The quantum security market has a signal problem. Vendor claims in this space require specialist knowledge to evaluate. When a procurement lead or CISO cannot readily distinguish a product built on ML-KEM (NIST FIPS 203) from one built on a proprietary "quantum-enhanced" algorithm that has never been examined by an outside party, both look equally credible in a slide deck. QSECDEF expert membership is by invitation only. This post explains who we invite, the standards we apply before extending an invitation, and what being listed does and does not mean.

Who we invite

QSECDEF considers invitations across five categories. Each is assessed with an evidence standard designed for the work that category can actually produce. They are Vendor, Systems Integrator, Academic Institution, End-User Organisation, and Independent Expert.

Technology Vendor. Organisations that build and sell a quantum security or AI security product: a PQC library, a QKD system, a quantum random number generator, an AI model assurance tool, an adversarial defence system. Company age and revenue are not criteria. A seed-stage startup with a published preprint and a named academic co-founder can meet the standard. Invitations span quantum security, AI security, or both disciplines on equivalent terms. Disclosure of any high-risk EU AI Act classification is expected when an invitation is accepted.

Systems Integrator / Consultancy. Organisations that deploy or advise on quantum security technology built by others — PQC migration practices, defence primes integrating QKD, technology consultancies advising on cryptographic inventory. The standard requires named professional credentials, credible past engagements, and disclosure of commercial relationships with vendors that could influence client advice.

Academic / Research Institution. Universities, national laboratories, and publicly funded research bodies — including EU Quantum Flagship partners and national cryptography research centres. The standard requires a verifiable institutional profile, a recent publication or preprint record at named venues, and active funding details.

End-User Organisation. Banks, defence contractors, telecommunications operators, and government agencies that have deployed or are deploying quantum security technology as users rather than developers. The standard requires a verifiable role, an authorised scope statement, a concrete deployment description, and an internal sponsor who has approved participation.

Independent Expert. Individual consultants, researchers between affiliations, retired practitioners, and advisors acting in a personal capacity. The standard requires a verifiable credential record, a traceable employment history, at least one recent named and verifiable output, two independent referees, and full disclosure of advisory roles or equity holdings.

What QSECDEF examines before extending an invitation

Before extending an invitation, QSECDEF examines evidence across five domains. The specific questions vary by category — a technology vendor demonstrates different evidence than an academic institution, because the evidence each can produce differs — but the scrutiny is equivalent across categories. Examined evidence covers: 1) Core mechanism; 2) Standards landscape and engagement; 3) External scrutiny; 4) Honest limits; 5) Verification pathway.

Examination assesses whether claims have a falsifiable, examinable basis. It does not assess product quality, commercial viability, or regulatory compliance. That distinction is stated in every listing. The full legal framework, including disclaimers, limitation of liability, and data protection, is published at the QSECDEF Trust Centre.

Expert membership is by invitation only. If you believe your work meets the standard and you have not yet been contacted, you may express interest at info@qsecdef.com. We respond when a suitable invitation can be offered.

The five tier outcomes from a categorised intake assessment TIER OUTCOME MEANING A Flagship All criteria met at a high level: established scrutiny record, detailed standards awareness, specific constraints. B Qualified Expert All criteria met. Strong across all five domains. Standard pass outcome for most applicants. C Community Contributor Core criteria met. For applicants in earlier stages whose scrutiny record is limited but present and honest. D Development Pathway Foundational filter passed. Specific gaps identified. Reassessment at 12 months or on documented gap closure. E Withdrawn Auto-reject triggers present, or foundational criteria not met.
The five tier outcomes from the post-invitation examination. Tier A (Flagship) represents the highest pass; Tier D (Development Pathway) is not a lesser outcome but a structured route to reassessment; Tier E (Withdrawn) applies where auto-reject triggers are present.

What happens after an invitation is extended

Once an invitation is accepted, the programme team confirms the full qualification outcome within ten working days. The examination produces one of five outcomes.

Tier A (Flagship). All criteria met at a high level: established scrutiny record, detailed standards awareness, specific and credible constraints stated.

Tier B (Qualified Expert). All criteria met. Strong across all five domains. This is the standard outcome for most invitees.

Tier C (Community Contributor). Core criteria met. Appropriate for invitees in earlier stages of their work whose scrutiny record is limited but present and honest.

Tier D (Development Pathway). Where an invitee is substantively sound but falls short on one or two specific criteria, QSECDEF assigns them to a development pathway. This is not a lesser outcome. It means the foundational filter is passed — no fraudulent claims, no auto-reject triggers — and the gaps identified are ones that can, with time and ordinary professional activity, be closed. The invitee is told precisely which criteria were not met and what evidence would satisfy them. A formal reassessment window opens at 12 months, or earlier if documented evidence shows the gap has been addressed. There is no fee for reassessment. The standard applied at reassessment is identical to the standard applied at first examination. Development pathway status is not published and is not visible to other members or to the QSECDEF audience. It is a working designation, held between QSECDEF and the invitee, for as long as it is useful.

Tier E (Withdrawn). Auto-reject triggers identified during examination, or foundational criteria not met. An invitation may be withdrawn. Future reconsideration is possible if the programme of work develops.

The participation tiers

The examination standard is the same for every invited member. The tier reflects what each member chooses to access — speaking platform, directory presence, team training — not the credibility of the work. All three tiers are extended by invitation; QSECDEF expert membership is not open to general application.

Three participation routes are available.

Sponsor. Sponsorship of QSECDEF Symposium 2027 — Leadership in Quantum Secure Communications. Invitation only.

Expert Member. $4,995.00 per year. Provides speaking, engagement, network introductions, social amplification throughout the year, featured listings, and two webinar slots per year. Invitation only.

Corporate Member. Team access to the learning management system, plus a corporate member listing. Starts at ten users for $799.00 per year. Invitation only.

Membership is offered on annual terms. Full pricing, renewal conditions, and cancellation rights are set out in the Membership Agreement, which invitees receive and accept before payment is processed.

For QSECDEF's privacy policy, see the Privacy Notice in the Trust Centre.

What a listing signals

A listing in the QSECDEF directory means the organisation or individual answered a category-specific question set covering five technical domains. Their work — technology, methodology, or research — rests on a named, examinable basis. They know the standards landscape relevant to their field. Their claims have been examined by at least one party outside their own organisation. They have stated, specifically, what their work does not do. And there is a defined pathway by which a qualified evaluator could verify the core claim independently.

That is not a guarantee of product quality, commercial viability, or fitness for any particular deployment. It is a technical legitimacy check. Procurement leads and CISOs who use QSECDEF as a reference point should treat listing status as one signal among several in any purchasing or partnering decision. QSECDEF does not accept responsibility for commercial decisions made on the basis of listing status alone.

The higher the commercial tier, the more the organisation has invested in participating in the QSECDEF programme. That is all it means.

The standard exists because the field needs one. We intend to keep it defensible.

If you believe your work meets the standard and you have not yet been contacted, you may express interest at info@qsecdef.com. We respond when a suitable invitation can be offered.