What is QSECDEF?
QSECDEF is an open public forum for the quantum security and AI security community. Anyone working in the field, researching it, or affected by it can join the public conversation. Read insights, follow events, participate in open briefings, engage with members through publicly accessible channels. The threshold for the open forum is interest in the subject, not credentials.
Within that open forum, expert membership is a separate restricted tier. It is offered by invitation. The rest of this page explains how that works.
How is QSECDEF held to account?
The full legal framework, compliance posture, sub-processor disclosure, your data rights, refund policy, and editorial standards are published in the QSECDEF Trust Centre. The Trust Centre is the authoritative reference for anyone who needs to understand how QSECDEF operates as an institution before engaging at any level. Public-forum participants and prospective expert members alike should treat the Trust Centre as the canonical record. It exists because the field needs one.
What is expert membership?
Expert membership is QSECDEF's recognised practitioner tier. An expert member's directory profile carries the QSECDEF Vetted designation: a public signal to procurement leads and CISOs that the member's claims about their work have been examined, and that the member has cleared the standard QSECDEF applies to every entry.
Expert membership is not open application. It is offered by invitation. The route to invitation is described next.
How do I become an expert member?
Two routes lead to expert membership.
Direct invitation by the QSECDEF programme team, based on the programme team's view that your work meets the standard.
Recommendation by two active QSECDEF members. Two members in good standing provide written endorsement of your candidacy and a brief case for your membership. At least one of the two must be an expert member rather than a public-forum participant. Their case sets out, in their own words, why your work belongs in the QSECDEF expert directory. Once both endorsements and the written case are received, the candidate enters the same examination process described below.
Recommendation is the start of consideration, not the end. The standard is applied identically to direct invitations and member-recommended candidates.
What are the types of membership?
Three participation tiers, all by invitation.
Sponsor. Sponsorship of QSECDEF Symposium 2027 (Leadership in Quantum Secure Communications). Invitation only.
Expert Member. Speaking, engagement, network introductions, social amplification throughout the year, featured directory listing, and two webinar slots per year. Invitation only.
Corporate Member. Team access to the learning management system and a corporate member listing, starting at ten users. Invitation only.
Pricing, renewal conditions, and cancellation rights are set out in the Membership Agreement, which invitees receive and accept before payment is processed.
What does QSECDEF examine?
The examination covers evidence across five domains. The specific questions vary by category because the evidence each category can produce differs. The scrutiny is equivalent across categories.
- Core mechanism. Name the cryptographic algorithm, physical process, or methodology your work relies on, and confirm a qualified outside reviewer could examine it.
- Standards landscape and engagement. Identify the published standards your work relates to, and state the basis for any divergence.
- External scrutiny. Describe any examination of core claims by parties outside your organisation.
- Honest limits. State the specific technical, operational, or scale constraints on your work.
- Verification pathway. Explain how a technically qualified outside evaluator could verify your core claim independently.
What questions might I be asked? An example for a technology vendor
The questions below are the ones a technology vendor (a candidate who builds and sells a quantum security or AI security product) is asked. Equivalent question sets apply for systems integrators, academic institutions, end-user organisations, and independent experts. The examined standard is the same; the form of evidence differs by category.
1. Core mechanism. Which cryptographic algorithm, physical process, or methodology underpins your product? Examples: ML-KEM under NIST FIPS 203; BB84 QKD; a named adversarial defence method for AI model assurance. Technology described only in proprietary terms, with no formal specification, does not pass this question.
2. Standards landscape and engagement. Which published standards does your work relate to? Examples: NIST FIPS 203/204/205, ETSI QKD specifications, ISO/IEC 23837. Where your approach diverges from a published standard, what is the technical basis for that departure?
3. External scrutiny. Who outside your organisation has examined your core claims? Examples: academic co-authors, third-party security auditors, peer reviewers, open-source contributors, recognised red teams. Internal testing alone does not meet this criterion.
4. Honest limits. What specific technical, operational, or scale constraints apply to your work? Examples for QKD: distance limits and key rate trade-offs. Examples for a PQC implementation: handshake overhead on constrained hardware. Absence of stated constraints is a disqualifying signal, not a strength.
5. Verification pathway. How could a technically qualified outside evaluator verify your core claim? Acceptable forms include a private demonstration under NDA, a sandboxed evaluation build, reference to published test vectors, or a documented audit report from a named third party.
What if I hold more than one role?
This is common in quantum security, where academic roles often predate the commercial entity. The recommendation case can address either or both roles. The examination is applied to your primary category. Secondary roles are not discounted and may strengthen the relevant question. A vendor with academic co-authorship of the underlying security proof, for example, has a stronger external scrutiny answer than a vendor relying only on internal testing.
Do you accept AI security as well as quantum security?
Yes. Both disciplines are in scope. A PQC library, a QKD system, an AI model assurance tool, and an adversarial defence system are all candidates. If your product carries a high-risk classification under the EU AI Act, disclosure at invitation acceptance is expected. Non-disclosure is the more significant concern, not the classification itself.
What happens after a recommendation is received?
The programme team confirms receipt within two working days. The examination produces one of five outcomes within ten working days of acceptance.
Tier A (Flagship). All criteria met at a high level. Established scrutiny record, detailed standards awareness, specific and credible constraints stated.
Tier B (Qualified Expert). All criteria met. Strong across all five domains. The standard outcome for most invitees.
Tier C (Community Contributor). Core criteria met. Appropriate for invitees in earlier stages of their work whose scrutiny record is limited but present and honest.
Tier D (Development Pathway). Substantively sound but falls short on one or two criteria. Not a lesser outcome. Foundational filters have been passed (no fraudulent claims, no auto-reject triggers) and the gaps identified are closable with ordinary professional activity. Reassessment opens at 12 months, or earlier on documented gap closure. No fee. Development Pathway status is not published. It is held between QSECDEF and the invitee.
Tier E (Withdrawn). Auto-reject triggers identified during examination, or foundational criteria not met. An invitation may be withdrawn. Future reconsideration is possible if the programme of work develops.
How is my personal data handled, and what are my rights?
QSECDEF processes data under legitimate interests where necessary to operate the programme, and under consent where the law requires it. Your rights under UK GDPR and equivalent regimes include access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
The mechanisms for exercising those rights are set out in full in the Trust Centre. See your data rights for the practical steps, including how to remove yourself from our email database, how to cancel a membership, and how to request full erasure across all our systems.
Where can I learn more?
For the full explanation of who QSECDEF invites, what examination covers, and what a directory listing signals to procurement leads and CISOs, read How Expert Membership Works.
If you believe your work meets the standard and you have not yet been contacted, you may express interest at info@qsecdef.com. If you are an active QSECDEF member wishing to recommend a candidate, email the same address with the candidate's full name, role, and a brief written case. We respond when a suitable invitation can be offered.