White House Urged to Accelerate Quantum-Resistant Cryptography Deadlines Amid Rapid Private Sector Gains

With Google targeting a 2029 quantum-safe transition, the US government is being urged to ditch its 2035 timeline and mandate quantum-resistant rules now.

By: AXL Media

Published: Apr 23, 2026, 3:57 AM EDT

Source: Information for this report was sourced from FDD

The Widening Gap Between Federal and Private Readiness

The United States faces a critical "preparedness gap" as the timeline for quantum computing's ability to break modern encryption continues to shrink. While the federal government is not currently scheduled to complete its transition to quantum-resistant cryptography until 2035, major industry players are moving significantly faster. Google recently announced it would finalize its own transition by 2029, a move informed by its internal visibility into the accelerating pace of quantum research. This six-year discrepancy suggests that sensitive government communications, financial networks, and intelligence data will remain vulnerable long after the private sector has successfully fortified its digital borders.

Exploiting the ‘Harvest Now, Decrypt Later’ Strategy

The threat of quantum computing is not a future problem but a present-day intelligence reality. Adversaries are currently engaged in "harvesting" vast quantities of encrypted American data, including sensitive diplomatic cables and intellectual property, with the intent of decrypting it the moment a sufficiently powerful quantum computer becomes operational. Because many of these data sets have a shelf life of decades, a 2035 federal deadline effectively guarantees that nearly a decade’s worth of "secure" information will be unlocked by hostile actors using retroactive decryption. This makes the transition to quantum-safe standards an immediate obligation rather than a distant software upgrade.

Critical Infrastructure as a Primary Vulnerability Vector

The risks are most acute within privately owned critical infrastructure, such as water treatment plants and power grids, which rely on embedded encryption to prevent unauthorized commands. Many of these systems use legacy hardware designed to last 20 to 30 years, often featuring "hard-coded" encryption that cannot be updated via software. If a quantum computer compromises these protections, an adversary could instantaneously impersonate a trusted operator to disrupt physical operations. Experts argue that without a federal mandate to inventory these dependencies, the nation remains blind to the specific points where a quantum attack could trigger a localized or national emergency.