Omid studio - stock.adobe.com
Shrinking PQC timeline highlights immediate risk to data security
Google’s decision to move up its timeline for migration to post-quantum cryptography highlights that some of the cyber security risks posed by quantum computing are already reality
After Google moved up its quantum readiness timeline and revealed it was working on building post-quantum cryptography (PQC) features into the next version of its Android mobile operating system, cyber experts have welcomed indications that the pace of travel towards effective, security-preserving PQC is speeding up, but also highlighted that the data security risks posed by quantum computers must be addressed today, not whenever the so-called Q-Day occurs.
Google’s target of migrating to PQC in 2029, three years from now, blasts past the migration schedules of others, including the US Commercial National Security Algorithms (CNSA) 2.0 migration schedule. Ping Identity head of privileged access management engineering Suman Sharma said: “Google accelerating its timeline to 2029 underscores a growing realisation across the industry that the window to prepare for a post-quantum world is smaller than many anticipated.
“We’re already in the midst of the largest overhaul of the internet’s encryption backbone in decades, with hybrid quantum-resistant standards rolling out across browsers and core infrastructure,” he said.
“High-security sectors are moving quickly toward fully quantum-safe deployments, yet much of the broader ecosystem is still operating in a transitional, hybrid state,” said Sharma. “This latest move reinforces that leading technology providers no longer see post-quantum security as a distant concern. It’s now an immediate priority, and the pace of adoption will only continue to accelerate.”
According to Mark Pecen, chair of the Technical Committee on Quantum Technologies at the European Telecommunications Standards Institute (ETSI), Google’s accelerated deadline reflects a shift from trying to predict Q-Day to preventative management of present-day risks.
“The real concern isn’t when quantum computers arrive, it’s that adversaries are already collecting encrypted data today to decrypt later,” said Pecen. “The existing public key cryptographic systems that protect our internet and wireless transactions, Rivest-Shamir-Adelman (RSA) and Elliptic Curve Cryptography (ECC) are aging cryptosystems, developed in the 1970s and 1980s respectively.
“These algorithms become weaker for every year that technology advances, so post-quantum cryptography is also being viewed as the next generation of data security.”
Read more about quantum computing
- We speak to Lucy Robson, a quantum algorithm scientist at Universal Quantum, about her work in helping to develop simulations for drug discovery.
- Japan and Singapore will work together to bridge the gap between quantum research and real-world commercialisation, marking Singapore’s first government-to-government pact dedicated to the technology.
- Claims that quantum computing will destroy Bitcoin may be exaggerated, but Bitcoin will need to adapt.
Additionally, newer and faster quantum decryption algorithms are already being developed, such as Jesse-Victor-Gharabaghi (JVG) – which caused a stir in March 2026 – as it appears to need vastly less quantum computational power (qubits) to break legacy algorithms.
Its creators say that given the right hardware, when Q-Day comes, JVG could break RSA in 11 hours.
“By moving earlier than government timelines, Google is effectively forcing the industry to treat post-quantum migration as an immediate operational priority rather than a future compliance exercise,” said Pecen.
Harvest now, decrypt later
At present, much of the concern stems from the demonstrable growth in so-called harvest now, decrypt later (HNDL) cyber attacks in which threat actors exfiltrate encrypted data now and keep it in readiness for the moment present-day algorithms fail, and Simon Pamplin, chief technology officer at Certes – a PQC specialist – said that for many organisations, the most dangerous moment in time is not the day quantum computers arrive, but rather right now.
“Adversaries are already running HNDL campaigns: exfiltrating encrypted data today with the intention of unlocking it once a cryptographically relevant quantum computer [CRQC] exists,” he said.
“If your organisation is still relying on RSA, TLS or standard PKI to protect sensitive data in transit, that data is already at risk, regardless of whether Q-Day lands in 2029 or 2035,” added Certes.
“With data flowing across legacy systems, multi-cloud environments, AI and the edge, the potential risk organisations face today is very real, and extremely serious if left unchecked.”
Next steps
Matt Campagna, who chairs ETSI’s Quantum-Safe Cryptography working group, said Google’s prioritisation of quantum-resistant digital signatures demonstrated important industry leadership in the field, and hailed significant progress in a field for which ETSI has been advocating for 13 years.
“Organisations operating information technology systems should take note,” he said. “Understanding local PQC migration timelines, as set by customers and regulators, is now essential. Businesses must develop their own PQC migration strategies and actively engage with vendors and suppliers to ensure alignment.”
Certes’ Pamplin echoed this sentiment. “Post-quantum migration is a multi-year project for most organisations, and with Gartner predicting a CRQC could arrive by 2029, the gap between where most businesses are and where they need to be is closing fast – and action should be taken today,” he said.
Some of the looming challenges that business tech leaders will soon need to face include legacy systems that may prove impossible to natively upgrade to PQC, multi-cloud environments causing issues due to inconsistent security models and data privacy policies, and gaps around the user and network edge.
Pamplin said: “Firms need to look at end-to-end PQC solutions that are able to protect data across any app, any infrastructure, anywhere. Specifically, solutions that enforce sovereign, crypto-agile PQC protection, where only the data owner controls the key, from server to edge, and ones where protection persists with the data, not infrastructure.
“Quantum readiness isn’t about predicting a date,” he said. “It’s about eliminating a long-term exposure before that date becomes irrelevant.”
