PQC deadlines in 2029 and beyond
Extended analysis with industry context, action checklists, and Qtangl product tie-ins.
Read blog post →
Fundamentals
What is Q-Day?
The day a cryptographically relevant quantum computer breaks RSA, ECC, and other public-key algorithms your stack depends on today.
Not a calendar date — a capability milestone
Q-Day (sometimes called Y2Q) is when a cryptographically relevant quantum computer (CRQC) can break widely deployed public-key cryptography — RSA, elliptic-curve (ECC), and the TLS, VPN, and code-signing infrastructure built on them. It is not a fixed date on anyone's calendar. It is the point where your current algorithms are no longer safe.
Why industry timelines shifted in 2026
Google and Cloudflare accelerated internal post-quantum readiness targets to 2029 — roughly five years sooner than prior plans. The move reflects new research on error correction and algorithmic advances, not a confirmed CRQC arrival date. Treat 2029 as a planning signal: migration takes years across vendors, certificates, and embedded systems.
The risk starts before Q-Day
Harvest-now-decrypt-later (HNDL) means adversaries capture encrypted data today and store it until quantum computers can decrypt it. Long-lived secrets in healthcare, finance, and government face exposure now — even while today's crypto still works. NIST finalized ML-KEM, ML-DSA, and SLH-DSA standards in 2024 so migration can begin immediately.
What to do now
Inventory quantum-vulnerable crypto, quantify HNDL exposure with Mosca's inequality, and build a migration program with evidence auditors can verify — not a slide deck. Qtangl Assess produces a prioritized backlog with signed scan artifacts; an inventory aid, not a formal attestation.
Video explainer
References & further reading
Authoritative primary sources cited in this article. Summaries are our own — follow links for full context.
Last verified 2026-06-03
- What Is Post-Quantum Cryptography?NIST · 2024Official overview of NIST's PQC project, finalized standards, and the harvest-now-decrypt-later threat model.
- What Is Q-Day? Quantum Computing and Cyber RiskPalo Alto Networks · 2026CRQC definition, HNDL threat model, and migration guidance for enterprise security teams.
- Google bumps up Q Day deadline to 2029Ars Technica · 2026-03Coverage of Google's accelerated 2029 post-quantum readiness target and industry timeline shift.
- Cloudflare targets 2029 for full post-quantum securityCloudflare · 2026Cloudflare's accelerated PQ roadmap including post-quantum authentication milestones.
Deep dive
Related
Harvest now, decrypt later
Why data encrypted today is already at risk — even before Q-Day arrives.
Read guide →