The European Union is preparing to introduce the Quantum Act, a legislative initiative aimed at strengthening the bloc’s position in quantum technologies and ensuring the security of its financial sector. This move follows earlier regulations such as the Digital Operational Resilience Act (DORA) and the Artificial Intelligence (AI) Act, which have already set new standards for technology governance among European banks.
Recent regulatory measures, including DORA’s ICT risk requirements and the Network and Information Security 2 (NIS2) Directive, require organizations to upgrade their cryptographic defenses. These efforts are intended to protect sensitive data from potential threats posed by future quantum computers that could break current encryption methods. The European Commission plans to present its proposed legislation on quantum technology in the second quarter of 2026, after publishing its Quantum Europe Strategy in July 2025.
The EU’s quantum strategy has two main objectives: enhancing immediate cybersecurity and fostering long-term innovation. The first pillar focuses on addressing current risks by promoting Post-Quantum Cryptography (PQC). New regulations encourage a coordinated approach across member states to prevent scenarios where stolen encrypted data could be decrypted later using advanced quantum techniques.
The second pillar aims to leverage public investment in shared resources such as a pan-European quantum communication infrastructure and competence clusters. These initiatives will enable banks to experiment with quantum algorithms for tasks like portfolio optimization, liquidity management, and fraud detection—potentially giving them an edge over global competitors.
The upcoming Quantum Act is expected to provide a comprehensive legal framework that institutionalizes these ambitions through risk-based regulation and industrial policy. For financial institutions, this means clear governance guidelines, enhanced supply-chain resilience, and standardized access to essential resources. The Act will also:
– Guarantee long-term funding for critical infrastructure projects like open-access quantum computing testbeds.
– Promote investment in production facilities for PQC-compliant hardware.
– Require harmonized EU Quantum Standards developed with organizations such as CEN/CENELEC and ENISA to streamline compliance for banks adopting new cryptographic tools.
This legislative effort aims to replace fragmented national policies with a unified European approach backed by industry support.
Looking ahead, these digital rules are set to shape a future where financial operations are protected by advanced quantum security measures. Banks that delay implementing PQC risk facing increased vulnerabilities under DORA and NIS2 frameworks. However, those leveraging new standards and infrastructure may find opportunities not only for compliance but also for improving their internal models used in risk assessment and fraud detection.
Quantum machine learning is anticipated to significantly enhance AI model training speed and effectiveness—benefiting areas such as personalized financial services or anomaly detection—and providing foundational capabilities for next-generation AI systems within finance.
More information about the timeline of the proposal can be found at https://finance.ec.europa.eu/news/commission-present-eus-new-quatum-strategy-and-timeline-propose-quantum-act-july-2025-07-10_en. Further details on how this act fits into Europe’s broader strategy can be accessed via https://digital-strategy.ec.europa.eu/en/policies/quantum-technologies.
