Governance
Quantum Governance, Standards Bodies, and Compliance Vendors
Quantum governance, compliance platforms, standards bodies, and regulatory agencies. QSECDEF independent directory for quantum governance organisations.
Standards bodies and regulators do not build products. They write the rules that determine which products get deployed, in which jurisdictions, and on what timeline. For organisations managing quantum security compliance programmes, this tab is where the authority chain lives.
NIST defines the algorithms: ML-KEM, ML-DSA, SLH-DSA, and the forthcoming FIPS 206. The NSA and CNSS set the US government migration deadlines under CNSA 2.0. ETSI's Industry Specification Groups for QKD and Quantum Safe Cryptography produce the technical standards for quantum communications. The NCSC in the UK, ENISA and ANSSI in Europe, and BSI in Germany each publish migration guidance that applies to the regulated entities in their jurisdictions. The ITU-T Study Group 17 coordinates international quantum-safe network requirements. None of these organisations are commercial vendors. All of them are worth tracking.
The Governance tab is organised into four informational sub-categories: International Standards Bodies (ISO, ITU-T, IEEE, IEC), National Standards and Metrology Institutes (NIST, NPL, PTB, BIPM), Cybersecurity Agencies and Regulators (NCSC, NSA/CNSS, ENISA, BSI, ANSSI, CISA), and Telecom and Industry Alliances (ETSI ISG QKD, ETSI ISG QSC, IETF, 3GPP, GSMA). These entries carry no commercial tier and no booking CTA. They are reference listings.
The Governance tab also includes commercial compliance vendors: GRC platform providers and audit firms whose primary deliverable is regulatory compliance with quantum-security mandates. If you are preparing a board-level briefing on your organisation's regulatory exposure, this tab is the fastest way to map which bodies have authority over your sector and what they have published.
Governance companies
Reference Organisations
Standards Bodies, Regulatory Agencies, and Cybersecurity Organisations
Reference listings. No commercial tier. Included for completeness.