Quantum Timeline

Live countdown to critical PQC migration deadlines across regulated enterprise, defense, and national security domains.

000Days 00Hrs 00Min 00Sec

Next NIST Standards

FN-DSA (FIPS 206) expected to finalize. Additional signature and KEM schemes under consideration for specialized use cases including lightweight IoT and zero-trust architectures.

000Days 00Hrs 00Min 00Sec

Enterprise PQC Window

Banks and regulated enterprises begin mandatory migration. Regulatory pressure from OCC, ECB, and MAS expected to align with this window. Early adopters complete pilot migrations.

000Days 00Hrs 00Min 00Sec

Defense Systems Deadline

Government PQC compliance for National Security Systems. CNSA 2.0 mandates in full effect. Early CRQC considered probable by intelligence assessments.

000Days 00Hrs 00Min 00Sec

CNSA 2.0 Compliance

All national security systems fully migrated to PQC-approved algorithms. NSA mandate covers key management, PKI, and software/firmware signing. Harvested data from 2026 at risk.

Readiness Timeline

2026 Today — Start your assessment

Q-Readiness Assessment

The optimal time to begin your PQC migration. Organizations that start now gain 12–18 months advantage in vendor negotiations, architecture planning, and regulatory positioning.

2027 NIST finalizes additional standards

FN-DSA Finalization

FIPS 206 (FN-DSA) expected to finalize. CNSA 2.0 commercial deadlines begin to crystallize. Early adopters complete pilot migrations.

2028 Enterprise migration begins

Regulated Enterprise Window

Banks, insurers, and critical infrastructure providers begin mandatory PQC migration under regulatory pressure. OCC, ECB, and MAS expected to issue formal guidance.

2030 Defense systems compliance

Government Compliance

National Security Systems must be CNSA 2.0 compliant. Early CRQC considered probable by intelligence assessments.

2033 Full CNSA 2.0 compliance

Widespread PQC Adoption

All national security systems fully migrated. Widespread CRQC availability presumed. Current PKI infrastructure is considered broken.

Harvest Now, Decrypt Later

Adversaries are collecting encrypted data today for future decryption when a cryptographically relevant quantum computer becomes available. This includes VPN traffic, TLS sessions, email archives, and stored encrypted databases. Organizations with data that must remain confidential beyond 2030 should begin PQC migration immediately. This is the central argument for urgency in every Q-Readiness assessment.

CNSA 2.0 mandates, regulatory deadlines, and industry benchmarks create a clear readiness window. Organizations that begin today will have a 12–18 month advantage in vendor negotiations, architecture planning, and regulatory positioning.

Book Your Assessment ← Back to Main Page