September 2025 was defined by a cluster of U.S. federal quantum policy signals: the White House began preparing executive actions on quantum technology and PQC migration, NIST finalized key operational guidance for post-quantum cryptography, and the administration’s FY2027 R&D priorities memo placed quantum information science at the top of the federal research agenda. Beyond Washington, ETSI approved a new Technical Committee on Quantum Technologies, Singapore’s MAS published results from a QKD financial sector sandbox, and the trilateral quantum cooperation framework among the United States, Japan, and South Korea held its first meetings.
United States: White House Preparing Quantum Executive Actions
What happened. On September 19, Nextgov/FCW reported that the White House was developing executive actions focused on quantum technology and post-quantum cryptography migration. Sources indicated that one to three separate orders had been in the works since early summer, with post-quantum cryptography migration deadlines for federal agencies expected to be the central element. The actions would build on the expired National Quantum Initiative Act, which has been awaiting congressional reauthorization since 2023, and give additional force to draft OMB guidance circulated earlier in 2025 requiring agencies to prepare phased PQC migration plans.
Why it matters. The reporting confirmed that the Trump administration was treating quantum technology as an executive priority on par with AI, where a national action plan had been released in July 2025. With the NQI Act expired and reauthorization stalled, executive action represents the primary available lever for maintaining coordinated federal quantum policy. The emphasis on PQC migration timelines is particularly consequential: if the orders set agency-specific deadlines (or accelerate the existing 2035 target), it would convert what has been guidance into something closer to a compliance obligation. Federal contractors and IT vendors selling to government would face clearer expectations on when quantum-resistant products must be in place.
What remains unclear. Whether the executive actions will consolidate quantum innovation policy and PQC migration into a single order or separate them. Whether a deadline acceleration from 2035 to 2030 (reported by CyberScoop as under consideration) will survive internal review. Whether the orders will address quantum technology export controls or supply chain security. How these executive actions will interact with the nearly dozen quantum-related amendments filed to the FY2026 NDAA.
Who should care. Federal agency CISOs and IT leadership. Government contractors and vendors in cybersecurity and networking. Quantum computing companies seeking federal procurement signals. Congressional staff working on NQI reauthorization.
United States: NIST Finalizes PQC Implementation Guidance
What happened. On September 18, NIST published two documents advancing the practical implementation of post-quantum cryptography. SP 800-227, finalized after a public comment period and workshop earlier in 2025, provides recommendations for securely implementing and using key-encapsulation mechanisms (KEMs), including the post-quantum ML-KEM algorithm standardized as FIPS 203. The same day, the NCCoE released draft CSWP 48, which maps PQC migration capabilities to the NIST Cybersecurity Framework 2.0 and SP 800-53 Rev. 5 controls, giving organizations a structured method for expressing PQC migration as auditable risk management rather than an isolated technical project.
Why it matters. The August 2024 publication of PQC algorithm standards (FIPS 203, 204, 205) answered the “which algorithms” question. SP 800-227 and CSWP 48 begin answering the “how to implement them” question. SP 800-227 is particularly important for organizations deploying hybrid key exchange (combining classical and post-quantum algorithms), which is the dominant transitional approach. The explicit prohibition on reusing ephemeral KEM keys, added in response to public comments, resolves a practical ambiguity that could have led to insecure deployments. CSWP 48’s mapping to existing risk frameworks means that chief information security officers can now integrate PQC migration into compliance and audit workflows they already use, rather than treating quantum readiness as a separate initiative.
What remains unclear. When CSWP 48 will be finalized. Whether OMB will reference SP 800-227 in forthcoming agency migration guidance (the statutory deadline for which, under the Quantum Computing Cybersecurity Preparedness Act, appears to have passed without public action). When FIPS 140-3 validated implementations of ML-KEM will become broadly available, given that the September 2026 FIPS 140-2 sunset will restrict federal procurement to FIPS 140-3 modules only.
Who should care. CISOs and cryptographic architects at federal agencies and their contractors. Security product vendors preparing FIPS 140-3 validation submissions. Compliance and audit teams at financial institutions and critical infrastructure operators. Standards bodies tracking PQC implementation guidance across jurisdictions.
ETSI: New Technical Committee on Quantum Technologies Approved
What happened. On September 30, the European Telecommunications Standards Institute announced that its Board had approved the creation of Technical Committee on Quantum Technologies (TC QT). The committee’s scope covers quantum communications, quantum networking, quantum sensing, satellite quantum communications, quantum random number generators, and quantum security. Mark Pecen of EigenQ was designated to convene the kick-off meeting, scheduled for December 2025. ETSI stated that TC QT will support European policy objectives including contributions to the European Quantum Act and the European Chips Act, and will support the European Quantum Communication Infrastructure (EuroQCI).
Why it matters. ETSI’s quantum standards work dates to 2008, when it established a group on Quantum Key Distribution. The elevation to a full Technical Committee signals that quantum technologies have moved from a niche specification area to a recognized domain requiring coordinated, cross-sector standardization. TC QT’s broad scope, spanning communications, sensing, and security, positions it as potentially the most comprehensive quantum standards body in Europe. Its explicit mandate to support the forthcoming European Quantum Act means that TC QT outputs could directly shape EU regulatory requirements. For companies developing quantum products for the European market, TC QT participation will be a primary channel for influencing specifications.
What remains unclear. How TC QT will coordinate with existing ETSI groups working on quantum-adjacent topics, including the Industry Specification Group on QKD. What the relationship will be between TC QT specifications and CEN/CENELEC standardization work. Whether TC QT will prioritize interoperability standards for EuroQCI deployment or focus first on broader technology-neutral frameworks.
Who should care. European quantum technology companies. Telecom operators planning quantum network deployments. Standards professionals tracking the intersection of the European Quantum Act and technical specifications. Non-European vendors seeking market access in the EU.
Singapore: MAS Publishes QKD Financial Sector Sandbox Report
What happened. On September 29, the Monetary Authority of Singapore, together with DBS, HSBC, OCBC, UOB, SPTel, and SpeQtral, published a technical report on the completion of a proof-of-concept sandbox evaluating Quantum Key Distribution for secure communications in the financial sector. The sandbox, which followed an MoU signed in August 2024, validated the potential of QKD to strengthen cyber resilience in financial services. A hybrid QKD and PQC approach was tested, combining both technologies for layered security. The report identified challenges including the need for stronger security assurance for trusted nodes and greater interoperability between QKD providers.
Why it matters. This is one of the first completed regulatory sandbox exercises anywhere that tests quantum-safe communications specifically for the financial sector, with a central bank as a participant rather than just an observer. The involvement of four major banks (DBS, HSBC, OCBC, UOB) alongside both a fiber network operator and a quantum satellite communications company gives the results practical weight. The finding that hybrid QKD-PQC approaches are viable, but that trusted node security and interoperability remain barriers, provides a realistic assessment of where QKD stands for financial sector deployment. MAS’s willingness to publish both the opportunities and the gaps sets a useful precedent for other financial regulators considering quantum-safe adoption frameworks.
What remains unclear. Whether MAS will move from sandbox to a formal regulatory framework or guidance on quantum-safe communications for financial institutions. What timeline, if any, MAS envisions for requiring quantum-safe protections in financial sector networks. Whether the interoperability challenges identified will slow QKD adoption relative to the PQC-only approach favored by most other financial regulators.
Who should care. Financial regulators globally, particularly those in the ASEAN region. QKD hardware and satellite communications companies. Bank technology officers evaluating quantum-safe options. Policymakers weighing QKD versus PQC-only approaches for critical infrastructure protection.
United States, Japan, South Korea: Trilateral Quantum Cooperation Meetings
What happened. On September 5, the U.S. Department of State announced that the United States, Japan, and the Republic of Korea held two Trilateral Quantum Cooperation meetings during the same week, in Seoul and Tokyo. Experts from government and industry shared best practices and discussed methods to protect quantum ecosystems from physical, cyber, and intellectual property threats. The meetings built on existing bilateral agreements: the U.S.-Japan Tokyo Statement on Quantum Cooperation (December 2019) and the U.S.-South Korea Joint Statement on QIST cooperation (April 2023).
Why it matters. The trilateral format is new. While the United States has maintained bilateral quantum cooperation with both Japan and South Korea, bringing all three together introduces a minilateral coordination mechanism for quantum policy in the Indo-Pacific. The focus on protecting quantum ecosystems from IP theft and cyber threats suggests that technology security, not just research collaboration, is the core agenda. This aligns with broader allied efforts to develop trusted supply chains for critical technologies. For Japan and South Korea, whose bilateral relationship has historically been complicated, quantum cooperation offers a relatively low-friction domain for three-way coordination.
What remains unclear. Whether the trilateral format will become a recurring mechanism or was a one-time event. Whether the discussions will produce formal deliverables such as joint principles on quantum technology security. How this trilateral channel relates to other multilateral quantum initiatives, including the Quad and G7 frameworks.
Who should care. Indo-Pacific quantum technology companies and research institutions. Government officials working on technology security and export controls. Defense and intelligence agencies tracking quantum cooperation among allied nations.
Also in September 2025
The Qatar Investment Authority joined PsiQuantum’s USD 1 billion Series E funding round, which valued the photonic quantum computing company at USD 7 billion. It was QIA’s second publicly disclosed quantum investment in 2025, following its co-leadership of a EUR 100 million round for Alice & Bob in January.
The EuroHPC Joint Undertaking inaugurated VLQ, its second quantum computer, at IT4Innovations in Ostrava, Czechia. The 24-qubit superconducting system, supplied by IQM, was co-funded by EuroHPC JU and the LUMI-Q consortium at a cost of approximately EUR 5 million.
The Swiss National Science Foundation announced the results of the Swiss Quantum Call 2024, approving 13 projects for CHF 16 million across quantum computation, sensing, simulation, and communication.
Algeria’s Ministry of Higher Education established the country’s first National Doctoral School in Quantum Computing for the 2025/2026 academic year, distributing 27 doctoral positions across five universities, building on a master’s program launched in 2023.
Sector-specific impact assessments, timeline analyses, and cross-jurisdictional comparison tables for each development in this briefing are available to Quantum Policy Radar subscribers.