Cybersecurity in the financial sector and the quantum-safe cryptography transition: in search of a precautionary approach in the EU Digital Operational Resilience Act framework

An ever more digitalised financial sector is exposed to a growing number of cyberattacks. Given the criticality and interconnectedness of this sector, cyber threats here represent not only operational risks, but also systemic risks. In the long run, the emerging cyber risks include developments in quantum computing threatening widely used encryption safeguarding digital networks. Globally in the financial sector, some initiatives have already been taking place to explore the possible mitigating measures. This paper argues that for an industry-wide transition to quantum-safe cryptography the precautionary principle is relevant. In the EU, financial entities now have to be compliant with the Digital Operational Resilience Act strengthening ICT security requirements. This research traces the obligation to adopt quantum-resistant precautionary measures under its framework.