Navigating the frontiers of privacy and quantum readiness
The General Privacy Symposium that took place in venice during April 2026, served as a primary international convening environment for coordinating global privacy issues, drawing expertise from regions spanning Canada to Australia. There is a shift toward the integration of Artificial Intelligence (AI) and Quantum technologies into national economic and security strategies.
Key takeaways include the urgent need for transition toward Post-quantum Cryptography (PQC) and Quantum Key Distributions (QKD), despite the economic challenges of justifying immediate investment. Modern cybersecurity must move beyond defence to focus on resilience, containment, and the vital role of human professional practice in maintaining critical infrastructure when systems fail.
AI regulation and national strategic visions
The symposium addressed the evolving landscape of AI as both an economic driver and a regulatory challenge, discussions centred on how nations are positioning themselves to lead in this space:
- Alberto Gago (AESIA) detailed the Spanish vision of AI as a central driver of the economy.
- Taiwan is actively seeking to integrate software capacities into its existing “silicon shield.”
- Industry perspectives from experts like Clare Hickie and Barbara Cosgrave advocate for outcome-based regulations. They suggest that while systems for international operations are inherently complex, they should be designed to deliver simplicity and intuitive compliance: integrating legal considerations directly into the design phase and utilising standards to achieve global scale.
Quantum communication and post quantum data protection
Our Managing Consultant, Brendan Rowan, participated in the session “Quantum communication and post quantum data protection” focused on communicating the relevance and opportunities driven by quantum technologies in the applications of Post-quantum Cryptography and Quantum Key Distributions.
While the exact timeline for when quantum computing will be capable of cracking current encryption remains unknown, the consensus is that preparation must begin immediately.
- Standardisation timelines: developing and implementing standards through bodies like NIST and ENISA is a multi-year process.
- The investment dilemma: CIOs face a difficult “hard sell” regarding quantum readiness. The cost of overhauling the internet’s standard trust basis is high, and the risk is perceived as “unclear” in terms of when it will materialise.
Laure Le Bars offered a reframing: while much of the conversation tends to focus on risk, she pointed to the role of the QUIC ecosystem in advancing the opportunities that quantum technologies can make accessible. Quantum is not a single, unified concept, but a broad and evolving field with multiple applications and implications.
Antonio Lioy focused on understanding the prioritisation and need to act in terms of for how long does a particular data need to be confidential, less than 10 years and we don’t really need to be discussing PQC. On the other hand he raises that the risk is not in the accessing of data but in perhaps the manipulation of timestamps and content from the past.
Homer Papadopolous, gave the view on standards and the need to invest across them internationally, through efforts like INSTAR but also touched on why and where quantum communication makes sense.
Cybersecurity resilience
PQC and QKD is part of a readiness and response for all tech stacks. The threat of post-quantum era is the current context of AI driven cyber attacks and resilience but considered in the management of diverse and resilient technology stacks. Your system will be infiltrated and will be attacked, the question is more how you can identify it, contain it and reduce down time to a milisecond through distributed systems and using the hourglass view (CEI Sphere) to deliver on this.
We also need to recognise the value of the humans involved, how professional practice and experience can mitigate when systems fail to keep our trains on the tracks and our hospitals operating, adapting and driving new processes in the absence of a centralised system but trusting each other and delivering on their professional commitments.