Singapore releases draft quantum and agentic AI governance frameworks

Draft quantum computing guidelines

Quantum computing has the potential to threaten current public-key cryptography and, by extension, long-term data confidentiality and data integrity.

These draft guidelines (Guidelines) set out a practical path for organisations to begin addressing that potential threat now rather than reactively after quantum-capable systems become widely available.

1. Quantum-Safe Migration Handbook: This is an operational guide for organisations, with specific emphasis on owners of Critical Information Infrastructure. It covers discovery of cryptographic assets, risk-based prioritisation, phased-migration planning, and testing- and post-migration monitoring.
2. Quantum Readiness Index: This is a self-assessment and benchmarking tool covering five domains across quantum readiness: Governance, Risk Assessment, Training and Capability, External Engagement, and Technology and Agility. It is designed to help organisations identify gaps and set priorities in regards to their quantum readiness posture.

Key features:

• The Guidelines reframe quantum preparedness as a governance priority rather than a purely technical task, requiring board level oversight and cross functional coordination among internal IT, security, legal and business teams.
• The Quantum Readiness Index is specifically designed to be adaptable across sectors, allowing organisations to tailor assessments to their specific risk profiles and operational contexts.

Introduction of draft addendum on securing Agentic AI

The draft addendum on Securing Agentic AI (Addendum) builds on Singapore’s 2024 AI Guidelines on Securing AI Systems and its Companion Guide, focusing specifically on agentic AI systems, those capable of autonomous decision-making and goal-setting. It aims to help organisations identify and mitigate risks associated with these autonomous systems.

Among other key elements, the Addendum:

• Introduces capability-based risk-framing that distinguishes agentic systems from other assistive models;
• Offers practical controls, such as workflow mapping to reveal autonomy related risk points and human-in-the-loop oversight and scenario-based testing to mitigate the risks of agentic AI; and
• Offers case guidance that illustrates controls for coding assistants, automated client onboarding systems and fraud detection models.

Practical implications and takeaways for international organisations

As Singapore and other nations continue to review, and enhance, their regulatory frameworks for AI and other frontier technologies like quantum computing, businesses should take heed. Some starting points to consider include:

• Evaluate Cryptographic Resilience: Review the Quantum-Safe Handbook and apply the Quantum Readiness Index to identify relevant vulnerabilities and develop a phased migration strategy toward quantum-safe encryption.
• Strengthen AI Governance: Review the Addendum to design governance frameworks that address the unique risks of autonomous AI, focusing on oversight and accountability.
• Align Internal Functions: Ensure legal, compliance, cybersecurity and other relevant teams in your organisation are coordinated and informed about these emerging standards and regulatory expectations.
• Public Consultation: Contribute to the public consultation process which is open until 31 December 2025.

As mentioned, the Guidelines and Addendum on Securing Agentic AI are open for feedback from 22 October to 31 December 2025. Comments can be submitted to the CSA at aisecurity@csa.gov.sg. The full documents are available here:

1. Draft for Public Consultation - Quantum-Safe Handbook (Oct 2025).pdf
2. Draft for Public Consultation - Quantum Readiness Index (Oct 2025).pdf
3. Draft Addendum on Securing Agentic AI [For Public Consultation].pdf

For any assistance on understanding the impact of the Guidelines and/or Addendum, feel free to reach out to the authors or your usual Hogan Lovells contact.

Authored by Charmian Aw, Ciara O'Leary, and Rosen Chen.