The quantum timeline just moved.
Your data hasn't caught up.

March 25, 2026: Google pulls its deadline forward six years

Google publishes a blog post titled "Quantum frontiers may be closer than they appear" by Heather Adkins (VP of Security Engineering) and Sophie Schmieg (Senior Staff Cryptography Engineer). The company accelerates its internal post-quantum migration target from 2035 (NIST guidance) to 2029.

This is not a marketing statement. Google's own Quantum AI team produces much of the underlying research on cryptographic resource estimates. When Google moves its deadline, they are moving based on their own threat intelligence.

March 31, 2026: The qubit requirement drops by 20x

Google Quantum and AI publish new research demonstrating that breaking elliptic curve cryptography requires 20 times fewer qubits and gates than previously estimated. The paper focuses on ECDSA, the signature scheme behind TLS key exchange, SSH authentication, code signing, and most digital signatures on the internet. Cryptocurrency wallets, which also rely on ECDSA, are prominent in the news coverage, but the finding affects all cryptography built on elliptic curves. That includes the key exchange protecting your email, your banking session, your VPN tunnel, and most file transfer tools.

Separately, a Caltech and Oratomic paper uses AI-assisted algorithm design to further reduce qubit requirements using neutral-atom quantum architectures.

April 2026: Industry scrambles

Cloudflare's Bas Westerbaan, one of the most respected voices in applied cryptography, tells TIME magazine: "It's a real shock. We'll need to speed up our efforts considerably." Cloudflare announces its own accelerated 2029 deadline for complete post-quantum migration.

CISOs at regulated enterprises begin re-evaluating their post-quantum roadmaps. The conversation shifts from "planning" to "execution," with PQC market projections reaching $2.84 billion by 2030 at a 46.2% CAGR.

"Harvest now, decrypt later" is no longer a theoretical threat model. It is a budget line at every major intelligence agency.

Adversaries intercept and archive encrypted traffic today with the explicit plan of decrypting it once quantum capability arrives. What changed in March 2026 is the arrival date.

If your data will still matter in 2029

It is at risk today. Medical records, legal documents, financial plans, research, trade secrets, government communications. Anything that has a confidentiality horizon beyond three years.

If your encryption uses RSA or classical ECDH

TLS 1.2 and 1.3 without post-quantum extensions, most SFTP, most email encryption, standard HTTPS, all rely on key exchange that quantum computers will break. The underlying AES encryption of the actual content remains safe. But AES is useless if the key that protects it can be recovered retroactively.

If your provider's post-quantum roadmap says 2030

It was built before the March 2026 research. The industry is recalibrating. Providers who stay on pre-2026 timelines are implicitly accepting that harvested data from 2026-2030 will be decryptable. That data is what is being harvested right now.

Paramant deployed ML-KEM-768 post-quantum key exchange in production on August 2024 following the NIST FIPS 203 finalization. Every ParaShare transfer since that date has been protected with post-quantum hybrid key exchange. Every transfer since March 31, 2026 has benefitted from the same architecture.

This is not marketing. The ciphertext of authenticated Paramant transfers from the last 18 months is not retroactively decryptable even if the March 2026 research proves correct. The key exchange was post-quantum before the threat was acknowledged.

The question Paramant asked in 2024 was: "If quantum capability arrives sooner than expected, what decision do we want to have made?" The answer was post-quantum from day one. The March 2026 research validates that decision.

For CISOs and security leaders

Audit your file transfer vendors' post-quantum status. Ask specifically: which algorithms are in production today for key exchange, not roadmap. Any vendor whose production key exchange is RSA or classical ECDH is currently contributing to harvestable traffic.

For compliance officers

NIS2 Article 21 requires "appropriate cryptographic measures." As post-quantum standards become available and industry urgency grows, "appropriate" shifts. A provider using classical cryptography in 2027 will be harder to defend in an audit than a provider using post-quantum cryptography in 2026.

For developers

Add ML-KEM to your cryptographic agility plan now. If you run your own infrastructure, OpenSSH 10.0 and OpenSSL with crypto-policies PQ modules already support ML-KEM. For TLS, hybrid ML-KEM-768 + X25519 is implemented in Chrome and available in Cloudflare's edge.

For organizations sending regulated data

The simplest answer: stop sending regulated data through non-post-quantum channels. Paramant's ParaShare flow is one option. Tresorit's announced PQC roadmap is another when it ships. Running your own post-quantum TLS is a third. The migration is no longer optional.