Somewhere, an adversary is storing your organization’s encrypted data.
Not reading it. They cannot do that yet. But they are keeping it. Because in three years, or five, or whenever a quantum machine of sufficient scale comes online, the cryptographic lock on that data becomes a solved problem. Contracts. Health records. Financial transactions. AI training data. Proprietary model weights. Everything your organization marked confidential and transmitted over an encrypted channel becomes readable, retroactively.
This is harvest now, decrypt later. The attack requires no quantum capability on the adversary’s side today. It requires patience and storage. Both are cheap. And the window has been open for longer than most governance programs have acknowledged.
The timeline just got shorter.
Two papers published this April changed the calculation in ways that matter for risk managers, not just cryptographers. Google revised down the estimated qubit requirements to break 256-bit elliptic curves, which are the cryptographic foundation of most HTTPS connections and public-key identity systems. The attack is now feasible in minutes on superconducting architectures. A separate paper from Oratomic found that a neutral atom system with 26,000 physical qubits could execute a discrete logarithm attack on P-256 in as few as a few days.
Heather Adkins and Sophie Schmieg at Google set 2029 as their migration deadline in print. That is the first time anyone with that level of technical credibility has put a date that close in public.
Filippo Valsorda, the maintainer of Go’s standard library cryptography packages, put the decision frame plainly: “The bet is not ‘are you 100% sure a CRQC will exist in 2030?’ The bet is ‘are you 100% sure a CRQC will NOT exist in 2030?’”
If you are responsible for users’ security and cannot answer that question with certainty, the migration is not optional.
The rules already exist.
NIST finalized post-quantum cryptographic standards in August 2024. The Quantum Computing Cybersecurity Preparedness Act passed 420 to 3 in the House and unanimously in the Senate. It required OMB to issue migration guidance within one year of those standards. The deadline was August 2025. There is no public evidence it was met. NSM-10 sets a 2035 migration target that survived the administration change intact. The Trump administration’s June 2025 executive order streamlined the obligations but did not remove them, retaining a hard TLS 1.3 deadline of January 2, 2030.
The regulatory floor is intact. The enforcement apparatus to activate it is not.
Here is the accountability problem.
PQC migration does not fit anyone’s job description. CISOs own controls, not cryptographic primitive decisions. Compliance teams operate against frameworks like SOC 2, ISO 27001, HIPAA, and PCI-DSS, and none of them contain a post-quantum control. There is no checkbox to fail. Board reporting has no vocabulary for quantum risk. OMB had the mandate, missed the deadline, and faced no visible consequence.
The result is an organizational accountability vacuum. No internal owner. No auditable control state. Governance tooling that cannot see the exposure because it was never designed to.
That last point is structural, not accidental. Traditional GRC is built for periodicity. Annual assessments, point-in-time reviews, checklist compliance. Quantum exposure is not a state you are in or out of. It is a continuous property of your entire technology stack, every algorithm in every data pipeline, every TLS certificate, every API key exchange. An annual audit cannot represent that. GRC practitioners are discovering the same structural gap in AI governance right now. AI risk is continuous and probabilistic, not periodic and deterministic. PQC migration has exactly the same property, and none of the tooling being built to close the AI governance gap addresses it.
The hidden half of the crisis.
The deployment statistics look more reassuring than they are. Over fifty percent of traffic through Cloudflare’s global network now uses post-quantum key exchange, based on October 2025 data. Major browsers deploy it by default. Progress is real.
But key exchange is only half the problem. Digital signatures, the mechanism behind every HTTPS certificate, every code-signing certificate, every X.509 identity chain, have zero post-quantum deployment. Anywhere. As of late 2025, no public post-quantum X.509 certificates exist. The entire WebPKI infrastructure is running on quantum-vulnerable signatures with no deployed replacement. Key exchange progress creates the impression of migration in motion. Signature migration has not started.
What to do now.
Map the exposure before someone else does. A cryptographic inventory identifying which systems use which algorithms for what purpose is the precondition for a migration plan. Without it, ownership cannot be assigned and accountability cannot be tracked. This is what QCPA required of federal agencies. It is the right starting point for any organization holding sensitive data with a shelf life longer than three years.
Insert PQC into vendor risk assessments. The bottleneck is not browsers. It is origin server infrastructure. Only 3.7 percent of origin servers support post-quantum key exchange compared to 39 percent of major websites. Supply chain PQC requirements are already propagating through cloud platform terms of service. Getting ahead of this in vendor contracts and third-party reviews is operationally simpler now than during an enforcement cycle.
The governance failure, precisely stated.
The technical community completed its work. NIST ran a seven-year public competition and published standards. Google deployed them at scale. Valsorda is now teaching RSA as a legacy algorithm to PhD students. The path is known, standardized, and partially walked.
What is missing is accountability. OMB had a clear mandate and missed its first milestone. GRC platforms have no field for quantum exposure. No organization has failed an audit because of it. The regulatory floor exists. The enforcement structure to activate it does not yet.
The harvest does not wait for governance to catch up. The adversary storing your 2024 traffic today does not need to understand ML-KEM or ML-DSA. They need storage. And storage is cheap.
Vordan publishes every Sunday and Wednesday. If someone in your network is asking the accountability questions before the failure arrives, forward this to them.