Tech providers are racing to harden their cryptography in the face of quantum risk. The Flame episode from the early 2010s demonstrated how a forged certificate and weak crypto signing could enable widespread malware updates and compromise national networks. That episode underscored the danger of relying on algorithms and PKI infrastructure that may not survive a future quantum onslaught.
Last year, several leading players signaled a new urgency. Google and Cloudflare have publicly pegged their PQC readiness to 2029, moving ahead of some peers to accelerate migration of both encryption and authentication mechanisms. Researchers warn that the quantum threat could arrive sooner than many expected, even if a full CRQC is not imminent.
Other tech giants and government standards bodies have more conservative timelines. Amazon and the Defense Department target completion by 2031, while Microsoft’s plans extend toward the mid-2030s. Experts emphasize that the shift covers not only replacing RSA but also updating ECC-based signatures and TLS certificates across sprawling digital ecosystems.
Breakthrough work suggests that ECC, widely used for digital signatures, could be cracked with far fewer quantum resources than previously thought. The new studies, including some from Google, indicate that a quantum computer with thousands of qubits could break ECC in minutes, intensifying the push to prioritize PQC for both encryption and authentication. The field is examining ML-KEM as a practical path for quantum-safe key exchange while many systems remain tied to legacy RSA.
Alongside corporate roadmaps, standardization bodies and vendors continue to refine a PQC path forward. Meta has published guidance on PQC maturity levels, while some companies keep exact deadlines private. Experts caution that even if a 2029 target remains plausible, the real-world transition will span years due to dependencies, legacy software, and third-party certificates. The message is clear: a quantum-aware future is approaching, and the race to secure it is on.
