Microsoft accelerates quantum-safe roadmap as risks grow

As quantum computing technology continues to advance at a breakneck pace, Microsoft has announced that it is accelerating its plans to transition critical products and services to post-quantum cryptography (PQC) by 2029. This move comes as security experts warn of increasing risks from “harvest now, decrypt later” attacks, where stolen encrypted data can be waiting in the wings for a future quantum computer powerful enough to crack it.

The likes of Apple, Google, and Signal have already begun integrating PQC into their systems, replacing existing public-key encryption algorithms with quantum-resistant versions. But Microsoft’s announcement marks a significant shift in its approach, driven by concerns that the transition must begin sooner rather than later. According to the company, advances in quantum research and development have pushed back the timeline for preparing for post-quantum cryptography.

Microsoft has been warning organizations about the need to prepare for PQC for years, but now it’s urging them to start taking action immediately. The company points out that the transition won’t be a straightforward process of swapping out new cryptographic algorithms – rather, it will involve modernizing infrastructure and building “crypto-agility” into systems so that they can adapt seamlessly to future changes.

To speed up this transition, Microsoft is focusing on three key areas: upgrading network cryptography with modern protocols like TLS 1.3, building cryptographic trust chains that can be easily swapped out for PQC variants, and modernizing the infrastructure used for code signing, certificate issuance, and software updates. By integrating its PQC plans into the Secure Future Initiative, Microsoft aims to provide a clear roadmap for tracking quantum-safe readiness alongside other security goals.

But what exactly prompted this acceleration? Microsoft hasn’t publicly disclosed details of any specific advances that have led it to change course – nor has it explained why it believes quantum computers could arrive sooner than previously expected. BleepingComputer reached out to the company with questions, but so far, there’s been no response.

For organizations, the takeaway from this announcement is clear: start preparing for PQC now, rather than waiting until the last minute. As Microsoft itself warns, the work required to prepare is significant, and delays will only make things harder in the long run. By modernizing infrastructure and building a foundation for future cryptographic changes, organizations can ensure they’re ready when – not if – quantum computers become powerful enough to crack current encryption standards.

As you consider your own organization’s readiness for post-quantum cryptography, remember that it’s always better to be proactive than reactive in the face of emerging threats. Start by assessing your existing infrastructure and cryptographic protocols, and then develop a plan for modernizing them over time. Don’t wait until it’s too late – test every layer of your security stack before attackers do.


Source: Bleeping Computer — 2026-06-30