Insider Brief
- A new study advocates for a standards-based governance model for quantum technologies, arguing it provides a more flexible and globally coordinated alternative to premature regulation.
- International standards organizations like ISO, IEC, IEEE, and NIST are already developing frameworks for quantum terminology, interoperability, security, and risk management.
- The authors propose a dedicated Quantum Technology Quality Management System (QT-QMS) to guide responsible innovation, integrate ethical and legal considerations, and streamline future regulatory compliance.
An international team of legal and policy scholars argue that voluntary international standards, not government regulation, offer the most promising framework for governing quantum technologies in their early stages of development.
Writing in Science, propose a “standards-first” governance model that prioritizes global technical and quality standards over premature regulatory intervention. They assert that consensus-based standards—like those set by the International Organization for Standardization (ISO) and the Institute of Electrical and Electronics Engineers (IEEE)—can mitigate risk while fostering innovation and international cooperation in quantum science.
Quantum technologies, spanning computing, communications, sensing and metrology, are quickly developing and transitioning from lab to the marketplace. Their potential impact ranges from drug discovery to code-breaking, and from economic disruption to national security. In parallel with this technological acceleration, patent filings in quantum have grown tenfold in two decades, according to the study. Yet this progress has outpaced policy development, raising fundamental questions around governance and risk management.
Keeping up With Quantum Innovation
According to the researchers, traditional regulatory regimes may be too slow, rigid, or fragmented to address the fluid and global nature of quantum innovation. However, standards are faster to evolve, broadly applicable across borders, and more flexible in implementation. The team defines standards as voluntary, consensus-built frameworks that set shared technical and quality benchmarks that can guide innovation and global coordination without imposing legal mandates.
Standards also provide a framework for building trust, reducing ambiguity and laying a foundation for eventual regulation — again, without stifling innovation during the nascent stages of technology development.
In quantum’s current phase — where applications are largely pre-commercial and risks still theoretical — global standards can offer consistent technical language, testing protocols, interoperability guidelines and benchmarks. These mechanisms can help governments, industries and researchers align efforts, prevent fragmentation, and coordinate around shared goals.
The paper distinguishes between two types of standards critical to this framework. The first includes technical standards, such as those for defining quantum computing terminology or encryption protocols. The second involves Quality Management Systems (QMS), which guide how technologies are developed, maintained, and audited. QMS frameworks — like ISO 13485 in the medical device industry — provide governance scaffolding that is often adopted voluntarily but serves as a bridge to future regulatory compliance.
In fact, rather than reinventing the wheel, the researchers suggest that the International Organization for Standardization, among other standards organizations, create a template for guiding the quantum industry.
“Making standards the basis of a governance model is a promising approach at this early phase when most issues are technical rather than tied to specific real-world applications,” the researchers write. “International standards facilitated by organizations such as the International Organization for Standardization (ISO), the International Electrotechnical Commission (IEC), and the Institute of Electrical and Electronics Engineers (IEEE) can offer tangible advantages by creating shared definitions, performance benchmarks, and technical protocols that foster global interoperability. ISO includes more than 170 national bodies working on international consensus standards across 839 committees with a strong track record. Since 1946, ISO has created more than 25,000 standards and supporting documents covering almost all aspects of technology, management, and manufacturing.”
The study specifically calls out the newly established ISO/IEC Joint Technical Committee 3 (JTC3) on Quantum Technologies, launched in January 2024. This committee brings together experts from the U.S., Europe, China, Japan and South Korea to coordinate terminology, benchmarks and interoperability standards across the quantum ecosystem. Projects under this initiative range from quantum resource simulation requirements to machine learning datasets and energy efficiency in quantum computing.
IEEE, NIST and European standards bodies are also active, focusing on post-quantum cryptography, hybrid classical-quantum systems, and network security. These initiatives illustrate the scope and momentum behind quantum standards already in motion—an important point made by the authors to counter calls for immediate regulation.
A key example is the U.S. National Institute of Standards and Technology (NIST), which is finalizing post-quantum cryptographic standards designed to resist attacks from quantum computers. These efforts, the researchers suggest, show that standards can proactively address security risks without the delays and constraints of legislation.
However, the researchers caution that standards are not a panacea. Technical standard-setting can be skewed by dominant players, potentially leading to lock-in effects or anti-competitive behavior. International standards processes can also reflect geopolitical tensions and may require safeguards to ensure legitimacy, inclusivity, and equitable participation.
Quantum Technology Quality Management System
Despite these challenges, the researchers maintain that standards offer the best near-term path to governing quantum development responsibly. Unlike regulation, which may be mismatched to rapidly evolving technology, standards can adapt swiftly, encourage compliance through incentives rather than mandates, and bridge disparate international approaches.
The team recommend building a comprehensive Quantum Technology Quality Management System (QT-QMS) through ISO/IEC. This would incorporate technical, ethical, legal, and societal considerations—referred to as ELSPI—and provide structured guidance for development, testing, deployment, and risk management across the quantum technology lifecycle.
The proposed QT-QMS could align with existing standards like ISO 27001 for information security, ISO 27005 for risk management, and ISO 42001 for AI governance. In this integrated system, standards become the common language and operational framework that links innovation with trust and accountability.
This approach also enables regulators to incorporate standards by reference — simplifying future compliance, allowing for third-party certification and harmonizing audits across jurisdictions. As mentioned, the medical device industry offers a compelling precedent: ISO 13485 is widely accepted in both the U.S. and European Union and is used to demonstrate compliance with each region’s regulatory frameworks. Similarly, a QT-QMS could help governments streamline oversight without rewriting laws every time technology advances.
The standards-first model offers another advantage: it allows countries with different political systems and legal traditions to coordinate governance through shared technical protocols rather than binding treaties. This is especially important in a field where geopolitical competition — between the U.S., China, and Europe — complicates attempts at unified regulation. The standards process can sidestep these frictions and instead focus on building consensus where cooperation is still possible.
Nevertheless, the authors concede that regulation will still be necessary, particularly in defining red lines for high-risk applications, such as quantum-enhanced surveillance or military uses. They view standards as a foundation, not a substitute, for smart, targeted regulation once real-world deployments begin.
The authors conclude: “By adopting a holistic governance approach that builds on the ongoing standardization efforts, policy-makers and stakeholders can foster a globally aligned framework that promotes innovation, ensures interoperability, and addresses societal concerns. The governance choices made today will greatly influence the trajectory of these transformative technologies, shaping their future societal impact.”
The team included Mateo Aboy, University of Cambridge; Urs Gasser, Technical University of Munich and I. Glenn Cohen, and Mauritz Kop, both of Stanford University.
