Google Moved Up Q-Day. Here’s What to Do About It.

Google just moved up the clock.

On March 25, 2026, Google announced that organizations should complete their post-quantum cryptography migration by 2029, two years ahead of the NSA’s 2031 target and six years ahead of the broader U.S. government benchmark of 2035. The reason: quantum computing hardware is advancing faster than most predicted, error correction is improving, and the math required to crack today’s encryption keeps getting easier for quantum systems to handle.

If you’re in planning or deployment on quantum readiness, this changes your timeline. More importantly, it should change how you think about your approach.

As Quantum XChange CEO Eddy Zervigon wrote this week: “The organizations that win in this transition won’t be the ones who pick the ‘right’ algorithm. They’ll be the ones who deliberately design for change, for true crypto-agility, for defensible diversification.”

That’s the frame for everything that follows.

Why 2029 Matters More Than You Think

Google’s researchers found that cracking RSA-2048 encryption may now require roughly one million noisy qubits, down from the 20 million previously estimated. That’s not a marginal improvement. It compresses the viable timeline for a Cryptographically Relevant Quantum Computer (CRQC) in a meaningful way.

But here’s what matters most for your security posture today: the threat is already active. Adversaries are running harvest-now, decrypt-later (HNDL) campaigns right now. They’re capturing your encrypted data in transit, storing it, and waiting. Whether Q-Day arrives in 2029 or 2032, data moving across your network today is already at risk.

Bain & Company research from early 2026 found that 90% of organizations don’t yet have systems in place to defend against quantum threats, despite 71% expecting quantum-enabled attacks within five years. Only one in ten has a formal roadmap.

That gap is the problem.

New Algorithms Alone Won’t Close the Gap

NIST finalized its first set of PQC standards in 2024. Deploying those algorithms is necessary. But it’s not sufficient, and treating it as the finish line is a mistake.

Here’s why.

Algorithms protect data where they’re implemented. But most organizations have vast amounts of data moving across networks every day through infrastructure that wasn’t designed with quantum threats in mind. Legacy systems, cloud connections, third-party integrations, and mixed vendor environments all create gaps that algorithm deployment at the application or OS layer can’t address.

Google itself acknowledged this, noting that it began preparing for PQC as early as 2016 and that the migration complexity reflects “real-world deployment, not theoretical readiness.” A decade of preparation from one of the most technically capable organizations on the planet. Most enterprises don’t have that runway.

The harder question isn’t which algorithm to pick. It’s what happens when that algorithm breaks. Because it will. NIST has already signaled that the current approved algorithms will evolve. Cryptanalysis doesn’t stop.

Zervigon put it plainly: “Algorithms will evolve because some will fail and others will replace them. That cycle won’t stop in the quantum era; it will accelerate. If your security model can’t adapt to that reality, it won’t survive it.”

If your quantum security strategy is built around a single algorithm or a fixed implementation, you don’t have a strategy. You have a single point of failure.

The Network Is Where Your Data Is Most Exposed

The network is the largest attack surface in any organization. It’s where data moves between systems, clouds, facilities, and users. It’s also where HNDL attacks do their work. Adversaries don’t need to breach your endpoints. They capture data in transit and wait.

This is where your post-quantum investment delivers the most return: protecting data in motion at the network layer.

OS-level PQC updates, like Google’s integration of ML-DSA into Android 17, are useful and necessary for those ecosystems. But they don’t protect data as it traverses your broader infrastructure. Every hop your data takes across a network that isn’t hardened is an opportunity for collection.

Network-layer protection addresses the broadest exposure with the fewest implementation touch points. It’s the highest-leverage place to start.

You Don’t Have to Rip Out What You Have

One of the biggest barriers to moving on quantum readiness is the assumption that migration means years of infrastructure replacement, downtime, and disruption. That’s not accurate, and it’s keeping organizations from acting.

The right architecture overlays existing infrastructure. It hardens what you already have without requiring you to rip out and replace systems. It works across mixed vendor environments, supports crypto-agility so you can swap algorithms when needed, and does it without taking networks offline.

That means quantum readiness doesn’t have to be a multi-year capital project. It can be an immediate operational step.

The organizations that will be in the best position when Q-Day arrives aren’t the ones who started last. They’re the ones who built for adaptability, not perfection. They can update algorithms quickly, they have visibility into what’s protecting what, and they’re not dependent on any single cryptographic standard holding up indefinitely.

Frequently Asked Questions

• What is Q-Day and when could it happen?
  • Q-Day is the point when a quantum computer becomes powerful enough to break widely used encryption standards like RSA and elliptic curve cryptography. Most experts previously estimated this would occur between 2030 and 2035. Google now puts the deadline at 2029, based on faster-than-expected advances in quantum hardware and error correction.
• What is a harvest-now, decrypt-later attack?
  • A harvest-now, decrypt-later (HNDL) attack is when an adversary captures and stores your encrypted data today, before they can decrypt it, and waits until a powerful enough quantum computer exists to unlock it. This threat is active right now. Data moving across your network today is already being collected by bad actors counting on Q-Day to arrive.
• What is post-quantum cryptography and is it enough on its own?
  • Post-quantum cryptography (PQC) refers to encryption algorithms designed to resist attacks from quantum computers. NIST finalized its first set of PQC standards in 2024. Deploying these algorithms is necessary, but not sufficient. Algorithms only protect the systems where they are implemented. Data moving across networks, legacy infrastructure, and mixed vendor environments requires additional protection at the network layer.
• What is crypto-agility and why does it matter?
  • Crypto-agility is the ability to swap encryption algorithms quickly, across your entire infrastructure, without downtime or major disruption. It matters because no algorithm lasts forever. NIST has already signaled that its first approved PQC algorithms will evolve. Organizations that build for crypto-agility can respond to algorithm failures in days. Those that don’t face months or years of exposure.
• What is the difference between PQC and quantum key distribution?
  • PQC uses mathematical algorithms designed to resist quantum attacks and runs on classical network infrastructure. Quantum key distribution (QKD) uses the laws of physics to secure key exchange and requires specialized hardware. Both are valid approaches to quantum-safe security. The strongest architectures support both, along with quantum random number generation (QRNG), giving organizations flexibility as standards and threats evolve.
• Where should organizations start with quantum readiness?
  • Start with the network. The network is the largest attack surface and the primary path for data in motion. Protecting data at the network layer addresses the broadest exposure with the fewest implementation touch points. From there, build for crypto-agility so algorithm changes are routine, not emergencies. You do not need to replace existing infrastructure to get started.

Start Here

Google’s 2029 deadline isn’t a reason to panic. It’s a reason to act with urgency and clarity.

Your data in motion is your most exposed asset. Protecting it at the network layer, without disrupting your operations, is where you get the most from your post-quantum investment right now. Build for crypto-agility from day one so algorithm changes are routine, not emergencies.