Google just moved up Q-Day — everyone has until 2029

On March 25, 2026, Google published a company-wide deadline: all systems must migrate to post-quantum cryptography (encryption that quantum computers cannot break) by 2029 — a full 6 years ahead of the NIST (National Institute of Standards and Technology — the US government body that sets security standards) 2035 baseline.

The announcement was authored by Heather Adkins (VP, Security Engineering) and Sophie Schmieg (Senior Staff Cryptographer) — senior-level signal that this isn't a research blog post. It's a policy declaration with organizational weight behind it.

For most people, post-quantum cryptography sounds abstract. Here's why it's concrete: every password you type, every secure website you visit (the padlock in your browser), every payment you make is protected by mathematical locks — encryption algorithms — that quantum computers will eventually be able to crack. Google is saying that "eventually" is now close enough that you need to start replacing those locks in the next 3 years.

The Threat That's Already Happening: Harvest Now, Decrypt Later

You don't need quantum computers to exist today to be at risk. The critical threat is called HNDL — "harvest now, decrypt later" — and it's already underway. Sophisticated adversaries (nation-state intelligence agencies, organized criminal operations) are collecting vast amounts of today's encrypted network traffic — government communications, financial records, medical data, authentication tokens — and storing it. The data is useless to them today. But once quantum computers are powerful enough to crack modern encryption, they can retroactively decrypt years of archived traffic.

Google's blog post identifies HNDL as the primary driver for the aggressive 2029 deadline — not a vague theoretical future risk, but a documented, ongoing threat. The authors explicitly accelerate beyond NIST's 2035 guidance because of "faster-than-expected advances in quantum hardware, improved quantum error correction algorithms, and updated resource estimates" for breaking current encryption.

The algorithms most at risk: RSA (the encryption standard behind most HTTPS websites, email servers, and code-signing certificates) and ECC — Elliptic Curve Cryptography (the algorithm securing most modern TLS connections — the encrypted tunnel your browser uses — and cryptocurrency wallets). Both can theoretically be broken by a sufficiently powerful quantum computer running Shor's algorithm (a quantum computing technique that can factor large numbers exponentially faster than classical computers).

What Google Is Actually Deploying Right Now

Google's migration centers on ML-DSA (Module-Lattice-Based Digital Signature Algorithm) — a NIST-standardized, quantum-resistant algorithm built on lattice mathematics (a branch of geometry where finding short vectors in high-dimensional grids is computationally hard even for quantum computers).

Concrete deployments already underway or announced for 2026:

• Android 17 (currently in beta) will introduce quantum-resistant boot verification — the process that checks your phone hasn't been tampered with before it starts — using ML-DSA via Android Verified Boot (AVB)
• Google Chrome already supports post-quantum cryptography for HTTPS connections — meaning your browser sessions with Google services are already partially quantum-resistant
• Google Cloud has post-quantum deployments actively rolling out across infrastructure services

Google's internal priority order is intentional: authentication and digital signatures are being migrated before transit encryption (the encrypted tunnel for data in motion). The reasoning: "Compromised signatures could allow attackers to impersonate trusted entities or distribute malicious software." A forged certificate that makes malware look like a legitimate Google update is more immediately dangerous than decrypting a cached email.

What Developers and Organizations Need to Do Before 2029

Industry estimates suggest full migration for complex enterprise systems takes 5 to 10+ years. Google's 2029 deadline is 3 years away. Organizations that haven't started are already behind schedule.

Google's core strategic recommendation is architecting for "crypto agility" — building systems where the cryptographic algorithm (the mathematical lock) can be swapped out without rebuilding the entire authentication stack. Systems designed with crypto agility today can migrate to ML-DSA in weeks when the time comes. Systems built with hard-coded RSA assumptions may take years.

The Bigger Signal: Google Is Calling on the Entire Industry

The blog post closes with unusually explicit language for a company that typically hedges security communications: "We hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry."

This is Google publicly calling out the entire technology sector — from enterprise software vendors to cloud providers to open-source projects — for moving too slowly. The 6-year gap between Google's 2029 target and NIST's 2035 baseline represents Google's judgment that the official timeline will leave organizations exposed.

For AI infrastructure specifically: AI model serving, API authentication, training pipeline security, and model weight storage all rely on the same cryptographic foundations being replaced. If you're building AI applications with long-lived authentication credentials, model signing, or sensitive data pipelines — post-quantum security is now part of your architecture checklist. Migration resources are available at ai.google.dev.

Related Content — Get Started with Easy Claude Code | Free Learning Guides | More AI News