Google Accelerates PQC Migration Timeline to 2029 as Quantum Resource Estimates Tighten

Google Sets 2029 Hard Deadline for Internal PQC Migration

In a significant shift for the broader cybersecurity landscape, Google announced an acceleration of its internal post-quantum cryptography (PQC) migration timeline, establishing a hard deadline of 2029. This move forward compresses the window from a previously implied "later this decade" timeframe, signaling that the organization views the threat of cryptographically relevant quantum computers (CRQCs) as approaching faster than industry consensus suggested.

Revised Resource Estimates Shatter Previous Assumptions

The accelerated timeline is driven by a new quantum resource estimation study published by Google Quantum AI in March 2026. The research fundamentally revises the cost analysis required to break widely deployed asymmetric cryptographic standards.

ECDSA-256 Requires Fewer Resources Than Projected

The study determined that breaking ECDSA-256—the elliptic curve digital signature algorithm used to secure Bitcoin transactions and standard SSL/TLS handshakes across the web—requires approximately 1,200 logical qubits and roughly 90 million Toffoli gate operations.

The revision to ~1,200 logical qubits reduces the resource barrier significantly compared to prior models, which estimated that breaking modern ECC would require millions of logical qubits.

This reduction in the theoretical requirement represents a dramatic tightening of the threat model. While 1,200 logical qubits still demands significant error correction overhead—corresponding to a hardware requirement of roughly 500,000 physical qubits—the gap between current Noisy Intermediate-Scale Quantum (NISQ) hardware and this threshold has closed substantially. Google's conclusion is that fault-tolerant hardware capable of executing these attacks is no longer a distant prospect, justifying an aggressive operational response.

Validating the "Store Now, Decrypt Later" Threat

The 2029 deadline provides concrete validation for the "Store Now, Decrypt Later" (SNDL) attack vector. In this scenario, adversaries harvest encrypted data today—such as state secrets, intellectual property, or financial records—with the intent of decrypting it once sufficient quantum computing power becomes available.

If Google considers data protected by pre-quantum standards (RSA, ECC) compromised by 2029, organizations must recognize that any sensitive data retained beyond that date is at risk unless migrated to PQC algorithms. The announcement underscores that migration cannot be delayed until Q-Day arrives; the clock started ticking years ago for high-value targets.

Urgency Meets Adoption Lag Across the Web

Despite the urgency signaled by major technology providers, a substantial readiness gap persists across the internet ecosystem. While Google and other hyperscalers accelerate their migrations, the broader industry adoption rate remains sluggish.

Research indicates that approximately 91.4% of the top one million websites did not yet support PQC as of early 2026 analyses. However, there are signs of progress among service providers. Cloudflare reported in late 2025 that over 50% of its human-initiated traffic was hybrid-PQC protected, demonstrating that edge providers are leading the transition. Yet, backend systems, smaller domains, and dependent third-party integrations lag behind, creating complex dependency risks for enterprises relying on less mature infrastructure.

Diversification and Agility via NIST Updates

Parallel to the timeline acceleration, the standardization process continues to evolve. On May 14, 2026, NIST announced that nine candidates had advanced to the Third Round of the "Additional Digital Signatures" standardization process. This follows the initial selection of CRYSTALS-Dilithium (ML-DSA) in July 2024.

The push for "Additional" schemes highlights a strategic emphasis on diversity and defense-in-depth. By fostering multiple competitive candidates, NIST aims to provide fallback options should potential cryptanalytic breakthroughs emerge against the primary standardized algorithms. For operators, this reinforces the necessity of maintaining cryptographic agility; migration strategies should account for the possibility of algorithmic deprecation even after standardization.

Practical Takeaways for Security Teams

• Audit High-Value Data: Identify all assets protected by RSA or ECC that have long-term confidentiality requirements. Evaluate whether current retention policies align with a 2029 vulnerability horizon.
• Enforce Cryptographic Agility: Ensure systems are built on libraries and protocols that allow seamless replacement of cryptographic algorithms. Static configurations increase the friction and downtime of future migrations.
• Monitor Service Provider Roadmaps: While Cloudflare and other providers are deploying hybrid-PQC, verify the PQC posture of your broader supply chain, including APIs, CDNs, and database vendors.
• Track NIST Developments: Keep abreast of the "Additional Digital Signatures" round results, as diverse algorithm options may influence long-term compliance and interoperability strategies.

The acceleration of the PQC migration timeline to 2029 marks a pivot from theoretical risk assessment to operational imperative. With new resource estimates lowering the barrier for breaking common cryptographic primitives, organizations can no longer afford a wait-and-see approach. Proactive inventorying of cryptographic assets and initiating hybrid deployments are now essential steps to mitigate the escalating threat of quantum-enabled decryption.