February 2024 brought a cluster of quantum policy actions across multiple jurisdictions, with the most consequential touching export controls, financial regulation, R&D investment, workforce development, and regulatory design. France became the third EU member state to adopt national export licensing requirements for quantum computers, following the Netherlands and Spain. Singapore’s Monetary Authority of Singapore issued one of the first sector-specific quantum cybersecurity advisories from a financial regulator anywhere. The United Kingdom announced £45 million in new quantum funding, including the first dedicated fund for quantum adoption in government, and separately published a first-of-kind advisory report on how to regulate quantum technologies. Finland committed €23 million to a quantum-specific doctoral program, the largest single European workforce investment in quantum education to date.
France: Quantum export controls extend Europe’s unilateral control regime.
What happened. On February 2, 2024, France adopted an export control order requiring licenses for exports of quantum computers and related technologies to destinations outside the European Union. The order covers quantum computers (classified under control entry 4A906), specially designed software (4D901.b.3), and related technology (4E901.b.3), and took effect on March 1, 2024. The legal basis is Article 9 of EU Regulation 2021/821, which allows member states to impose national export authorization requirements on grounds of public security.
Why it matters. France is the third EU member state, after the Netherlands and Spain, to adopt unilateral quantum export controls under the Article 9 mechanism. The pattern is now clear: a coalition of European governments is building a patchwork of national controls on quantum technology exports without waiting for a formal EU-wide measure or multilateral Wassenaar Arrangement consensus. This matters for two reasons. First, it creates operational compliance complexity for exporters, who now must track divergent national licensing regimes across EU member states. Second, it signals that quantum computing has crossed a threshold in European threat assessments, placing it alongside advanced semiconductors as a technology warranting pre-emptive trade restrictions. The classification numbers (4A906 series) align with the approach taken by the Netherlands, suggesting at least informal coordination among the three states, though no formal EU-level harmonization measure has yet been adopted.
What remains unclear. Whether additional EU member states (particularly Germany or Italy) will follow with similar controls under Article 9. Whether the European Commission will move toward a harmonized EU-level quantum export control regulation, which would supplant the current national patchwork. How broadly or narrowly France will interpret the licensing thresholds in practice, given that the order does not appear to include publicly disclosed technical performance parameters.
Who should care. Quantum hardware manufacturers exporting from France. Export compliance officers at multinational quantum firms with European operations. EU trade policy officials. Dual-use technology policy analysts tracking the evolution of European economic security measures.
Singapore: MAS becomes one of the first financial regulators to issue quantum cybersecurity guidance.
What happened. On February 20, 2024, the Monetary Authority of Singapore (MAS) issued Circular No. MAS/TCRS/2024/01, titled “Advisory on Addressing the Cybersecurity Risks Associated with Quantum,” addressed to CEOs of all financial institutions. The advisory recommended that institutions maintain an inventory of cryptographic assets, identify critical assets for priority migration to quantum-resistant technologies, and assess whether existing systems could support crypto-agility. MAS also encouraged financial institutions to develop risk mitigation strategies for assets that cannot immediately transition to post-quantum cryptography and to consider proof-of-concept trials with quantum security solutions.
Why it matters. This is among the first advisories from any financial regulator globally that specifically addresses quantum cybersecurity risk at the sectoral level. While NIST’s post-quantum cryptography standardization process and various national cybersecurity agencies have issued general guidance, MAS’s circular is distinctive in two respects: it is directed at a defined, regulated population (all financial institutions under MAS oversight), and it specifies concrete operational steps including cryptographic asset inventories, priority migration planning, and proof-of-concept trials. The advisory signals that financial regulators are beginning to treat quantum risk as a supervisory matter, not merely a research concern. For global financial institutions operating across jurisdictions, the MAS advisory may foreshadow similar actions from other financial regulators in 2024 and 2025.
What remains unclear. Whether MAS intends to make any of these advisory recommendations mandatory through future Technology Risk Management Guidelines updates. Whether other financial regulators (the European Central Bank, the Bank of England, the U.S. Office of the Comptroller of the Currency) are preparing comparable sector-specific quantum advisories. How financial institutions will operationalize the cryptographic asset inventory requirement, which presupposes visibility into encryption usage that many organizations currently lack.
Who should care. CISOs and CTOs at financial institutions in Singapore and globally. Financial regulators in other jurisdictions. Post-quantum cryptography vendors and consultancies targeting the financial sector. Standards bodies working on financial services technology standards.
United Kingdom: £45 million investment pairs hardware testbeds with public sector quantum adoption fund.
What happened. On February 5, 2024, UK Science Minister Andrew Griffith announced £45 million (~$57 million) in new quantum funding, split between two programs. The UK Research and Innovation Technology Missions Fund and the National Quantum Computing Centre invested £30 million in seven quantum computing testbed prototypes covering trapped-ion, superconducting, photonic, and neutral-atom architectures. A further £15 million was allocated to the Quantum Catalyst Fund, delivered by Innovate UK and DSIT, to support six projects developing quantum solutions for public sector applications including healthcare diagnostics and transport. The investment sits within the broader National Quantum Strategy’s ten-year £2.5 billion commitment announced in March 2023.
Why it matters. The investment is notable less for its size than for its structure. The £15 million Quantum Catalyst Fund represents one of the first government programs anywhere explicitly designed to drive public sector adoption of quantum technologies (as distinct from R&D funding). This addresses a gap that quantum industry figures, including Sir Peter Knight, Chair of the UK National Quantum Technologies Programme Strategic Advisory Board, have identified: governments fund quantum research generously but rarely act as early buyers. The testbed investment, meanwhile, creates a national facility offering access to multiple hardware architectures in a single site, a model that could inform similar testbed strategies in other jurisdictions. February also saw the separate publication of the Regulatory Horizons Council’s report on quantum technology regulation, which proposed a pro-innovation, application-specific approach with 14 recommendations. Taken together, these two actions suggest the UK is attempting to build a complete policy stack: funding, testbed infrastructure, public sector demand generation, and early regulatory design.
What remains unclear. Whether the Quantum Catalyst Fund model will be scaled beyond the initial six projects. Whether the RHC’s recommendation to regulate quantum applications rather than the platform technology will hold as quantum capabilities mature and cross-cutting risks (particularly in cryptography) become more acute. How the testbed prototypes will transition from 15-month development exercises into sustained national infrastructure.
Who should care. Quantum hardware vendors competing for UK testbed contracts. Public sector technology officers evaluating quantum readiness. Regulators in the UK and other jurisdictions considering when and how to regulate quantum technologies. Other national quantum strategy offices looking at testbed and demand-side investment models.
France: ANSSI publishes protocol-level guidance for post-quantum cryptographic transition.
What happened. In February 2024, France’s national cybersecurity agency ANSSI published technical guidance on adapting TLS 1.3, IPsec, and SSH protocols for post-quantum cryptography. The guidance recommends a hybrid approach combining classical and post-quantum algorithms and outlines a three-phase transition timeline extending through 2030. Phase one emphasizes pre-quantum security with optional post-quantum cryptography; phase two encourages hybrid deployments; phase three, beginning after 2030, anticipates standalone post-quantum cryptography. ANSSI indicated that the first French security certifications for products implementing hybrid post-quantum cryptography were expected in 2024 or 2025.
Why it matters. This is among the most technically detailed government guidance documents on post-quantum migration for specific network protocols published to date. While NIST’s PQC standardization process and NSA’s CNSA 2.0 suite provide algorithm-level direction, ANSSI’s guidance addresses the protocol-level implementation questions that network operators and system integrators will actually face: how to deploy post-quantum algorithms within TLS, IPsec, and SSH stacks, and on what timeline. The three-phase approach, with hybrid mandated before standalone PQC, reflects a pragmatic recognition that cryptographic transitions take years to complete across complex infrastructure. The certification timeline also matters: if ANSSI begins certifying hybrid PQC products in 2024 or 2025, France would become one of the first countries with a formal product evaluation pathway for post-quantum solutions.
What remains unclear. Whether the guidance will evolve into mandatory requirements for operators of essential services or critical infrastructure under French or EU regulation (such as NIS2). How ANSSI’s hybrid recommendations will interact with NIST’s final PQC standards (published August 2024). Whether other EU cybersecurity agencies will adopt compatible or divergent technical guidance for the same protocols.
Who should care. Network security engineers and architects implementing TLS, IPsec, or SSH. Vendors seeking Common Criteria certification for post-quantum products in France. Cybersecurity policy officials in other EU member states. Operators of critical infrastructure planning cryptographic migration timelines.
Finland: €23 million quantum doctoral program signals European workforce push.
What happened. On February 7, 2024, the Finnish Ministry of Education announced the Quantum Doctoral Education Pilot Program (QDOC), allocating €23 million (~$25 million) for 90 new doctoral researcher positions across eight universities and research institutes. The program was organized around the Finnish Quantum Flagship and included collaboration with 14 companies offering thesis topics and internships. Positions were set to start between August 2024 and January 2025, running through 2027.
Why it matters. At 90 doctoral positions with industry co-supervision, QDOC represents one of the largest single government-funded quantum workforce programs in Europe. The design is worth noting: it integrates doctoral training with industry from the outset, rather than treating workforce development as a separate activity from R&D. For a country of 5.5 million people, the scale of commitment is disproportionately large relative to population, reflecting Finland’s bet that quantum talent can become a competitive advantage. The program also sits alongside Finland’s broader initiative to recruit 1,000 new doctoral students across all disciplines, suggesting that quantum has been prioritized within national higher education strategy. The challenge, common across European quantum workforce initiatives, will be retention: whether graduates remain in Finland’s quantum ecosystem or are absorbed by larger markets in the US, UK, or Germany.
What remains unclear. What the industry co-supervision model will look like in practice, and whether the 14 participating companies will commit to hiring graduates. Whether Finland will extend the program beyond 2027 or expand to include master’s-level training. How QDOC graduates will be tracked to assess retention within Finland or Europe.
Who should care. Quantum companies seeking to hire in Europe. Higher education policy officials designing quantum workforce programs. Other small and mid-sized countries considering how to build quantum talent pipelines without the scale advantages of the US or China.
Also in February 2024
New Zealand’s Defence Minister Judith Collins announced that Australian officials had been asked to work with New Zealand on potential opportunities under AUKUS Pillar II, the technology-sharing component covering quantum technologies, AI, cyber, and other areas. While formal membership decisions remained distant, the announcement marked the first public step by New Zealand toward possible engagement with AUKUS’s quantum and advanced technology collaboration framework.
The National Research Council of Canada announced funding for 11 Canadian firms to work with UK partners on quantum projects in networking, sensing, scalable computing solutions, and supply chain development, selected through a bilateral Canada-UK call for proposals.
Belgium’s Flanders and Wallonia regions both participated as funding partners in a Eureka multilateral call for proposals on applied quantum technologies, involving national funding bodies from 16 countries. The call, open through May 2024, was the first Eureka call dedicated specifically to quantum technologies.
Kenya gazetted the Computer Misuse and Cybercrime (Critical Information Infrastructure and Cybercrime Management) Regulations, 2024, establishing frameworks for cybersecurity monitoring and incident response. While the regulations do not specifically address quantum threats or post-quantum cryptography, they create the institutional infrastructure within which future quantum-readiness requirements for critical infrastructure could be implemented.
Detailed analysis of each development in this briefing, with cross-jurisdictional comparison tables and sector-specific risk assessments, is available to Quantum Policy Radar subscribers.