the fact that the key terms of the TNN, namely the reduction in nuclear weapon stockpiles, together with nuclear weapons’ control protocols, were able to be implemented within the adversarial climate of the Cold War. In particular, TNN governance provides a method for verification (auditing) regime for such highly sensitive technologies which could be adapted for QIT auditing (for example, how to verify a state’s quantum infrastructure is not being used in proscribed ways).

5.1.3 Case Study: EU AI Governance

Other institutions, such as the European Union (EU), also represent an important institutional anchor for QIT as it has done for other technology-related governance, such as data protection and, more recently, artificial intelligence. The EU is itself a treaty-based institution (or rather set of institutions) and so fundamentally anchored in sources of public international law (Treaty on European Union, Treaty on the Functioning of the European Union and related protocols). Of particular note from a quantum stakeholder perspective is the Charter of Fundamental Human Rights of the European Union, which encodes in an instrument binding upon member states certain moral/normative individual rights and freedoms, in effect setting constraints and criteria for other legislation that must be met in order to protect such rights.Footnote 23

In terms of a model for quantum governance, the EU’s recent moves to propose legislative regulation of artificial intelligence provide an example of not only the type of substantive regulatory approach that may have application to QIT, but also an example deliberative approaches relevant to quantum governance. The European Union’s proposed Artificial Intelligence Act proposal (2021), Kop (2021) provides a risk-driven model of governance for AI, with stated objectives of integration and consistency of AI with existing EU governance, facilitating AI innovation, maintenance of safety standards, preservation of fundamental rights and development of a single cohesive single market for AI (coordination). The regulation was developed via a consultative/deliberative process seeking input from AI stakeholders across academia, industry, government and civil society. The bill proposes rules for harmonising the use of AI systems, prohibiting certain uses, and heightened requirements for higher-risk AI activities, together with obligations. Surveillance, monitoring and enforcement are also provided for. One feature is a simplified risk assessment or ‘pyramid of criticality’, with less regulation applying to lower risk uses.Footnote 24 Such a model could in principle be extended to incorporate the use of QIT. Of course the challenge for such governance when it comes to quantum, as with any product-safety or even fundamental-rights based approach lies in the extent to which ‘hard’ or ‘soft’ governance approaches are adopted. The multiple objectives of quantum governance must facilitate the development of QIT, while managing various categories of risk. It must do so in a way consistent with preservation of fundamental (even constitutional) rights. This means that there is inevitably a debate around the optimal strategy for regulation, enforcement and oversight. In the main, the general precautionist approach for quantum governance would similarly see critical and high-risk uses of QIT (e.g. related to decryption in ways that could harm or transgress fundamental rights) attracting greater degrees of oversight, auditing and restrictions, including sui generis regulatory regimes dedicated to specific quantum activities. Lower-risk uses would be more pragmatically require less sui generis regulation and rely more on general governance principles.

From one perspective, there is an argument that high-risk usage of QIT may not require any sui generis regime and that rather what should be focused upon is whether the outcome of the use of technology is acceptable or whether its use for an outcome should be proscribed (see Moses (2017) for example arguments). One could in principle simply treat QIT devices, such as scalable fault-tolerant quantum computers, as ‘black boxes’ and proscribe their use for particular cases, such as decryption or certain simulations. However, one of the problems of such a generalist approach is that at some point, by subsidiary legislation or some other instrument, the exact permissible uses of technology tend to need to be specified. It is not enough to simply proceed by appeal to values or teleological aims or take a purposive approach. Regulation of most technology tends to involve specification of proscribed use cases. This is in part because law and regulation require that obligations be ascertainable, identifiable and decidable. And to the extent specificity is required or desirable, then this gives rise to specific governance legislation (for example, governing how chemicals may be used, nuclear materials may be prepared, used or transferred and so on). So there is a plausible argument that the necessity of regulatory specificity is what gives rise to sui generis regimes in many cases. Thus in the case of higher-risk and sensitive QIT technologies, specific governance instruments (such as legislation, regulation, treaties or other forms) may be needed to prescribe the use of such technology. In a geopolitical context, this might cover specific prohibitions on running certain classes of algorithms on quantum computers (or requiring that their design, if possible, prevent this), or it may require alert mechanisms (again, if feasible) for when actors (be they states or private) use QIT for particular cases correlated with proscribed activities. Thus, it is conceivable that there is or will be a necessary rationale for sui generis governance of QIT.

5.1.4 Multilateral International Institutions

Public international law also involves concepts of non-formalised regulatory approaches Guzman and Meyer (2010) which motivate state actors and multilateral institutions towards achieving regulatory objectives. Multilateral institutions are characterised as institutions comprising state actors, while international institutions (of which there are enormous number Union of International Associations (2021)) can be composed more broadly of non-state actors as well. Multilateral institutions play important roles in interstate coordination and establishing normative contexts for state practice Schermers and Blokker (2021), especially regarding technology (cases in point being the IAEA). In turn, as occurs via state legislative ratification of public international law instruments (such as treaties), such multilateral instruments influence the governance of other stakeholders, such as private institutions. The primary global multilateral institution for coalescing state governance is the United Nations (UN). UN resolutions, while usually not regarded as sources of international law, do form important secondary and normative sources motivating state behaviour which in turn can influence the development of customary international law covering QIT. UN multilateral institutions and agencies also have important normative effects, especially regarding technology and indeed may often be precursors to any QIT treaty development. Thus, the development of quantum governance principles (involving a duties-based focus on states and others) under UN auspices is an important feature of the idealised governance stack that leverages existing institutional frameworks. A recent example is the UN’s Impact of rapid technological change on the achievement of the Sustainable Development Goals and targets United Nations (2019) which provides a high-level example of synthesising technology governance concepts with established UN imperatives.

International institutions also represent important stakeholders in quantum governance. Such institutions can usefully be partitioned into state and non-state institutions, established according to different levels of governance formality. Global and international technology governance has largely proceeded through institutional practices and the development of agencies charged with coordinating governance, standards, development and auditing or enforcement practices. Such institutions include those under the auspices of treaties and the United Nations, such as the International Atomic Energy Agency. While there do not yet exist any supranational or international institutions dedicated to the multilateral coordination and governance of QIT, the particular features of QIT would naturally presage the establishment of a dedicated inter-state multilateral institution (or expansion of remits of existing agencies) to perform such coordinating functions. This is especially the case for the quantum communications pillars of QIT, where proposals for a quantum internet or networked/distributed quantum computers Kimble (2008), Lloyd et al. (2004), Wehner et al. (2018), Rohde (2021) require regulatory consistency across borders. As with the development of classical information and communications systems, standardisation and consistency of technological protocols is an important feature of the development and scaling of QIT.Footnote 25

5.1.5 Case Study: Cybersecurity Governance

The primary risk generally acknowledged regarding quantum computing is the cybersecurity risk Fedorov et al. (2018), namely the risk of enabling decryption of sensitive datasets. A less discussed but also important feature is the deliberate use of QIT to decrypt or decode classically encrypted information, such as in conflict, national security or law enforcement scenarios (it must be remembered that it is not always or categorically the case that decryption of encrypted data is necessarily ethically or morally unjustified).

When estimating how governance of quantum cybersecurity risks would be managed, it is instructive to compare existing governance responses to classical cybersecurity threats. There is no comprehensive treaty governing the use of cybertechnologies or managing cybersecurity risks for state actors Schmitt (2021). In response to the emergence of cybersecurity threats, a number of analyses of the relation of international law and cybersecurity were developed, such as various editions of the Tallinn Manual on the International Law Applicable to Cyber Warfare Schmitt (2017) (via NATO states) which initially focused on the legitimacy of offensive use of cybertechnologies, while the second edition covers also peace-time cybertechnological use. A UN United Nations (2013) report provided that international law and the UN Charter applied to the governance of information and communications technology, particularly principles regarding state sovereignty, human rights and admonishing the use of hostile cyberattacks by non-state actors. While the extent to which maintenance of state sovereignty is prioritised over other normative aims remains debatable at international law, the prevailing sentiment within soft international jurisprudence (as manifest in the second Tallinn Manual) promotes the principle that states must not conduct cyber-operations that violate the sovereignty of another state, though precisely what activities constitute violation of sovereignty remain vague Egan (2017) and even debated Wright (2018). The types of harms envisaged by such jurisprudence include permanent loss of cyber-infrastructure or intrusion into confidential state information, or even mere interference with digital infrastructure. Generic principles of state sovereignty may also permit the offensive use of QIT, for example on the grounds of necessity or in self-defence. Another principle applicable to any formal international quantum governance is the so-called due diligence principle requiring states to prohibit the use of their territory or infrastructure by others in a way that adversely affects other states, itself a principle grounded in protection of state sovereignty Corfu Channel (1949). As noted by scholars Schmitt (2021), the hortatory (normative) nature of such obligations is testament to the difficulties in prescribing or proscribing exact cybersecurity use cases for QIT in an international law context. Such questions concern state rights and duties or obligations towards other states. Nevertheless there are a plethora of international instruments embodying relationships between states and other stakeholders, such as citizens or persons. On cybersecurity grounds alone, there is little current justification for anticipatory regulation of QIT via international treaties specifically tied to QIT. However, such ICT international instruments remain lacking, thus to the extent modern ICT international law instruments were to be developed, classification of QIT within their remit would make sense.Footnote 26

In the short term, a greater motivator for governance will likely be the desire to foster the innovation and development of QIT. International cooperation and coordination is a hallmark and integral part of the development of quantum science and economic activity globally. A primary institutional forum for governance instruments promoting technology development are bilateral and multilateral trade agreements Inoguchi and Le (2020), Cottier (1996). As such multilateral institutions driving formal (and informal) trade negotiations, such as the World Trade Organisation, could play an important role in both facilitating deliberative procedures among states for consistency of quantum governance (and its commercialisation). It could also foster the types of trade and economic conditions (such as reducing tariffs) that can positively benefit collaboration on quantum. For the realisation of infrastructure such as any quantum internet Kimble (2008), Rohde (2021), international networking of QIT systems would itself on technical and governance grounds necessitate the development of protocols governing the establishment, maintenance and use of such infrastructure.Footnote 27

5.2 National Governance

5.2.1 Governments

Quantum governance at the national level is understood from a stakeholder perspective as comprising formal (governmental) and informal (non-governmental) instruments. The primary stakeholders within states are constituted governments, whose instruments of governance can be categorised as (i) legislative, via law-making institutions such as parliaments, and (ii) executive, being instrumentalities of state that execute legislation and legislatively authorised policy. The executive function of government also encompasses the use of procurement as a policy instrument to guide the development of technology. In reality, the delegated nature of governance means that even executive instruments will exercise decision-making capacity, including policy, resource allocation all the way to delegated regulatory functions, subject to municipal administrative laws. Thus far, at the national level, the majority of QIT governance initiatives have been largely confined to policy-related instruments, such as (i) national strategies, agendas or plans on quantum Made in China (2015) or (ii) policy papers Brennen et al. (2021) published by governments or their administrative departments etc. Globally only a select number of nations have national quantum strategies Countries (2021), often embedded within existing national science initiatives. Of note are programs from global leaders in quantum such as China, which has prioritised QIT as part of its most recent national strategic plan Made in China (2015), Garisto (2021). Indeed, governments play a leading role in the development of technology via direct investments, policy formation, procurement policies and public/private partnerships. Their governance architectures must be tailored to balance competing objectives of QIT development and management of its risks.

As with all direct forms of governance, governments as representative of state power represent the priority stakeholder for quantum governance regimes at national, international and policy levels.Footnote 28 Governments in addition form the primary investors in QIT, directly via research programmes (such as those funded by national defence agencies) and indirectly, via funding of academic institutions where most theory and early engineering of quantum systems has emerged. Governments (and states) are generally regarded as owing normative and implicit constitutional duties towards their collective citizenry.Footnote 29

5.2.2 Public Institutions

Public institutions in our formulation cover national instrumentalities which are established by specific public legislation but usually are afforded a degree of autonomy that distinguishes them from the direct administrative wings of governments, such as departments, or those which, while not constituted by separate legislation, are publicly funded.Footnote 30 Public institutions exhibit their own features as stakeholders. While established according to legislation and/or delegated executive authority, they are endowed with their own sets of institutional interests, shaped by the purposes for which they were established, the economic and political contexts in which they operate and by the participants (such as employees or agents) who carry out their functions. Public institutions can thus develop interests parallel to but separate from governments. Similarly, depending on their form, they may be separate legal persons with liabilities and obligations. Furthermore, they usually must balance often competing interests of other stakeholders, such as consumers, private sector companies and government itself when managing governance. These features of public institutions are relevant to how they would contribute to QIT governance (via policy development, administrative oversight or procurement) and internally, via internal policies or risk management.

Public institutions are core to technology governance globally, as exemplified by such organisations as the National Institute of Standards and Technology in the USA and the Commonwealth Scientific and Industrial Research Organisation (CSIRO), an Australian government agency responsible for scientific research. Public institutions, particularly science-related institutions as NIST and the CSIRO perform important roles in coalescing research and industry stakeholders via deliberative means. They also tend to form the core institutions upon which governments, via their own governance processes, rely upon for advice and guidance in order to develop legislative or policy responses. Thus, public institutions, particularly in the technology governance space, are likely to have in some ways an outsized influence on the overall shape of technology governance generally given their capacity to synthesise technical domain expertise with governance requirements. Public institution duties depend on the objective of the institution in question: for umbrella science organisations most likely to drive QIT governance recommendations, it will be developmental and standardisation imperatives, for consumer-facing institutions, the rights which must be assessed in quantum governance will include consumer-based rights (e.g. explainability, rights to correct, product safety). One of the challenges for public institutions involved in QIT governance will be balancing various stakeholder interests. For example, any QIT-focused public institution charged with developing, administering or enforcing public policy will likely fact trade-offs that other institutions involved in similar activities face. An analogy would include, for example, institutions governing food and drug administration in the USA (the FDA) which must balance a range of stakeholder interests, including those of consumers, government and large pharmaceutical industrials when setting rules for the development or release of new medicines.

5.2.3 Case Studies: National Quantum Governance

QIT primarily emerged out of two institutions, academia and government. Within government (which often funds academic institutions), it has primarily been defence and strategic-related instrumentalities, such as the USA’s Defense Advanced Research Projects Agency (DARPA) and others which have driven funding in the quantum sector both within the USA and also in other nations, such as Australia and Europe through strategic partnerships and direct funding of research programmes. Other nations, such as China, have positioned quantum as top national strategic priorities, such as Made in China (2015) China’s recent development plans. In the USA, legislation seeking to motivate and accelerate the development of QIT has been advanced, such as the National Quantum Initiative Act (2018) United States (2018), Raymer and Monroe (2019) (NQIA). The NQIA has as one of its stated purposes the promotion of international standards for quantum information science and technology security, including fostering quantum innovation and national security objectives (sec. 3). The NQIA also establishes a National Quantum Coordination Office to coordinate acceleration of investment in the quantum sector, together with a National Quantum Initiative Advisory Committee to advise on, among other things, prospects for international standard development regarding QIT.

The primary legislative instruments managing the geostrategic risks (and opportunities) of QIT tend to be national security-related. As discussed above, the challenge of governing quantum relates in part to its dual-use. Governance models for dual-use technologies already exist in legislative, regulatory and other forms (such as for nuclear, biotechnology and cybersecurity-related technologies Ienca and Vayena (2018), Harris et al. (2016)) and these can be used as a basis for commensurate QIT dual-use regulation. Many jurisdictions also utilise export controls, such as foreign investment export controls, to regulate dual-use risks. An example explicitly covering is Guidance Note 8 - National Security issued by the Australian Government’s Foreign Investment Review Board (FIRB) Foreign investment (2021), a regulator overseeing foreign investment and joint foreign economic activities in Australia. The note provides proposed legislative reforms to governance of, among other things, QIT deemed significant or with potential for military use. The scope of the coverage is extremely broad, covering ‘quantum computing, quantum sensing quantum encryption and quantum communications and technologies’. Effectively the rules mandate FIRB approval for foreign persons (including governments) who may obtain a broad scope of interests in critical technologies when such technologies may be used for defence or intelligence purposes of another country. While securing sensitive technologies and accounting for the realities of geostrategic risk and foreign policy applies to the use of all and any technology in a sovereign nation, the proposed rules have been criticised by other quantum stakeholders such as those in academia and the private sector as potentially stifling innovation in QIT Davidson (2021). This is in essence due to the increased regulatory burden and potential interference with international collaborations. The proposal and responses to it demonstrate the importance of stakeholder engagement in quantum governance in order to take account of the multiplicity of objectives and stakeholder interests, not simply those of one sector (such as defence).

5.3 Commercial Private Sector

Commercial private sector actors are increasingly important in the QIT ecosystem globally. By private sector, we primarily focus on corporations, including ‘quantum startups’, such as PsiQuantum, Xanadu and Rigetti but also established companies such as Google, IBM, Amazon and Honeywell who are undertaking considerable investment, research and development in the quantum sector. The quantum governance stack approach for such stakeholders involves once more accounting for the overall objectives of such stakeholders, such as maximising profit, growing a business, building scalable or useful products, along with the rights and interests of such stakeholders and those affected by their actions.

5.3.1 Corporations

The governance of corporations, businesses and companies is mandated by municipal business law, such as corporations’ law statutes and regulations. Corporations, for example, are accorded their own distinct legal personhood but must act through the delegated authority of agents (such as officers, contractors or employees) who are bound by typical duties such as the duty to act in the best interests of the company, or other fiduciary-style duties.Footnote 31 Company governance is also manifest via company policies that set out practices, routines and procedures. Such policies in turn usually encode or specify how risk is managed within the organisation Calder (2019). Thus, the governance of QIT-related activities of corporations would occur (a) externally, via the imposition of regulation and (b) internally, via the formulation of internal policies must take into account such fundamental business objectives. Most companies involved in the quantum sector have business objectives aligning with the development of (i) quantum hardware, (ii) quantum software or (iii) infrastructure related to QIT, such as that related to quantum sensing or communication. Thus, their objectives and interests align broadly with the development objectives common across other quantum stakeholders. Companies are also necessarily interested in security.

It is also worth considering the interests of the agents or employees of such companies as distinct quantum stakeholders, though this does of course overlap with individual stakeholders below. For example, a typical quantum hardware or software company will employ experts in relevant disciplines (such as quantum computational science, quantum engineering) but the question from a governance perspective then becomes what are the rights, obligations and duties (and to whom are these owed) of such individual agents within such a company. Does the average quantum algorithm designer need to modify their work practice in order to comply with quantum governance imperatives or facilitate their outcome? The development imperative of QIT (hardware or software) is integral to the set of tasks and procedures of such agents. But to what extent, for example, should a quantum algorithm designer or engineer working on a particular quantum device owe a duty to consider, for example, the impact of their design choices against normative criteria? From an idealised quantum governance stack perspective, the answer is to be found in existing firm-level risk management protocols. These set out their risk policies and include relevant intra-institutional delegation of responsibilities for management, oversight and control of risks (such as to compliance functions or officers). Moreover, specific policy frameworks that instil auditing, checks and review against governance outcomes both (a) in technical product design/development stages and (b) when products are being approved for release, can be leveraged or adapted to handle quantum-specific risks. An abstraction of firm risk management for quantum is set out in Fig. 3.Footnote 32 In conjunction with risk-management procedures, impact assessments are also another important tool for identifying the effect of QIT on certain values in ways that may not be captured by formal or quantitative risk assessments.

Fig. 3
figure 3

Quantum risk management flow for commercial and private sector stakeholders

Full size image

5.3.2 Startups

QIT has also recently become a focus for a surge in startup communities globally Finke (2015). Startup and fledgling private-sector enterprises have traditionally been a central element of the development and dissemination of technological advances Bloch (2007). The reason it is useful to distinguish between ‘startups’ and ‘established’ companies is mainly due to the fact that startup going concerns tend to operate with limited resources and higher-pressure timelines, which limits their business objectives (e.g. startup objectives differ from more mature businesses) and also the practical availability or utility of complex internal policy architecture.

5.3.3 Case Study: AI Ethics’ Toolkits

One example (among many) of the implementation of governance in a related information technology field by a large-scale company is Google’s Responsible AI Toolkit Google (2022), a set of software protocols connected to its machine learning offerings. Google’s proposals provide guidance for developers in order to help them become cognisant of particular biases, unfair practices or what are deemed to be socially or morally harmful behaviours of algorithms (such as algorithmic architectures that transgress prohibitions on classification using protected attributes of race, gender or class).Footnote 33 Google’s approach emphasises best practices for designing AI systems along with imperatives of fairness, interpretability, privacy and security. One particular element of such approaches is the focus on what is sometimes termed ‘human-centred design’ Giacomin (2014) where technology design is based around a set of objectives regarding user experience of the technology. The toolkit is of interest in that it is not simply the user experience of using their platform for technical reasons, but what might be termed the ‘user governance experience’, the experience a user has of how a system manifests governance, preserves their rights or objectives, which is emphasised. The approach provides an example for user-interaction with quantum systems both from a developer and consumer perspective.

5.4 Academia

Academic institutions, while falling within categories of either public or private institutions, are categorised as separate quantum stakeholders because of their centrality to the development of quantum science (and technology) and because they tend to have their own governance architectures within which quantum governance must sit. Academic institutions have as their primary objectives research output, pedagogical objectives (e.g. teaching and tuition) and also ancillary objectives covering institutes, initiatives or projects involving such institutions. As with most technology, academia has been the primary driver of the early-stage foundational research into quantum information processing and represents the primary institutional sector within which the overwhelming majority of both theoretical and applied research is undertaken. Governance instruments for academia generally consist of its institutional policies and guidelines, such as research policies and also its ability to dictate the terms and conditions of funding or grants for projects. Practically speaking, quantum governance by academia would consist of adopting typical risk-management frameworks that assess (i) the impact of QIT on (ii) the rights of various stakeholders affected by the prospective QIT, together with (iii) a risk-weighting and assessment of significance (remote, unlikely or speculative risks should not ideally constrain research). Universities already have well-established procedures regarding ethical impact of technology research into which such QIT-related assessments could easily fit.

Academic institutions are also pivotal and leading institutions for the development of principles and guidelines regarding the governance of technology. In addition to academic work on governance, such institutions tend to play an outsized role via the participation of academics in formal governance procedures (such as committees or treaty development) and soft-governance measures, such as principles development. A case in point is the evolution of AI ethics principles, from the Asilomar AI Principles (ostensibly developed tangentially in connection with academic conferences on AI) to the EU ethics guidelines for trustworthy AI.

5.5 Individuals

Individuals are included as stakeholders in governance analysis as ultimately all governance concerns individuals, relates to their rights and obligations and is (despite nascent moves towards automating some regulatory functions) implemented by individuals. In a quantum context, we enrich the distinctions set out in Quantum (2022) to distinguish among (i) users/consumers of QIT, (ii) producers of QIT and (iii) those impacted by QIT who are not direct consumers or producers of the technology. The types of rights, duties and obligations of individuals with respect to QIT will depend on context, including whether formal or informal governance is at issue (e.g. legislatively enshrined rights versus normative moral claims lacking legal enforceability). As consumers, individual rights are focused on matters such as product safety and informed consent. Moreover, the bedrock requirement of informed consent — or at least the opportunity to be informed if an individual wishes (as in reality most individuals do not delve into the workings of technology they use) — is an important consideration. This in practice means ensuring citizens have rights to be informed about some of the basics of how QIT works, its implications and how QIT may affect their rights. Individuals involved in the production of QIT have objectives describable in terms of overall development interests, together with personal interests (such as career, economic). They also have objectives definable in terms of the organisations of which they are part (e.g. academia, business, government). More pertinently for governance are questions of what types of duties individual agents within quantum sectors might owe and to whom.

Individual objectives coincide with their interests and duties which are in turn normatively and formally constituted. The instruments of individual governance are of course those to which other legal persons are subject within a state, such as legislation, regulation and common law (for example). Much governance is directed fundamentally at preservation of individual rights, albeit non-uniformly internationally and within states. These are typically encoded in charters, legislation or constitutionally which have, from a technology governance perspective, the effect of (where applicable) imposing constraints or additional requirements upon technology development or use. Examples include autonomy-based rights (the right to be informed, principles of consent of the governed etc., accountability/explainability) and the right to be free from harm. QIT need not reinvent the wheel on this score. Numerous institutional practices exist for identifying and responding to technology impacts on individual/fundamental rights. However, there is also legitimate debate as to whether traditional governance instruments remain fit for purpose in preserving fundamental rights in the face of rapidly emerging technologies, including any that may emerge from QIT in the future.

Where QIT stakeholders can add value is in parsing the estimated or likely risk and impact of QIT (which may be direct or indirect where QIT is merely part of a broader product or operation) and, in particular, pushing back against potential unjustified hyperbole about downside risks of QIT. Thus for stakeholders involved in QIT governance, it is paramount that the deliberative governance processes involved factor in the impact of their activities upon core individual rights overall.Footnote 34 Such a rights-based assurance or superstructure approach is common globally and is reflected in such seminal instruments as UN charters on individual (human) rights, multilateral declarations and treaties covering rights, as well as individual rights under customary, common and code-based law. Understanding the impact upon individual rights is imperative for other quantum stakeholders when considering their involvement in QIT and designing their own governance instruments. We set out a (non-exhaustive) table of some select rights (as set out in various UN charters)Footnote 35 and speculative ways in which they may be impacted by QIT in Table 2.

Table 2 Some speculative impacts of QIT on individual rights
Full size table

5.6 Civil Society

Civil society groups are an important stakeholder in most societies, and include groups such as trade unions, political parties, charities or privately constituted associations which receive public or other funding. Civil society institutions tend to have objectives covering social change, securing some conception of justice or improve outcomes for their constituencies (which may be the population as a whole), advocacy functions, charitable or welfare objectives. Civil society groups play important roles within communities regarding (a) the development and deliberation of governance; and (b) the socialising and acceptance of governance, including through outreach. Such groups play (and historically have played) an important role in how technology is governed within societies.Footnote 36 Another key civil society stakeholder are media participants and journalists, whom play an important role in setting agendas, highlighting risks and drawing attention to issues requiring governance responses.

Civil society group objectives are defined in the main by the constituencies they represent and ideologies they advocate. One of the overall risks to consider from quantum governance is the role that misinformation, hype or ignorance may play on how public responses to QIT plays out over time. Importantly, not all civil society groups are engaged in idealised rational debate nor are such constituencies necessarily responsive to empirical evidence, e.g. about QIT or its impacts. As is abundantly evident, most recently with culture war debates over vaccines or climate science, conspiracy theories and misinformation about the impact of technologies can have significant impacts on public responses and more formally on how governance stakeholders, such as politicians, respond to technology-related governance. At the more severe end of misinformation spectrum, conspiracy theories can have significant effects on governance such as adherence to best practice by constituencies suspicious of technology. By contrast, civil society groups also fulfil an important role in countering such misinformation and ignorance in ways that foster environments conducive to rational governance, such as academies of science or other institutions.Footnote 37 Moreover, ensuring open and transparent accessibility for journalistic reporting on QIT will be a crucial element of civil society contributions to governance.

5.6.1 Case Study: Ethical AI Frameworks

An example of civil society input is in the realm of ethical AI. The last half-decade has seen a surge in awareness of ethical issues and the requirement of governance of information technologies with potential for profound impact, such as artificial intelligence and automated systems. The OECD’s AI observatory OECD (2021) notes over 700 initiatives on AI governance across 60 countries, including (i) national initiatives and strategies, agendas and plans (primarily consisting of national strategies, development plans for AI, proposals for trustworthy AI), (ii) coordination and monitoring bodies, (iii) public consultation processes and (iv) public sector governance. Civil society institutions have been instrumental in raising awareness of AI ethics’ issues and driving governmental responses globally (such as prohibitions on facial recognition or emotional profiling). The response to potential AI impact, while different from QIT due to its later technological maturity, provides useful case studies for stakeholders considering how to analyse and anticipate QIT governance.

5.7 Technical Communities

In the context of governance, technical communities comprise those industry groups, institutes and other collective associations whose activities involve research, development of standards and coordination. Examples in the information technology sphere include the multilateral International Organization for Standardization (ISO) and industry association, the Institute of Electrical and Electronics Engineers (IEEE). Technical communities also overlap with other stakeholder groups, such as academia where quantum research groups also form in effect technical communities of practice and expertise. Technical communities thus form institutions with their own collective interests, agendas and, depending on their legal structure, rights and obligations. As such, technical societies are properly considered distinct stakeholder groups despite overlap with other categories articulated above. Technical communities are a critical and fundamental basis of technology governance both in respect of imperatives like standardisation but also in terms of setting out proposals for risk management specific to technology. The primary objective of technical communities is the promotion and development of their technical subdisciplines in a theoretical and applied context. They also play an important role in coordinating the translation of theoretical research into applications and act as conduits for coordination among other stakeholders involved in technology, such as academia and industry.

As communities of practice, technical communities’ primary contribution to governance lies in the development of subdisciplines themselves via research output, the development of standards. Voluntary codes of conduct Johnson (2018), Webb (2004) represent another form of behavioural standardisation and self-regulation among technical communities across different technology sectors. Standards represent critical governance instruments due to their effect on research and development, coordination, production and market penetration of technologies Tassey (2000).Footnote 38

As with civil society groups, technical communities play a significant role in contributing to technical information germane to technology governance, especially regarding capabilities and risks of particular impacts. In addition, their crossover with other stakeholder groups, such as industry, means that their soft-governance influence extends through to for example corporate governance or policy and other areas in ways that other civil society groups do not. At a pragmatic level, the development of (a) standards and (b) codes of conduct via deliberative procedures represents probably the most beneficial type of activity that technical communities can participate in at the very early stage of quantum governance.Footnote 39 Indeed, standardisation can often become intertwined with other stakeholder interests such as those of nation states or private sector actors whom seek to preserve their own interests via the shaping of technical standards. Given the importance of QIT to national security, it is foreseeable that international standardisation procedures will involve such strategic considerations. Examples in other technological domains, such as international standard setting for atomic energy and technology, illustrate how standard setting in an adversarial geopolitical context might be undertaken for QIT.

5.7.1 Case Study: IEEE

Industry associations such as IEEE (discussed above) are also playing an increasing role in the development of standards for quantum information (as they have been instrumentally involved for other technologies such as Wi-Fi) — standards are developed as deliberative initiatives of stakeholders. The IEEE is the world’s largest technical professional ICT organisation (active in over 160 countries with nearly half a million members). It has been instrumental in developing standards that shape ICT sectors globally. The structure of the IEEE involves numerous technical societies under the umbrella of technical councils, running hundreds of standardisation and governance programs. Existing standards include protocols for quantum communication (IEE P1913), QIT definitions (IEEE P713) and performance metrics and benchmarking (IEEE P7131). The IEEE is an example of an industry body exemplifying how technical communities can bridge the gap. One analogous early proposal albeit short on detail for management and governance of quantum computing is based upon adapting COBIT (Control Objectives for Information and Related Technology) principles developed by ISACA (Information Systems Audit and Control Association), an information-technology sector industry association Blanco and Piattini (2020).

5.7.2 Case Study: Internet Governance

While the focus of this paper leans towards formal governance instruments (given the primacy of sovereign states as the loci of enforcement), an important counterpoint to state-centric governance involving a multitude of civil society and technical community groups is illustrated by the evolution of internet governance. As a (perhaps the) primary information technology infrastructure globally, the internet developed as with many technologies under considerable uncertainty. As such, the types of governance responses and norms applicable to it have tended to map the decentralised and collaborative approach. Modern norms of internet governance tend to emphasise the role of a range of non-state actors together with states in deliberating how to regulate facets of the technology. Thus, states, academic institutions, technical organisations and the commercial sector play a role in development of underlying norms as encoded in protocols of varying formality Dany (2013). Examples include the 2005 Tunis Agenda for the Information Society (which established participatory governance models and venues), various World Summits on the Information Society and other initiatives (the 2014 NETmundial Initiative and Multistakeholder Statement of Sao Paulo) Fraundorfer (2017) embedding multi-stakeholder approaches Haggart et al. (2021). This preference for multistakeholder and non-state directed protocol governance led to the establishment of bodies such as ICANN and IETF Carr (2015). This meant that state actors were already faced with governance norms embedded not just via principles, but in practice across economies which become difficult to displace via formal instruments. The cost of unwinding such norms together with the functionality of such protocols has been in part responsible, then, for the continuation of the multilateral approach. This is an example of how early-stage technology norms can embed into routines of technological use in ways that render them relatively robust as more and more infrastructure or economic activity becomes dependent upon them. In effect, the governance architectures become ‘sunk costs’ that are difficult to unwind. It is conceivable that QIT could develop in parts similarly. However, it should be noted that, in respect of internet governance, despite such a multilateral provenance, scholars are increasingly questioning whether there has been a resurgence in the role of the state (see Haggart et al. (2021) for a recent review).

6 Conclusion

QIT governance globally represents an important emerging branch of technology governance applicable to what is potentially among the most profound set of technologies ever created. As we have discussed in this article, regulating nascent technology such as QIT requires a delicate anticipatory balancing act in anticipatory framing of uncertain outcomes and risks. For this reason, an awareness of governance methodologies and deliberative processes among stakeholders charged with oversight of QIT and those impacted by QIT is crucial. In this paper, we have aimed to provide an overview of key characteristics features that the governance of QIT should exhibit. These include conceptual understandings of how early-stage and highly uncertain innovative technology is best regulated and the need to treat fostering innovation and QIT development as an explicit goal of governance themselves. QIT is not emerging into a governance vacuum: a variety of well-established responses exist across the governance landscape. As a model of governance, the quantum governance stack introduced in this article aims to provide a basis for systematically thinking about governance from the perspective of stakeholder rights, duties and interests. The governance stack explicitly identifies the hierarchies of hard and soft governance regimes involving states, governments, private actors, individuals and civil-society groups together with the types of formal and informal instruments applicable to their regulation. As summarised in Figs. 12 and 3, the quantum governance stack advocated herein provides a systematic series of steps that stakeholders can adopt to help frame their governance response to QIT. A high-level summary of the quantum governance stack structure for reference is set out in Table 3.

Importantly, as with all idealised governance, process is key. QIT governance best practice involves inclusive and deliberative engagement of a variety of stakeholders, from states, to citizens, to civil and public institutions to the commercial sector in a way that enables stakeholder interests to be advanced and compromises reached. Such technology governance must be responsive based on (a) the state of technology at the time; (b) resource and economic requirements for its development; and (c) assessments and estimates of the near-term and future impacts of such technology. In this article, we have set out a prospective taxonomy of stakeholders and governance instruments according to which early QIT governance initiatives might proceed at any level in the quantum governance stack. Quantum governance should not be an exercise in looking through the glass darkly as a ward against the anxiety of uncertainty. Rather, governance must explicitly factor in maintaining and fostering the conditions for the development of QIT itself in both the public and private sectors in order to facilitate the flourishing of the technology and its potential benefits.

Table 3 Quantum governance stack. A matrix illustrating for different quantum stakeholders (rows) types of governance instruments (columns)
Full size table