Introduction

Quantum computing is now moving beyond the field of research and gradually entering certain industrial applications, particularly through cloud-based access to specialised computing resources. This development requires traditional IT contracts to be adapted in order to anticipate the risks specific to quantum technologies, including technological uncertainty, rapid obsolescence, performance issues, intellectual property, data protection and regulatory developments.

Identifying the contractual model: QaaS or a dedicated quantum computer

Even before negotiating the technical clauses, the parties must identify the access model chosen. Contracts relating to quantum computing do not all cover the same reality. They may involve two distinct models:

  • The first is Quantum Computing as a Service, or QaaS, under which the client remotely accesses quantum processors hosted by a service provider, in a manner similar to cloud computing.
  • The second is based on the provision of a dedicated quantum computer, sometimes installed on the client’s premises or at a designated site.

This distinction is decisive, since the clauses to be included will vary depending on the model chosen. In a QaaS model, the contract must notably regulate access to the platform, service availability, execution queues, usage-based billing, data location and reversibility. For a dedicated computer, the contract should instead specify the hardware specifications, installation constraints, acceptance tests, maintenance, insurance, transfer of risk and conditions for returning the system.

These elements determine the service provider’s undertaking: depending on the degree of control over the technology, this may amount to a best-efforts obligation, an enhanced one or, more rarely, an obligation to achieve a specific result.

Allocating the technological risks specific to quantum computing

For many uses, quantum computing remains only partially mature, still in the process of industrialisation. This partial maturity creates specific risks that the contract must allocate clearly and fairly between the service provider and the client.

Regulating the service provider’s liability

Under French law, limitation of liability clauses are permitted, provided that they do not deprive the debtor’s essential obligation of its substance, in accordance with Article 1170 of the French Civil Code. In a contract relating to quantum technologies, drafting such clauses therefore requires a clear distinction to be drawn between:

  • Limitations inherent in the technology, such as quantum noise, decoherence, measurement errors or instability of results; and
  • Breaches attributable to the service provider, such as poor algorithm design, defective execution or insufficient integration into the client’s information system.

The service provider cannot guarantee the complete absence of computational errors where these result from physical constraints specific to quantum computing. However, it must be able to demonstrate the means implemented to limit, correct or reduce their effects. This demonstration requires the contract to organise the evidentiary framework for establishing a breach, particularly in QaaS environments where it may be difficult to determine whether an incorrect result stems from a defect in the service or from the normal uncertainty of the technology. The contract may therefore provide for traceability obligations: execution logs, timestamped metrics, incident reports and technical audit procedures.

Providing for technological obsolescence

Quantum solutions evolve quickly: a tool, algorithm or access to infrastructure may become less relevant within a few months. The contract must therefore organise the evolution of the solution over time, without relying solely on the statutory regime of hardship. It may include a technological update clause, a right to renegotiate or terminate in the event of significant obsolescence.

Where the contract concerns a dedicated quantum computer, it must also anticipate the gradual deterioration of performance: ageing components, drift in error rates, regular recalibrations or software updates. Minimum performance thresholds may be defined, together with an obligation for the service provider to intervene, a price reduction or a right of termination if those thresholds are no longer met.

Protecting intellectual property rights and data

Quantum contracts raise issues in the field of intellectual property. Quantum algorithms, circuit compilation methods, optimisation techniques and results generated during performance of the contract may constitute strategic assets for the parties.

Determining ownership of algorithms and results

The service is not always limited to the use of an existing tool: it may lead to the creation or improvement of algorithms, optimisation methods, circuits or technically exploitable results. The contract must therefore specify what falls within the elements already owned by each party, what is developed specifically for the client and what the service provider may, where applicable, reuse after completion of the project.

This distinction is essential, since these elements are not necessarily intended to be subject to the same legal regime: some may remain the property of the service provider, while others may be assigned to the client or only be subject to a licence of use.

Finally, the contract must regulate the service provider’s reuse of certain elements resulting from the project, particularly aggregated data or results, where they are used to improve its models, algorithms or services.

Regulating confidentiality and data protection

The data processed under quantum contracts may be sensitive, strategic or subject to specific regulatory obligations. This vigilance does not only concern personal data: industrial, financial, scientific, pharmaceutical or defence-related data may have significant strategic value, even where they do not fall within the scope of the GDPR. The contract must therefore regulate their location, the service provider’s access conditions, restrictions on use, segregation measures, as well as deletion, return and reversibility procedures.

Particular attention must also be paid to the so-called “harvest now, decrypt later” threat, which consists of collecting encrypted data today in order to decrypt them later using quantum computing capabilities. Where the sensitivity of the data so requires, the contract may organise a gradual migration towards post-quantum cryptography standards, in accordance with ANSSI recommendations.

secure quantum contract

Anticipating regulatory developments and dispute resolution

The legal framework applicable to quantum technologies remains largely indirect and fragmented. Existing texts do not always refer to quantum technologies as such, but may apply depending on the concrete use of the technology: personal data processing, use of cloud infrastructure, cybersecurity or migration to post-quantum cryptography.

The contract must therefore include compliance clauses adapted to the context of the project. In terms of export control, the parties must notably take into account Regulation (EU) 2021/821 on dual-use items and technologies, as well as, where the project has an international dimension, the US EAR regime and, in certain circumstances, ITAR. The contract must then allocate compliance responsibilities and provide for the necessary representations, warranties and cooperation obligations.

The sector-specific regulations applicable to the client must also be taken into account, particularly in the finance, healthcare, defence or critical infrastructure sectors. Depending on the circumstances, obligations arising from DORA (Regulation (EU)2022/2554), the NIS 2 Directive (Directive (EU) 2022/2555) or equivalent frameworks may need to be passed on to the service provider, particularly in relation to security, continuity, audits and incident notification.

Providing for a regulatory adaptation clause

As these contracts must be capable of adapting to changes in the applicable standards, the contract must provide for an adaptation mechanism allowing the parties to identify relevant regulatory developments, assess their technical, economic and operational impact, and then renegotiate the affected provisions. This clause may organise a reciprocal duty to inform, a renegotiation period, the allocation of compliance costs and the consequences of persistent disagreement.

Article 1195 of the French Civil Code may indeed allow renegotiation in the event of an unforeseeable change in circumstances making performance excessively onerous. However, in such an evolving field, it is preferable to organise adaptation scenarios contractually in order to avoid uncertainty regarding the conditions for continuing, suspending or terminating the contract.

Providing for an appropriate dispute resolution mechanism

Disputes relating to quantum technologies may raise complex technical questions, particularly where they concern the origin of a performance defect, the reliability of results, the attribution of an error or the compliance of the solution with the contractual specifications. It is therefore useful to provide, in advance, for a mechanism capable of clarifying the technical aspects of the

dispute before any contentious proceedings.

The contract may thus organise recourse to an independent expert with suitable expertise, responsible for analysing the causes of the difficulty encountered and issuing a technical opinion. This prior expert assessment may be supplemented by mediation or arbitration where the dispute persists.

Conclusion

Quantum computing contracts require specific drafting adapted to technologies that remain only partially mature and are evolving rapidly.

Their legal security rests on four key pillars: identifying the appropriate contractual model, allocating technological risks, protecting intellectual property and data, and anticipating regulatory developments and disputes.

The objective is to manage technological uncertainty while preserving the value of the investment. When negotiated upstream, these clauses help secure the legal position of the parties.

Dreyfus law firm  assists its clients in managing complex intellectual property cases, offering personalized advice and comprehensive operational support for the complete protection of intellectual property.

Dreyfus law firm works in partnership with a global network of attorneys specializing in Intellectual property.

Nathalie Dreyfus with the support of the entire Dreyfus team.

FAQ

1. Should a company already enter into contracts for quantum projects while the technology remains emerging?
Yes, precisely because the technology remains emerging. The contract makes it possible to frame expectations, limit areas of uncertainty and avoid the project being based solely on technical or commercial promises. It is particularly useful during proof-of-concept phases, where the parties must know whether they are testing a hypothesis, developing a reusable asset or preparing for future industrial deployment.

2. How can a contract be prevented from becoming overly marketing-oriented?
The contract must convert commercial promises into verifiable commitments. General expressions such as “revolutionary solution”, “quantum advantage” or “significant optimisation” should be replaced by objective criteria: the scope of the service, comparison methodology, testing conditions, performance indicators and expected deliverables.

3. Must the client provide its own data to test the solution?
Not necessarily. Where the client’s data is sensitive, it may be preferable to begin with fictitious, synthetic, anonymised or representative data. If real data is necessary, the contract must specify its scope, the purposes for which it may be used, the security measures to be implemented and the conditions for deletion or return at the end of the project.

4. How can dependence on a single provider be avoided?
The contract must anticipate the risk of technological lock-in. This requires provisions on usable output formats, sufficient documentation, a reversibility clause, migration conditions and, where possible, an architecture designed to avoid excessive dependence on a single technology or platform.

5. Should the contract provide for an enhanced duty to advise?
Yes, particularly where the client does not have equivalent technical expertise. The service provider must inform the client of the limits of the technology, the risks of failure, the conditions necessary for the success of the project and the possible alternatives. This duty to advise may be decisive where the client relies on the service provider’s expertise when deciding whether to invest.

The purpose of this publication is to provide general guidance to the public and to highlight certain issues. It is not intended to apply to particular situations or to constitute legal advice.