Google Just Reset the Timeline
In March 2026, Google reset the timeline for digital trust—and most organisations didn’t notice.
It brought forward its internal deadline for quantum readiness to 2029—well ahead of the 2030–2035 horizon still assumed across much of government and industry.
The signal was clear:
- RSA and elliptic curve cryptography will fail
- Post-quantum cryptography (PQC) is not optional
- The transition must begin now
This wasn’t theoretical.
Google is already embedding PQC into Android—across:
- Device attestation
- Secure boot
- App signing
- Hardware roots of trust
This is foundational infrastructure being re-engineered in real time.
So what changed?
Recent research has significantly reduced the quantum resources required to break RSA. What once looked decades away is now moving into a practical planning horizon.
And critically, the threat is not just future decryption.
It is already happening.
The risk is no longer theoretical. It is already being realised.
PKI Is the Front Line of Digital Trust
The industry conversation around quantum is still focused on algorithms.
But the real challenge isn’t replacing RSA or ECC.
It’s replacing the systems that depend on them.
At the centre of this shift sits Public Key Infrastructure (PKI)—the control plane of digital trust.
PKI underpins everything:
- Digital certificates
- Identity and authentication
- Secure communications (TLS)
- Code signing and software integrity
- Device identity and IoT security
Every certificate. Every trust chain. Every authentication flow.
All of it depends on cryptographic primitives that quantum computing will break.
Which means:
- When RSA and ECC fail, PKI fails with them
- When PKI fails, digital trust fails
This is not a cryptographic upgrade.
It is a transformation of trust infrastructure.
The Threat Has Already Started
“Harvest now, decrypt later” is not a future risk.
It is already happening.
Encrypted data is being collected today with the expectation that it will be decrypted when quantum capabilities mature.
Data with long lifetimes is already exposed, including:
- Government records
- Intellectual property
- Financial systems
- Healthcare data
As the barrier to breaking current cryptography continues to fall, the timeline to act is no longer theoretical.
The window is closing.
From Awareness to Execution
Most organisations still treat post-quantum cryptography as a roadmap item.
It is now an execution problem.
Preparing for PQC requires:
- PQC-ready environments
- Hybrid certificates (classical + quantum-safe)
- Crypto agility by design
- Infrastructure that supports phased migration without disruption
This transition will not happen in a single step.
It will be iterative, hybrid, and operationally complex.
The Real Constraint: Legacy PKI
The real barrier isn’t quantum.
It’s legacy PKI.
Most existing PKI environments were never designed for:
- Algorithm agility
- Rapid certificate lifecycle changes
- Parallel trust models
- Large-scale reissuance
This creates a critical constraint:
Organisations understand the need to move—but their infrastructure cannot move with them.
To navigate this, they need the ability to:
- Stand up new Certificate Authorities quickly, without rearchitecting
- Introduce quantum-safe algorithms alongside existing systems
- Test and validate without impacting live services
- Transition without the cost, risk, and downtime of traditional PKI upgrades
This Requires a Different Kind of PKI
Not an upgrade to legacy systems.
A different architectural approach.
One that is:
- Modular and deployable across environments
- Capable of supporting parallel trust models
- Designed for automation, API control, and rapid change
In other words:
PKI that behaves like modern infrastructure—adaptable, programmable, and able to evolve without disruption.
The Bottom Line
2029 is not just a date.
It is a signal.
- A signal that the timeline for quantum disruption has accelerated
- A signal that current trust models have a finite lifespan
- A signal that delay will force organisations into reactive, high-risk transitions
Digital trust will not fail all at once.
It will erode—incrementally, silently—until the systems we rely on can no longer be trusted.
Organisations that act now will be better positioned to manage that transition.
