Workshops Smart City Quantum Safe Public Data Infrastructure...
Smart City Full Day Workshop

Quantum-Safe Public Data Infrastructure and Open Data Security

This workshop equips smart city authorities with practical strategies to secure open data infrastructure against quantum threats while meeting GDPR, NIS2, and PQC procurement requirements.

Full day (6 hours + Q&A)
In person or online
Max 30 delegates
Commission This Workshop View Agenda

Proud to recommend our expert members

Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside
Qrypto Cyber
Eclypses
Arqit
QuantBond
Krown
Applied Quantum
Quantum Bitcoin
Venari Security
QuStream
BHO Legal
Census
QSP
IDQ
Patero
Entopya
Belden
Atlant3D
Zenith Studio
Qudef
Aries Partners
GQI
Upperside Conferences
Austrade
Arrise Innovations
CyberRST
Triarii Research
QSysteme
WizzWang
DeepTech DAO
Xyberteq
Viavi
Entrust
Qsentinel
Nokia
Gopher Security
Quside

Workshop Description

For city data platform managers and municipal IT security teams. Covers PQC migration for FIWARE NGSI-LD context brokers, TM Forum Open APIs, citizen data portals, and open dataset integrity. Addresses NIS2 Article 21, GDPR Article 32 quantum risk, and PQC procurement clause drafting for local authority IT contracts.

City data platforms sit at the intersection of two quantum risks. First, harvest-now-decrypt-later: citizen personal data (council tax records, housing applications, social services case files) encrypted with RSA-2048 can be captured in transit today and decrypted when a cryptographically relevant quantum computer arrives. Retention periods of 7-25 years for local authority records mean this data must survive the quantum transition. Second, integrity: open datasets published with RSA or ECDSA signatures lose provenance verification once those algorithms are broken. A city publishing transport statistics, air quality measurements, or crime data needs those signatures to remain trustworthy for downstream consumers (researchers, journalists, other government agencies). FIWARE NGSI-LD context brokers use TLS for entity subscriptions and OAuth 2.0 for API authentication. TM Forum Open APIs rely on digital signatures for inter-agency data sharing agreements. Every one of these cryptographic dependencies needs a migration plan. NIS2 Article 21 requires "state of the art" security measures, which will increasingly mean PQC. GDPR Article 32 requires "appropriate technical measures" for personal data protection. This workshop maps every cryptographic dependency in a reference city data platform, prioritises by data sensitivity and retention period, and builds migration plans including PQC procurement clauses for IT contracts.

What participants cover

  • FIWARE NGSI-LD security audit: TLS certificate chains, OAuth 2.0 token signing, and context broker subscription authentication as quantum-exposed components
  • Citizen data portal PQC: migrating RSA-2048 encryption at rest and ECDH key exchange in transit for GDPR-protected personal data with 7-25 year retention
  • Open dataset integrity: ML-DSA signatures replacing RSA/ECDSA for published transport, environmental, and statistical data provenance verification
  • NIS2 and GDPR compliance: Article 21 "state of the art" and Article 32 "appropriate technical measures" mapped to PQC migration timelines
  • Hybrid TLS deployment: X25519+ML-KEM on API gateways (NGINX, Kong) serving FIWARE and TM Forum endpoints without breaking existing clients
  • PQC procurement: drafting quantum readiness clauses for city IT contracts covering cloud hosting, managed services, and data platform providers

Preliminary Agenda

Full Day Workshop structure with scheduled breaks. Content is configurable to your organisation's technical level and operational environment.

# Session Topics
1 Quantum Threats to Public Data Infrastructure Why harvest-now-decrypt-later targets city open data and citizen portals
2 Cryptographic Exposure in City Data Platforms Protocol-level analysis of open data APIs and citizen services
  • FIWARE NGSI-LD context broker security: TLS for entity subscriptions, OAuth 2.0 token signing, and API gateway certificate chains as quantum-exposed components
  • TM Forum Open APIs: inter-agency data sharing agreements relying on RSA/ECDSA signatures for data provenance and integrity verification
  • Citizen data portals: GDPR-protected personal data (council tax, housing, social services) encrypted with RSA-2048 at rest and ECDH in transit
Break, after 50 min
3 NIS2 and GDPR Obligations for Local Authorities Regulatory requirements driving PQC migration timelines
  • NIS2 Article 21 security measures: how "state of the art" will include PQC as NIST standards enter EU procurement requirements
  • GDPR Article 32 and quantum risk: when personal data encrypted with RSA-2048 ceases to meet "appropriate technical measures" under quantum threat
  • Public procurement PQC clauses: embedding quantum readiness requirements into IT contracts for cloud, hosting, and managed service providers
4 Interactive Demonstration PQC migration assessment for a city data platform
  • Facilitator-led cryptographic inventory of a reference FIWARE-based city data platform: mapping every TLS certificate, signing key, and encryption dependency
  • Prioritisation exercise: ranking data assets by sensitivity (citizen personal data versus anonymised transport statistics) and retention period for migration sequencing
  • Drafting a PQC procurement clause: participants write quantum readiness requirements for a hypothetical city cloud hosting tender
Break, after 45 min
5 PQC Migration for Open Data Integrity Protecting dataset provenance and API authentication
  • ML-DSA for dataset signing: ensuring published open data retains integrity verification when RSA/ECDSA signatures become quantum-vulnerable
  • Hybrid TLS for API gateways: deploying X25519+ML-KEM on NGINX and Kong API gateways serving FIWARE NGSI-LD endpoints without breaking existing clients
  • Certificate authority migration: transitioning city PKI from RSA to ML-DSA root certificates while maintaining cross-signed backward compatibility
6 Q&A and Migration Roadmap Review

Designed and Delivered By

Workshops are designed and delivered by QSECDEF in collaboration with sector specialists. All facilitators have direct experience in both quantum technologies and smart city systems.

QD

Quantum Security Defence

Workshop design and delivery

QSECDEF brings world-leading expertise in post-quantum cryptography, quantum computing strategy, and defence-grade security assessment. Our advisory membership spans 600+ organisations and 1,200+ professionals working at the intersection of quantum technologies and critical infrastructure security.

SM

Smart City Partners

Domain expertise and operational validation

Smart City workshops are co-delivered with sector specialists who bring direct operational experience in smart city organisations. This ensures workshop content is grounded in regulatory, operational, and technical realities specific to the sector.

Commission This Workshop

Sessions are configured around your organisation's technical level, operational environment, and regulatory jurisdiction. Get in touch to discuss requirements and schedule a date.

Contact Us
Smart City Workshops All Consulting Services All Workshops