The European Union is actively shaping the digital future of its financial sector through a series of landmark regulatory initiatives. While the Digital Operational Resilience Act (DORA) and the Artificial Intelligence (AI) Act are already major focuses for banks, the upcoming Quantum Act signals a new, strategic dimension to technological governance.
This regulatory push is critical, as DORA's Information and Communication Technology (ICT) risk mandates and Network and Information Security 2 (NIS2) Directive's security requirements already compel a transition toward cryptographic resilience; this is essential for addressing emerging threats, specifically the potential compromise of currently encrypted data by advanced quantum computers. The European Commission is expecting to propose its legislative framework governing quantum technology in Q2 of 2026, following its publication of the Quantum Europe Strategy in July 2025.
The Quantum Strategy: Security and innovation
The quantum strategy of the European Union is a multi-pillar initiative designed to secure European technological sovereignty and leadership in quantum technologies by 2030. For the banking sector, the strategy is defined by a critical duality: an immediate security imperative and a long-term innovation opportunity.
The security imperative: This pillar addresses the immediate risk of data compromise and the need for cryptographic readiness. The most urgent element is the coordinated EU-wide push for Post-Quantum Cryptography (PQC); this push is driven by new regulations like DORA and NIS2, to mitigate the "harvest now, decrypt later" cyber threat against sensitive financial data.
The innovation opportunity: This pillar focuses on leveraging public investment to gain a competitive edge through advanced quantum capabilities. The strategy centers on building shared resources, such as the European quantum communication infrastructure and the competence clusters. This infrastructure creates avenues for banks to pilot quantum algorithms for complex optimization problems—such as advanced portfolio risk modeling, liquidity management, and high-dimensional fraud detection—thereby translating public investment into private-sector advantage.
The Quantum Act: Legislative framework
The anticipated Quantum Act (Q2 2026) is the legislative vehicle designed to institutionalize and fund the ambitions of the quantum strategy. It is structured as a two-pillar framework that integrates risk-based regulation and industrial policy. For the financial services sector, the Act will primarily deliver governance, supply-chain resilience, and standardized accessibility; it is expected to:
solidify long-term public funding for the European quantum communication infrastructure and the network of open-access quantum computing testbeds, establishing clear rules for industry to access these strategic resources for research and development.
drive the industrialization of the European quantum ecosystem by incentivizing investment in production facilities, thus securing a stable and sovereign supply chain of PQC-compliant hardware crucial for DORA readiness.
mandate the development of harmonized EU Quantum Standards (likely involving bodies like CEN/CENELEC and the European Union Agency for Cybersecurity, or ENISA) to ensure interoperability and simplify the regulatory compliance pathway for banks adopting new quantum-safe cryptographic solutions and hardware.
Ultimately, the Quantum Act will transition the PQC compliance requirement from a fragmented national concern into a unified, legislatively supported, and industrially backed European transition.
Strategic outlook
The EU’s new digital rules are now clearly leading us toward a future protected by quantum security. The planned Quantum Act will be the legislative mechanism to operationalize the goals of the July 2025 Strategy into must-do rules for how banks operate and secure data. Banks that fail to initiate a timely Post-Quantum Cryptography (PQC) transition will face significant security vulnerabilities and material competitive disadvantage under the DORA and NIS2 frameworks. By leveraging the Act's provisions—such as harmonized EU Quantum Standards, secure supply chains, and public quantum computing access—banks can transform their need for cryptographic compliance into a powerful starting point for creating better risk modeling and optimization tools.
Crucially, quantum machine learning (QML) algorithms promise to radically accelerate the training and efficacy of sophisticated AI models, offering breakthroughs in areas like hyper-personalized financial advice and advanced anomaly detection. By providing a computational foundation for next-generation data processing, quantum technologies are set to become a core enabler for future Agentic AI systems across the financial ecosystem. Ultimately, the strategic foresight demonstrated by European banks in embracing this quantum transition today will be the critical determinant of their enduring competitive advantage and resilience in the digital economy of tomorrow.
Related links
LEARN MORE
Innovating with purpose
Moody’s is incorporating cutting-edge technologies, such as artificial intelligence, to help banks meet their existing challenges more effectively.