Table of Contents
Google has set a 2029 timeline for migrating to post-quantum cryptography, urging companies to prepare for the security risks posed by future quantum attacks.
In a blog post on March 25, the tech giant said the new deadline reflects recent advances in quantum computing hardware, quantum error correction, and estimates for the resources needed to factor encryption at scale.
The timeline builds on a broader warning Google issued in February, when it urged governments, companies, and infrastructure operators to begin preparing for an era in which quantum machines could defeat the cryptographic systems that underpin modern communications, banking, and state security.
A Security Risk Already in Motion
Quantum computing has long been seen as a breakthrough technology with the potential to transform fields such as drug discovery, materials science, and energy research. At the same time, it poses a serious threat to digital security.
Google said a sufficiently powerful quantum computer would be able to break today’s widely used public-key cryptosystems, exposing everything from private messages and trade secrets to financial transactions and classified records. Even before such a machine exists, the company warned that attackers may already be gathering encrypted data in so-called “store now, decrypt later” operations, keeping stolen information until quantum capabilities catch up.
That risk has led Google to adjust its threat model. In its latest update, the company said authentication services and digital signatures now require greater urgency, with signature protections needing to be in place before a cryptographically relevant quantum computer becomes a reality. Encryption, meanwhile, already faces a practical risk because intercepted data can be stored now and decrypted later.
From Warnings to a Deadline
Google said its 2029 migration target is intended to give the industry a clearer timeframe for moving to post-quantum cryptography. The transition is expected to take years, not only within Google’s own systems but also across the wider technology sector, where cryptographic upgrades are often slow, costly, and closely tied to legacy infrastructure.
Google said it has been working on post-quantum cryptography since 2016, with a focus on “crypto agility,” or the ability to replace or update cryptographic algorithms without disrupting products and services. Since then, it has tested and introduced post-quantum features in parts of Chrome, its cloud services, and internal systems.
The company also pointed to the 2024 publication of the first post-quantum cryptography standards by the U.S. National Institute of Standards and Technology, which has given the industry a benchmark for migration. As part of its latest efforts, Google said Android 17 is integrating digital signature protection based on ML-DSA, aligning with NIST standards and extending post-quantum protections further into consumer technology.
Call for Broader Action
Google’s February note made clear that it does not see this as a challenge for private companies alone. It urged policymakers to accelerate adoption across critical infrastructure, reduce fragmentation around standards, modernize legacy systems through cloud migration, and ensure AI systems are built on cryptographic foundations that can survive the quantum era.
Taken together, the two announcements suggest that even without a clear timeline for the arrival of a quantum computer, companies should begin preparing now rather than wait for the threat to fully materialize.
