Protect.Computer
NEWS

Google sets 2029 post-quantum cryptography migration deadline

· 1 min read · Privacy tracking Device safety
Google sets 2029 post-quantum cryptography migration deadline

Photo by protect.computer (custom explainer graphic) on protect.computer

What happened

Google announced a public 2029 target to migrate key systems to post-quantum cryptography (PQC). In its update, Google said it accelerated its timeline because of ongoing progress in quantum hardware, quantum error correction, and factoring research.

The company also called out the current “store now, decrypt later” risk model: attackers can steal encrypted data today and hold it until future quantum capabilities can break older crypto methods.

Why this matters

This is a practical signal for IT and security teams: if a company at Google’s scale is setting a hard migration date, smaller orgs should stop treating PQC as “future planning” and start treating it as roadmap work now.

Even if large-scale quantum break capability is not immediate, migration takes years (inventory, compatibility, certificate lifecycle, key management, testing, rollout).

How to check if you’re affected

You should treat this as relevant if your environment relies on long-lived encrypted data, digital signatures, or internet-facing authentication services.

  1. Inventory where classical public-key crypto is still in use

    • Identify systems using RSA/ECDSA/ECDH for TLS, certificates, signatures, firmware signing, code signing, VPNs, and identity systems.

  2. Classify “decrypt-later” exposure

    • Prioritize data that must remain confidential for many years (legal, health, IP, customer identity data).
    • If long-retention encrypted traffic/logs exist, mark these as high-priority PQC transition candidates.

  3. Check vendor/product PQC readiness

    • Confirm whether key vendors (IDP, PKI, VPN, endpoint, cloud, HSM) have published PQC support timelines and migration guides.

  4. Review authentication/signature dependencies

    • Map systems that rely on digital signatures or auth token trust chains, since these are a critical part of migration sequencing.

  5. Create a dated migration plan now

    • Set internal milestones (inventory complete, pilot, staged rollout, deprecation of legacy algorithms) instead of waiting for emergency deadlines.

Immediate defensive actions

  • Start a cryptographic asset inventory this quarter.
  • Require PQC roadmap statements from strategic security vendors.
  • Add a “quantum-readiness” checkpoint to architecture and procurement decisions.
  • Prioritize migration planning for systems protecting long-lived sensitive data.

Sources

Bottom line

No one needs panic migration tomorrow — but waiting until quantum risk is “obviously urgent” is exactly what makes transition programs fail. 2026 is the right time to inventory, prioritize, and begin staged PQC adoption.

Related reading

News
LinkedIn browser script can detect 6,000+ Chrome extensions: what users should check now

LinkedIn is reported to detect thousands of browser extensions via in-page scripts; here is how to check your own browser exposure.

News
TA446 uses leaked DarkSword iOS kit in spear-phishing campaign

Researchers report TA446 (COLDRIVER/Star Blizzard) using DarkSword iOS exploit infrastructure in a new spear-phishing campaign.

News
Apple sends critical software alerts to outdated iPhones after web-attack activity

Apple is pushing lock-screen critical software alerts to users on older iOS/iPadOS versions due to active web-based attack risk.

News
Apple pushes first Background Security Improvements update to fix WebKit flaw

Apple released its first Background Security Improvements patch to fix CVE-2026-20643, a WebKit same-origin policy bypass risk.