Workshops Law & Policy PQC Obligations for Law Firms
Law & Policy Half Day Briefing

Post-Quantum Cryptography Obligations for Law Firms and Legal Infrastructure

This briefing equips law firm CISOs, IT directors, and managing partners with a clear understanding of quantum cryptographic risks specific to legal practice and the regulatory obligations driving PQC migration.

Half day (3 hours)
In person or online
Max 30 delegates
Commission This Briefing View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Briefing Description

Law firms hold some of the most sensitive long-lived data in any sector. Privileged client communications have no statutory expiry. Litigation archives persist for decades. M&A transaction rooms contain market-moving information that retains its sensitivity long after the deal closes. All of this data is protected by RSA and elliptic curve cryptography that a quantum computer running Shor's algorithm would break. The harvest-now-decrypt-later threat is particularly acute for the legal sector because the data sensitivity outlasts the cryptographic protection by years or decades.

The Solicitors Regulation Authority (SRA) Principle 2 requires solicitors to act in a way that upholds public trust, and confidentiality obligations under SRA Code of Conduct paragraph 6.3 create a duty to protect client information against foreseeable risks. The Bar Standards Board (BSB) Core Duties and rC15.5 impose equivalent obligations on barristers. As NIST finalises PQC standards and the UK NCSC publishes migration guidance, the argument that quantum risk is too remote to require action weakens. This briefing maps the specific cryptographic dependencies in legal infrastructure, explains where quantum vulnerability sits, and provides a practical migration framework aligned with regulatory expectations.

What participants cover

  • Legal sector cryptographic dependencies: DMS encryption (iManage, NetDocuments), client portal key exchange, and email S/MIME and PGP quantum vulnerability
  • SRA regulatory obligations: Principle 2 public trust, paragraph 6.3 confidentiality, and Law Society information security Practice Notes applied to quantum risk
  • BSB Core Duties: rC15.5 barristers duty to protect client information against foreseeable risks including quantum decryption
  • Privileged communications exposure: why legal professional privilege does not protect against cryptographic failure
  • DMS migration planning: vendor roadmaps for PQC support in iManage, NetDocuments, and SharePoint-based legal platforms
  • Board reporting: presenting quantum cryptographic risk to managing partners and partnership boards in actionable terms

Preliminary Agenda

Half-day briefing structure. Content is configurable to your firm's technology stack, practice areas, and regulatory obligations.

# Session Topics
1 Why Law Firms Face Unique Quantum Cryptographic Risk Privileged communications, long-lived data, and harvest-now-decrypt-later exposure
2 Legal Sector Cryptographic Dependencies Where quantum vulnerability sits in law firm infrastructure
  • Document Management Systems (iManage, NetDocuments): TLS connections, at-rest encryption, and metadata exposure
  • Client portals and secure file sharing: end-to-end encryption reliance on RSA/ECDH key exchange
  • Email encryption (S/MIME, PGP): the quantum vulnerability of long-archived privileged email and its regulatory implications
Break, after 50 min
3 Regulatory Obligations for Legal Sector PQC Migration SRA, BSB, and Law Society requirements
  • SRA Principles and Code of Conduct: how Principle 2 (act in a way that upholds public trust) and confidentiality obligations create a PQC duty
  • BSB Core Duties and rC15.5: barristers obligations to protect client information against foreseeable risks
  • Law Society Practice Notes on information security: how existing guidance maps onto quantum-era requirements
4 Discussion and Next Steps

Designed and Delivered By

Briefings are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and legal sector information security.

QD

Quantum Security Defence

Briefing design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

LS

Legal Sector Technology Partners

Domain expertise and operational validation

Legal sector briefings are co-delivered with specialists who have direct experience in law firm IT infrastructure, SRA compliance, and legal technology procurement. This ensures content is grounded in the operational realities of legal practice.

Commission This Briefing

Sessions are configured around your firm's technology stack, practice areas, and regulatory obligations. Get in touch to discuss requirements and schedule a date.

Contact Us
Law & Policy Workshops All Consulting Services All Workshops