The time for preparing for the so-called “Q-Day,” when quantum computers could neutralise core security systems used in today’s internet, communications networks and electronic devices, is being brought forward to around 2029 from 2035.

IT outlet TechRadar reported on May 14 that Google and Cloudflare are accelerating preparations to shift to post-quantum cryptography based on 2029, earlier than the 2030 and 2035 dates recommended by the U.S. government.

Q-Day refers to the point when the emergence of sufficiently powerful quantum computers is publicly confirmed to be able to break current asymmetric cryptography such as RSA, Diffie-Hellman, ElGamal and elliptic curve cryptography. Such cryptography is used in most software and electronic devices, including the internet, wireless networks and mobile phones.

The key point is that the preparation timeline has visibly shortened. Many experts and the U.S. government have presented 2035 as the date to complete a transition to post-quantum cryptography for about the past 5 years. More recently, major technology companies and several countries are bringing forward their schedules. The most widely discussed preparation point is now 2029, or earlier. Some countries believe important data and key infrastructure must be transitioned by 2027.

The threat from quantum computers is not simply a performance race. It is linked to structural limits in existing cryptographic systems. While a capable quantum computer could solve an asymmetric cryptographic key in seconds to minutes, it could take billions of years on conventional computers. That is why warnings say cryptography vulnerable to quantum attacks must be replaced before Q-Day arrives.

The starting point for this discussion is a quantum algorithm published by Peter Shor in 1994. The algorithm showed that if sufficiently powerful quantum computers emerge, secrets protected by today’s most widely used cryptography could be broken easily and quickly. The industry has continued debating when Q-Day will arrive, but the focus is shifting to the view that actual transition work can no longer be delayed.

A task companies and institutions face immediately is the scale of what must be transitioned. Moving to post-quantum cryptography requires broad replacement and upgrades not only of software but also hardware. The first step is to identify systems and data vulnerable to quantum attacks and establish a phased transition process to mitigate the risk.

Warnings are also emerging that companies that have not yet started post-quantum transition projects should move into action immediately. With 2029 or 2030 not far away, delaying responses could increase both security risks and the burden of transition, the criticism says.

Costs and operational burdens are also variables. The faster the transition is pursued, the more project costs and disruptions can be reduced. If it is delayed until the end, greater disruption could hit routine work and service operations. If the cryptography transition is delayed, it could affect revenue flows as well as security risks.

In this situation, the shift to post-quantum cryptography is spreading beyond a task for security departments into an infrastructure replacement issue across organisations. With key suppliers already hurrying preparations for Q-Day, how quickly each company identifies quantum-vulnerable points across its systems and develops replacement plans is expected to become a core task.