Google has brought forward the cyber industry’s timeline for preparing for quantum-era attacks, warning that the point at which powerful machines can threaten today’s encryption may arrive sooner than many organisations had built into their plans.
The company said this week it is setting a 2029 target for its migration to post-quantum cryptography, a shift designed to protect systems before a cryptographically relevant quantum computer can undermine widely used public-key encryption and digital signatures. Google tied the faster timetable to advances in quantum hardware, quantum error correction and updated estimates for the resources needed to break existing cryptographic methods.
That warning matters far beyond one technology company. Public-key cryptography underpins secure web browsing, software updates, digital identity systems, banking traffic, cloud services and confidential communications across governments and businesses. If a sufficiently capable quantum machine emerges, schemes such as RSA and elliptic curve cryptography could become vulnerable, forcing a wholesale overhaul of systems that have been embedded for decades. NIST, which finalised its first three post-quantum cryptography standards in August 2024, has already urged administrators to begin the transition now.
Google’s latest position sharpens an argument that has been building across the security world: the main danger is not only the day a quantum computer can crack present-day encryption, but the years required to replace fragile infrastructure before that moment arrives. The company said the threat to encryption is already relevant because of “store now, decrypt later” tactics, in which attackers gather protected data today in the hope of unlocking it once stronger quantum capabilities become available. It also said digital signatures present a separate challenge, requiring migration before such a machine is operational.
That places long-life data at the centre of the debate. Sensitive government files, health records, intellectual property, financial data and strategic corporate communications may still hold value years from now. Even if a workable code-breaking quantum computer does not appear by 2029, security teams are being told that waiting for certainty would leave too little room to redesign systems, certify products, test compatibility and retrain staff.
Google said it has adjusted its own threat model to prioritise authentication services, an area deeply tied to digital signatures and online trust. It also pointed to work under way across its ecosystem, including post-quantum protections in Chrome, cloud offerings and Android 17, which it said is integrating ML-DSA signature protection in line with NIST standards. Those standards include ML-KEM for general encryption and ML-DSA and SLH-DSA for digital signatures, all intended to replace or supplement legacy methods.
The 2029 date is more aggressive than some official public-sector roadmaps. Britain’s National Cyber Security Centre has laid out a phased migration schedule that calls for organisations to define goals and map their cryptographic exposure by 2028, carry out early high-priority work by 2031 and complete migration by 2035. That timetable reflects the scale of the challenge across large estates, especially in critical infrastructure, industrial systems and products with long development cycles.
This gap between Google’s target and government guidance does not necessarily amount to disagreement. It highlights different operating realities. A company that designs software platforms, browsers, cloud services and mobile systems can choose to move faster in parts of its stack, while regulators often set outer deadlines for entire sectors that include slower-moving operators. The harder question is whether 2035 is a finish line or a latest safe date.
There is also room for caution amid the urgency. Quantum computing has made notable progress, particularly in error correction, but experts remain divided on how quickly those advances can be translated into machines large and stable enough to threaten cryptography at scale. Google’s own framing stops short of saying a fully capable code-breaking system will definitely arrive by 2029; instead it argues that migration needs demand action on that timetable. Independent coverage of the announcement has also noted scepticism among some researchers who place the arrival of such machines in the 2030s or beyond.
For boards, chief information security officers and regulators, the practical implications are immediate. They need inventories of where vulnerable algorithms sit, decisions on which data must stay secret for many years, procurement plans that favour crypto-agility, and testing regimes for hybrid and post-quantum deployments. The pressure will fall especially on finance, telecoms, defence, healthcare and cloud providers, where cryptography is deeply woven into operations and trust.
What once sounded like a distant engineering problem is hardening into a timetable issue. Google’s message is not that the quantum crisis has arrived, but that the window for orderly preparation may be smaller than many institutions assumed, and that the scramble to protect the digital economy has already begun.
The company said this week it is setting a 2029 target for its migration to post-quantum cryptography, a shift designed to protect systems before a cryptographically relevant quantum computer can undermine widely used public-key encryption and digital signatures. Google tied the faster timetable to advances in quantum hardware, quantum error correction and updated estimates for the resources needed to break existing cryptographic methods.
That warning matters far beyond one technology company. Public-key cryptography underpins secure web browsing, software updates, digital identity systems, banking traffic, cloud services and confidential communications across governments and businesses. If a sufficiently capable quantum machine emerges, schemes such as RSA and elliptic curve cryptography could become vulnerable, forcing a wholesale overhaul of systems that have been embedded for decades. NIST, which finalised its first three post-quantum cryptography standards in August 2024, has already urged administrators to begin the transition now.
Google’s latest position sharpens an argument that has been building across the security world: the main danger is not only the day a quantum computer can crack present-day encryption, but the years required to replace fragile infrastructure before that moment arrives. The company said the threat to encryption is already relevant because of “store now, decrypt later” tactics, in which attackers gather protected data today in the hope of unlocking it once stronger quantum capabilities become available. It also said digital signatures present a separate challenge, requiring migration before such a machine is operational.
That places long-life data at the centre of the debate. Sensitive government files, health records, intellectual property, financial data and strategic corporate communications may still hold value years from now. Even if a workable code-breaking quantum computer does not appear by 2029, security teams are being told that waiting for certainty would leave too little room to redesign systems, certify products, test compatibility and retrain staff.
Google said it has adjusted its own threat model to prioritise authentication services, an area deeply tied to digital signatures and online trust. It also pointed to work under way across its ecosystem, including post-quantum protections in Chrome, cloud offerings and Android 17, which it said is integrating ML-DSA signature protection in line with NIST standards. Those standards include ML-KEM for general encryption and ML-DSA and SLH-DSA for digital signatures, all intended to replace or supplement legacy methods.
The 2029 date is more aggressive than some official public-sector roadmaps. Britain’s National Cyber Security Centre has laid out a phased migration schedule that calls for organisations to define goals and map their cryptographic exposure by 2028, carry out early high-priority work by 2031 and complete migration by 2035. That timetable reflects the scale of the challenge across large estates, especially in critical infrastructure, industrial systems and products with long development cycles.
This gap between Google’s target and government guidance does not necessarily amount to disagreement. It highlights different operating realities. A company that designs software platforms, browsers, cloud services and mobile systems can choose to move faster in parts of its stack, while regulators often set outer deadlines for entire sectors that include slower-moving operators. The harder question is whether 2035 is a finish line or a latest safe date.
There is also room for caution amid the urgency. Quantum computing has made notable progress, particularly in error correction, but experts remain divided on how quickly those advances can be translated into machines large and stable enough to threaten cryptography at scale. Google’s own framing stops short of saying a fully capable code-breaking system will definitely arrive by 2029; instead it argues that migration needs demand action on that timetable. Independent coverage of the announcement has also noted scepticism among some researchers who place the arrival of such machines in the 2030s or beyond.
For boards, chief information security officers and regulators, the practical implications are immediate. They need inventories of where vulnerable algorithms sit, decisions on which data must stay secret for many years, procurement plans that favour crypto-agility, and testing regimes for hybrid and post-quantum deployments. The pressure will fall especially on finance, telecoms, defence, healthcare and cloud providers, where cryptography is deeply woven into operations and trust.
What once sounded like a distant engineering problem is hardening into a timetable issue. Google’s message is not that the quantum crisis has arrived, but that the window for orderly preparation may be smaller than many institutions assumed, and that the scramble to protect the digital economy has already begun.
Topics
Technology