Government and Regulatory Affairs

As a leader in the next frontier of computing, IBM partners with governments worldwide for quantum research and development and to deploy systems. By championing the development and democratization of quantum technology globally, IBM aims to make this technology more accessible to researchers, businesses and developers worldwide.

IBM believes that governments should prioritize investments in quantum computing to catalyze public-private partnerships and prepare for the quantum era. IBM also supports open research and setting high standards for quantum hardware and software within governments around the world.

Investments in America’s ability to innovate and build new industries, such as with the CHIPS and Science Act, creates more jobs and a more resilient economy that is prepared to compete globally in cutting-edge technologies.

For more than two decades, IBM has been a leading figure in the Albany, New York ecosystem of nanotechnology companies and research universities. And last year, in 2023, this group, NY CREATES, was selected to establish a Department of Defense Microelectronics Commons Hub in the state. These hubs are vital to strengthening the domestic chip workforce and boosting R&D capabilities.

IBM is urging Congress to:

• Dispense all CHIPS Act funding to drive chip innovation for decades to come.
• Prioritize its commitments to the National Science Foundation (NSF). Underinvestment in NSF research could cause the US to fall behind in critical areas of innovation with potential consequences for our economy, national security and global standing.

The rapid acceleration of AI highlights the need for people to be prepared to work alongside technology. New digital skills are needed across industries, making the battle for talent even more fierce while risking leaving many behind. 

To make progress and embrace continuous learning, a mindset change is needed. Global institutions and national governments have a crucial role in setting the right framework, and businesses also have a responsibility to prepare their workforce for technological changes.

IBM has long advocated for better alignment between higher education and workforce development laws for in-demand skills, upskilling, reskilling and lifelong learning. Given the labor market changes fueled by technology adoption, education and job training systems must be flexible and adaptable to today’s market demands while preparing people for well-paying jobs and fulfilling careers.

Globally, we are also advocating for governments to better align education with workforce development policies, reform student aid and other incentives for upskilling and reskilling, and advance skills-based hiring.

Governments worldwide are responding to the cyberthreat landscape with an increased focus on AI, incident reporting, vulnerability monitoring, baseline cybersecurity requirements and corporate governance. To be effective, cybersecurity policies must be technically feasible and targeted. Overly broad and cumbersome rules waste resources and stymie the nimbleness and innovation needed to understand, mitigate and respond to the changing threat environment. 

IBM encourages governments to:

• Enable a harmonized policy environment at the national and global levels. Before developing new policies, regulators should first seek to reduce the complexity of compliance by leveraging international standards, including for critical infrastructure. This harmonization is needed at the national level across agencies and sectors, and also globally. Geo-specific requirements and localization policies conflict with cybersecurity best practices. 
• Take a responsible approach to incident reporting legislation. Incident reporting legislation should focus on reporting confirmed cyber incidents in the prevailing 72 hours and provide confidentiality and liability protections for reporting entities. Disclosure of vulnerabilities is not the same as reporting and should be provided through vulnerability disclosure management (VDM) programs and best practices of prioritizing, not by disclosing details about vulnerabilities before they are appropriately patched or fixed.
• Promote a resilient software supply chain through industry-led standards. Providing greater security through understanding and insight into the components of the software (sometimes called a “software bill of materials”) is helpful for developers who rely on them to identify and address vulnerabilities. Focus should be on their use, not a mere reporting requirement.
• Avoid new corporate governance requirements that could weaken security and resiliency. Corporate boards already ensure appropriate management of cyber risk as part of their fiduciary and oversight roles. Any additional requirements should be created in consultation with industry to not inadvertently misdirect resources and create new risks. 
• Avoid applying consumer-focused cybersecurity policies to enterprise engagements. Regulators should take a risk-based approach to cybersecurity, taking into consideration the facts, circumstances and sophistication of buyers when developing cybersecurity requirements. Applying the same requirements for consumer products to the enterprise space is inefficient and ineffective.

To create a competitive technological economy, we must strengthen societal trust in technology. Consumers are understandably concerned about the use of today’s rapidly changing technologies and the data that feeds into them.

It’s critical for governments to establish comprehensive regulations to protect individual privacy and address bias in technology. As technology rapidly advances, issues such as privacy violations, misinformation and algorithmic discrimination have become more pressing, highlighting the need for ethical considerations in developing and implementing technologies such as artificial intelligence.

Regulatory frameworks should set clear standards for data protection and require transparency in algorithmic decision-making to ensure fairness. Strengthening trust in technology involves robust accountability mechanisms, including regular audits of algorithms and public reporting on their impacts. Collaborative efforts among the public and private sectors are essential to create a safe digital environment where individuals feel protected and valued.

We can drive progress and enhance consumer protection and business innovation by:

• Advancing national privacy legislation in the US that provides strong, consistent consumer data protection through preemption of state laws and commonsense national privacy standards that enable beneficial use of data.
• Avoiding provisions with a private right of action that create uncertainty among consumers and businesses without creating strong consumer protection and that undermines the predictability of a national privacy standard. People, not plaintiff’s attorneys, should benefit most from a national privacy law.