Policy guidelines to facilitate collective action towards quantum-safety: Recommended policy guidelines to aid and facilitate collective action in migration towards quantum-safe public key infrastructure systems

As the development of quantum computers advances, actors relying on public key infrastructures (PKI) for secure information exchange are becoming aware of the disruptive implications. Currently, governments and businesses employ PKI for many core processes that may become insecure or unavailable when quantum computers break the cryptographic algorithms foundational to PKI. While standardization institutes are currently testing quantum safe cryptographic algorithms, there are no globally agreed-upon cryptographic solutions available. Actors looking to prepare for the implementation of quantum safe cryptographic algorithms lack methods that allow for collective planning and action across organizations, sectors, and nations. The goal of this policy paper is to elicit requirements for a serious game on QS PKI, and derive policy guidelines that actors can use to prepare and formulate governance arrangements. We followed a two-step approach, drawing on technology threat avoidance theory and collective action theory, followed by empirical grounding through a focus group. The results from the literature confirm that a serious game could be a suitable governance mechanism for QS PKI. The focus group results discussed 12 requirements and the requirement's relation to the theoretical background. From this, the findings section arrived at four policy guidelines derived from the requirements that can function as focus areas for further requirement development and as input for policy makers. The policy guidelines concluded are (1) prioritize increasing collective awareness through emphasizing social networks, (2) acknowledge the interdependencies in migrating towards QS PKI, (3) create an understanding of the technical standards in the field and their issuers, and (4) being highly realistic with both negative and positive scenarios to center the players’ understanding of real-world impact.