Microsoft, Google and Cloudflare just made 2029 the new quantum deadline
Microsoft, Google and Cloudflare just made 2029 the new quantum deadline
The inevitable path to access to quantum computing brings an equal and opposite responsibility to address post-quantum cryptography. Government directives from nations including the United States and France have previously set an end-of-decade timeline, stipulating that public sector bodies and "critical operators" should procure and deploy exclusively quantum-safe technologies by 2030.
That timeline has now changed. Technology vendors, including Microsoft, Google and Cloudflare, have publicly stated that they will bring their quantum-safe deadline date forward to 2029.
"We believe cryptographically relevant quantum computers could arrive sooner than previously expected, and the work required to prepare is significant so organizations need to start now."
A new risk horizon
According to Mark Russinovich, Microsoft Azure chief technology officer, advances in quantum research and development have now "shifted the risk horizon" for everyone.
"We believe cryptographically relevant quantum computers could arrive sooner than previously expected โ and the work required to prepare is significant so organizations need to start now," writes Russinovich in a recent blog post.
Russinovich noted that there has been growing recognition that the transition to quantum-safe cryptography is a "multi-year engineering effort" that benefits from early planning and action, so delaying work increases both cost and risk.
The Microsoft Quantum Safe Program (QSP) timeline and the goal of transitioning products and services to PQC by 2029 mean Redmond is also incorporating PQC requirements into its Secure Future Initiative (SFI).
"This brings quantum-safe readiness into the same disciplined engineering framework we use for other critical security outcomes: clear ownership, measurable milestones, and transparent progress. Embedding these capabilities into our platforms empowers customers to move sooner and more confidently," added Russinovich.
"Cryptographically relevant quantum computers don't exist yet, but many labs across the world are pursuing different approaches to building one." โ Bas Westerbaan, Cloudflare.
What changes with post-quantum cryptography?
PQC is only possible on a cryptographically relevant quantum computer, which doesn't yet exist. The closest we have in 2026 are "noisy intermediate-scale quantum" (NISQ) devices that run the IBM Heron or Google Willow chips to process approximately 1,000 to 1,500 physical qubits.
Underlining the looming threat, Cloudflare post-quantum specialist Bas Westerbaan has called Q-Day the day when sufficiently capable quantum computers can break essential cryptography used to protect data and access across systems today.
"Cryptographically relevant quantum computers don't exist yet, but many labs across the world are pursuing different approaches to building one. Google's motivation behind its recent announcement to also pursue neutral atoms alongside superconducting quantum computers becomes clear now," stated Westerbaan.
Today's public-key cryptography standards, such as RSA and ECC (Elliptic Curve Cryptography), are built on the difficulty of factoring large integers or computing discrete logarithms. These are defense systems that a quantum computer could quickly undermine with Shor's algorithm, which uses quantum superposition and interference to compute the period of a related function.
A cryptographically relevant quantum computer archives post-quantum cryptography using alternative mathematical problems over large integers, including lattice-based or hash-based structures, both of which are said to remain computationally hard even against quantum threats.
According to Google's Heather Adkins, VP for security engineering, and the company's head of cryptography, Sophie Schmieg, work has already started.
"As an example of our ongoing PQC commitments, Android 17 is integrating PQC digital signature protection using ML-DSA in alignment with the National Institute of Standards and Technology (NIST)," wrote the pair on Google's innovation blog.
"Most organizations have no clear picture of where cryptography exists across their applications, infrastructure, legacy systems and data flows," โ Simon Pamplin, Certes.
The threat of harvest now, decrypt later
Simon Pamplin, CTO at quantum-safe data protection company Certes, tells The New Stack that the "direction of travel" from governments and the world's largest technology platforms is now unambiguous, and the pace is accelerating.
"What is worth examining is why," Pamplin says. "The standard explanation points to advances in quantum hardware. That is part of it. But the more immediate driver is the threat of 'harvest now, decrypt later' activities. Adversaries, including state-level actors with long time horizons, are already intercepting and stockpiling encrypted data today. The cryptographic foundations protecting that data do not need to be broken immediately. They need to be broken eventually, and eventually is getting closer."
Pamplin is fatalistic about this whole discussion and suggests that whether the deadline is 2027, 2029, or 2030 is, in some respects, beside the point. He reminds us that this is because data being harvested today does not wait for compliance timelines.
"Most organizations have no clear picture of where cryptography exists across their applications, infrastructure, legacy systems and data flows," underlines Pamplin. "Investing in newer versions of the same infrastructure controls deployed for years will not resolve the underlying exposure. Data does not stay within environments an organization controls. It moves across third-party platforms, supplier networks and legacy infrastructure, and that is where protection needs to be applied."
He says that the organizations creating and deploying genuine resilience are those applying data-centric, quantum-safe protection directly to the data itself, ensuring it remains unreadable and sovereign regardless of which system it passes through or when an adversary attempts to use it.
Don't wait until 2026; the time to act is now
Three years from now isn't long, so 2029 will feel close to the new big (bad) thing for many organizations. Microsoft's advice is to consider this change today and define ownership, scope, and milestones for a multi-year cryptography transition.
For systems architects and software engineers with any degree of insight into roadmaps, that means designing for change and building crypto-agility into new software and data products so future standards shifts are updates, not emergency situations.
Microsoft's Russinovich urges companies to begin with an inventory and create and maintain "a living cryptographic inventory" to identify, prioritize, and ultimately modernize application dependencies.
Quantum is coming, and it will inevitably intersect with AI; what comes next is something of an unknown.
Comments
No comments yet. Start the discussion.