Digital security in the quantum era

Preparing for the quantum era requires a dual commitment to research and action. We’re all in on both fronts, so let’s take each of these in turn:

Examining and updating PQC timelines: Where consistent with security considerations, we share findings from our research that provide insight into the latest requirements needed to break public key cryptography, including asymmetric encryption and digital signatures. This research helps show the impact on PQC migration timelines and how a CRQC will affect individual sectors such as health and finance.

Completing PQC migrations: We are on track to complete a PQC migration safely within NIST’s current guidelines and have begun rolling out PQC in our infrastructure for internal operations and products. In order to migrate to a more secure post-quantum state, we are focused on three key areas: Crypto agility, securing critical shared infrastructure, and facilitating ecosystem shifts that can create a long-term and more robust security infrastructure.

These commitments reflect our deep investment in the long-term integrity of our digital economy. But when we zoom out, we know that even in the quantum age, security will be a team sport. Here are five recommendations to help policymakers manage the shift.

Five actions policymakers can take to prepare for the quantum era

1. Drive community-wide momentum, especially for critical infrastructure: Policymakers’ efforts should extend beyond public sector networks to address gaps and barriers (including workforce challenges) in vital sectors such as energy, telecommunications and healthcare. Protecting the trust infrastructure behind digital systems is also key and requires a dedicated effort with certificate authorities. We need to accelerate progress.
2. Make sure AI is built with PQC in mind: Cryptography secures AI systems, and the more we trust AI, the more we need to secure its foundations. Let’s treat PQC as a necessary foundation for the sustained economic potential of AI innovation.
3. Reduce global fragmentation: We need a unified approach. Helpfully, the NIST standards for quantum-safe cryptography provide a globally agreed, scalable, and secure benchmark—if widely adopted, they can help us move faster and avoid partial, insecure solutions.
4. Promote Cloud-first modernization: The transition to new cryptographic standards will be a heavy lift, and PQC provides another compelling reason to migrate to the cloud. Instead of investing public budgets to update legacy systems and hard-coded cryptography, governments should prioritize migrating these systems to the cloud and take advantage of the work providers like Google Cloud are doing now to enable PQC across their global networks.
5. Trust the experts to avoid strategic surprise: A CRQC is not “forever a decade away.” While no one knows exactly when it will come, ongoing dialogue with experts from research institutions and groups like Google’s Quantum AI team will help policymakers stay ahead of new threats.

Here’s the bottom line: We believe that quantum computing can help shape a brighter tomorrow—but we need an approach that allows us to ensure that the quantum era is defined by breakthroughs, not breakdowns. By working together, we can prepare today and promote greater security tomorrow.