A key benefit of quantum computing is that it may, in the future, enable a very substantial increase in computing power.  This could create significant benefits, in the life sciences and financial services sectors (see our prior posts on the potential implications for these sectors here and here).  However, it also creates potential risks.  In particular, it could lead to the breaking of many of the encryption methods currently used by governments and businesses alike.  As commercially-viable quantum computers become an increasing reality, organisations must prioritise “quantum readiness” and specifically migration to post-quantum cryptography (“PQC”).

In this post, we set out a brief overview of the main steps that regulators and industry bodies (including the U.S. National Institute of Standards and Technology (“NIST”), the UK National Cyber Security Centre (“NCSC”), and the EU Agency for Cybersecurity (“ENISA”)) have indicated businesses should take to move towards PQC and protect their data and systems from the risks posed by quantum computing.

Continue Reading Post-Quantum Cryptography: A Practical Guide

Since our prior post on Singapore’s Model AI Governance Framework for Agentic AI, Singapore’s Infocomm Media Development Authority (“IMDA”) has published an updated version (Version 1.5) (the “Updated Framework”), incorporating feedback from over 60 organizations.

The Updated Framework, published on May 20, 2026, retains the same four-pillar structure—(1) assess and bound the risks upfront, (2) make humans meaningfully accountable, (3) implement technical controls and processes, and (4) enable end-user responsibility—but expands the guidance in several notable respects. These include a new discussion of multi-agent systemic risks, more granular guidance on technical controls, and real-world case studies illustrating how the Framework can be applied across sectors. We summarize some of the key updates below.

Continue Reading Singapore Updates Model AI Governance Framework for Agentic AI

Today, the California Public Utilities Commission (“CPUC”) issued a decision revising and clarifying its regulatory framework for providers of interconnected voice over Internet protocol (“iVoIP”) services.  Most notably, the decision reopens the window for iVoIP providers to demonstrate that they do not provide services subject to a new license type that would, among other things

Continue Reading California Reopens Opt-Out Period for Certain Interconnected VoIP Licenses and Refines Associated Regulatory Framework

The UK Government today announced that it intends to ban social media platforms from offering services to children under 16, alongside wider restrictions on certain online functionalities that the Government has identified as harmful to children.

The announcement follows the conclusion of the Department for Science, Innovation and Technology’s (“DSIT”) consultation, “Growing up in the online world,” which received more than 116,000 responses (we originally wrote about that consultation here). The Government intends to bring the first regulations to Parliament before the end of the year using powers created by the Children’s Wellbeing and Schools Act 2026 (“CWSA”), with protections expected to come into force in Spring 2027. Today’s announcement is the latest in a series of significant developments reshaping the UK’s online safety framework. We summarize some of these latest developments below.

Continue Reading Online Safety in the UK: Social Media Ban for Under 16s and Other Recent Developments

Much of the attention on the European Commission’s recent proposal for a Cloud and AI Development Act (“CADA Proposal”) has focused on its proposed cloud sovereignty framework, the implications for cloud service providers and public sector cloud use, and the mechanisms intended to encourage data centre development in the EU (we discuss those aspects of the CADA Proposal in more detail in our post here).

But the CADA Proposal also contains several express references to the development of the EU quantum computing sector, which suggests that quantum computing may be embedded within the EU’s wider cloud, AI, and data centre strategy, and that the Commission may promote the development of the technology in that context (rather than treating it as a separate technology policy issue). That approach is consistent with the Commission’s July 2025 Quantum Strategy and its expected proposal for a Quantum Act later this year, both of which focus on building the industrial base for quantum computers in Europe (we describe the Quantum Strategy and the likely themes of the forthcoming Quantum Act in our prior post here).

In this post, we outline the two main mechanisms through which the CADA Proposal would support the development and deployment of quantum computing in Europe, in advance of the Quantum Act.

Continue Reading How the European Commission aims to promote the EU quantum sector through the Cloud and AI Development Act

On 3 June 2026, the European Commission (“Commission“) published its proposal for a Regulation establishing a framework of measures for strengthening Europe’s cloud and AI ecosystem—the Cloud and AI Development Act (“CADA Proposal“). The CADA Proposal sits at the heart of the Commission’s broader Tech Sovereignty Package (which we describe at

Continue Reading The EU Cloud and AI Development Act in Depth

On May 28, 2026, the European Union Agency for Cybersecurity (“ENISA”) published the third edition of its NIS360 report, an annual benchmarking tool that assesses the cybersecurity maturity of entities in the sectors set out in Annex I of the NIS2 Directive (which includes certain entities in the energy, transport, healthcare, digital

Continue Reading ENISA’s NIS360 2026 report highlights both the criticality of the European space sector, and flags a persistent cybersecurity maturity gap

In an 8-1 ruling, the U.S. Supreme Court upheld the FCC’s authority to issue forfeiture penalties against telecommunications companies found in violation of the agency’s Customer Proprietary Network Information (“CPNI”) rules. The impact of this ruling is that the FCC may continue to enforce its rules through forfeiture orders, but that such orders do not

Continue Reading Supreme Court Upholds FCC Authority to Levy Fines Against Cellphone Carriers

On 19 May 2026, the European Commission published its long-awaited draft, non-binding guidelines on the classification of high-risk AI systems (“HRAIs”) under the EU AI Act (the “Guidelines”). Across three documents—covering general principles, high-risk classification in the context of regulated products (Annex I), and high-risk use cases (Annex III)—the Commission sets out its approach to one of the AI Act’s central questions: when does an AI system fall within the high-risk regime (and, just as importantly, when does it not)?

Continue Reading EU AI Act Update: The European Commission Publishes Draft Guidelines on HRAIs

Last month, the Illinois Department of Human Rights (“IDHR”) released draft regulations addressing employers’ use of AI in employment decisions and invited public comment. The IDHR will hold a hearing on the draft regulations on June 10, and the public comment period will close on June 29.

Background

HB 3773 (the “Amendment”), which amended

Continue Reading Illinois Department of Human Rights Seeks Public Comment on Draft AI Employment Regulations