In 2018, I started writing my doctoral thesis on artificial intelligence and law. At the time, most people in the legal world thought AI was either science fiction or someone else’s problem.
I spent years watching businesses underestimate it – until the new EU AI Act, and a wave of regulatory pressure made it impossible to ignore. The regulatory wave is just beginning and most businesses are still catching up.
Now I’m watching the same pattern repeat itself with quantum computing. And this time, I think the stakes are higher.
What quantum computing actually means for your business
You don’t need to understand qubits or superposition to understand the risk. Here’s what matters: quantum computers will eventually be able to break the encryption that protects most of the world’s sensitive data today.
Not in a distant, theoretical future. In a timeframe that’s relevant to decisions being made right now.
The encryption protecting your contracts, your intellectual property, your financial data – it was designed for a world before quantum. That world is ending.
The threat that’s already here
There’s a concept in cybersecurity called “Harvest Now, Decrypt Later.” It means exactly what it sounds like.
Sophisticated actors are already collecting encrypted data today, storing it, and waiting for quantum computers powerful enough to decrypt it. Your data doesn’t need to be readable now. It just needs to be worth reading later.
If your business holds data that needs to remain confidential for the next 10 to 20 years (and most businesses do) this is not a future problem. It’s a present one.
The legal dimension no one is talking about
Most conversations about quantum computing focus on the technology. Few focus on what it means for governance, compliance and legal liability.
The National Institute of Standards and Technology finalized its first post-quantum cryptography standards in 2024. The EU’s NIS2 Directive requires organizations to manage cybersecurity risk across their entire supply chain. Regulators are moving.
The question for boards and legal teams is no longer whether to address quantum risk. It’s whether you’ll address it before or after something goes wrong.
What I’m doing here
I built my career at the intersection of technology and law. In 2025 I co-founded AI Business Studio to help technology companies navigate AI regulation.
Quantum is the next frontier. On this blog, I’ll be tracking it the same way I tracked AI – from the legal, strategic, and business perspective, before it becomes obvious.
If you’d rather be early than sorry, you’re in the right place.
For legal and strategic advisory on AI and emerging technology, visit AI Business Studio.
