The European Commission is expected to table its Quantum Act proposal this quarter. Adoption is targeted for Q3 2027. That gap – between proposal and law – is where the real regulatory work happens: trilogue, amendments, political compromise, and all the provisions that get quietly narrowed before the final text lands in the Official Journal.
We are still in the strategy phase. Not the regulatory phase. And that distinction matters more than most commentary acknowledges.
What the Act is actually trying to fix
The Quantum Act has three stated objectives: coordinating quantum research and innovation across member states, scaling up industrial capacity – including pilot production lines for quantum chips – and reinforcing supply chain governance. It builds on the Quantum Europe Strategy published in July 2025, and is designed to complement existing EU instruments – the Chips Act and the EuroHPC Joint Undertaking – rather than replace them.
The governance gap it is trying to close is structural. Europe has the scientific base – roughly one third of quantum companies globally are EU-based, and European suppliers account for close to half the hardware and software components used in quantum computers worldwide. But Europe attracts only around 5% of global private quantum investment, compared to over 50% for the US. That is not a research problem. It is a commercialisation and capital problem.
An industrial policy instrument alone may not be enough to close it.
The compliance clock that isn’t waiting
The most urgent part of the quantum regulatory picture is not the Quantum Act. It is post-quantum cryptography – and it already has hard deadlines.
NIST finalized its first three PQC standards in August 2024. The US has set a compliance deadline of January 2027 for all new national security systems to be quantum-safe. NIST has signalled that algorithms vulnerable to quantum attacks will be deprecated by 2030 and removed from standards entirely by 2035.
The EU does not yet have equivalent binding deadlines. That is a governance gap worth tracking – not because the threat is theoretical, but because the “harvest now, decrypt later” problem operates on a timeline that does not wait for legislative procedures. Adversaries collecting encrypted data today are planning to decrypt it once quantum computers reach sufficient capability. The window for proactive migration is finite, and it is already narrowing.
What the Act will and won’t change
Once adopted, the Quantum Act is expected to create a binding EU-level framework for quantum R&D coordination, establish pilot production lines with public co-financing, and introduce systematic monitoring of quantum supply chains – including the chip supply chain, which is currently largely outside coordinated EU oversight.
What remains open is whether it will introduce risk classification logic – the kind of tiered accountability structure that defines the AI Act – or remain primarily an industrial policy instrument focused on investment and infrastructure. The impact assessment is still underway. The call for evidence closed in late 2025.
That question has real legal consequences. If the Act stays in the industrial policy lane, the harder governance questions – liability, accountability, transparency in quantum-enabled systems – will need to be answered elsewhere.
The intersection nobody is mapping yet
There is one issue I find consistently underexplored in the current debate: how the Quantum Act will interact with the AI Act.
Quantum machine learning is not a hypothetical. As quantum hardware matures, hybrid quantum-classical architectures will be deployed in systems that are simultaneously subject to AI Act obligations and whatever framework the Quantum Act establishes. The question of which set of rules governs, and who bears responsibility when such a system causes harm, does not have an answer yet.
Building that answer after the architecture is locked in is significantly harder than building it now. That is not an argument for rushing regulation. It is an argument for thinking about it deliberately, while there is still room to decide what comes next.
Dr Agata Konieczna | @DrKonieczna
For legal and strategic advisory on AI governance, visit AI Business Studio
