A threat that does not need to have arrived to do harm
The usual way of telling the quantum threat is wrong, and that mistake lulls. It is commonly said that someday a powerful enough quantum computer will break the encryption protecting banks, governments and communications, and that day is years or decades away. True, but irrelevant to the decision that must be made today. Because the harm does not start when the machine exists; it already started.
The mechanism is called, in the jargon, harvest now and decrypt later. Adversaries do not need a cryptographically relevant quantum computer today to compromise encrypted traffic: they need a hard drive and patience, to capture the ciphertext now, store it cheaply and decrypt it when the math allows. A state or a well-funded group may be intercepting and storing encrypted communications right now, betting on reading them in five, ten or fifteen years.
The consequence reorders the urgency calculation entirely. Any sensitive data an organization encrypted in 2026 with classical algorithms and transmitted over a network where an adversary could intercept it is on a countdown that began the moment it left its environment. It does not matter when the quantum computer arrives; what matters is how long that data needs to stay secret. If the answer is “more than a few years,” the risk is present, not future.
The asymmetry no plan can ignore
The core of the problem is a brutal time asymmetry between attack and defense. Realistic enterprise migrations take between 5 and 15 years depending on size and complexity, while adversaries running “store now, decrypt later” attacks are presumed active today. The attacker acts immediately and cheaply; the defender needs more than a decade to protect itself. That gap is what makes the situation pressing even with no quantum computer in sight.
There is a framework cryptographers cite frequently. The so-called Mosca theorem compares three horizons: the time it takes to migrate systems to post-quantum cryptography, the time during which data must remain secure, and the estimated arrival of the quantum computer capable of breaking current cryptography. If the sum of the migration time and the data’s shelf life exceeds the moment that computer arrives, the data is already compromised. The arithmetic is unforgiving: for much long-lived data, the effective security window is already closing.
And the discovery of where the problem lies is, in itself, an enormous task. The discovery phase — just finding where cryptography lives inside the organization — takes 12 to 24 months in large enterprises. Before migrating anything, an organization must inventory every place it uses vulnerable encryption: endpoints, certificates, code-signing keys, VPNs, email, identity systems, embedded firmware, libraries and third-party integrations. Those one or two years of inventory are time that runs while the harvest continues.
The standards already exist, the deadlines are already fixed
Unlike other diffuse technology threats, this one has a concrete roadmap. The technical part is solved. NIST finalized the first three post-quantum cryptography standards — FIPS 203, 204 and 205 — in August 2024, ending an eight-year global evaluation process and triggering the largest mandated cryptographic migration in history. The replacement algorithms — ML-KEM, ML-DSA and SLH-DSA, with HQC selected as a non-lattice alternative — are already defined. There is no need to wait for science to decide what to use: it has been decided.
The regulatory deadlines are also on the table, and they are staggered. The NSA’s CNSA 2.0 framework requires quantum-safe algorithms for all new national security systems from January 2027, full application migration by 2030 and complete infrastructure migration by 2035. The NIST IR 8547 document deprecates quantum-vulnerable algorithms by 2035. Those deadlines do not stay in government: they cascade to defense contractors, federal agencies and regulated industries, dragging their entire supply chains.
The big technology providers have already set their own dates, which function as de facto deadlines for their customers. Google, Cloudflare, AWS and Microsoft have committed to internal targets for 2029. When those providers migrate, their targets functionally become deadlines for those who depend on them. A company hosting its services in one of those clouds will inherit its provider’s calendar, like it or not. The effect is that the 2029 date stops being a suggestion and becomes an operational constraint for much of the market.
Why migration is so hard
If the standards exist and the deadlines are clear, one might ask why almost no one has finished. The answer is not lack of will, but the nature of the problem. The migration is not a simple software patch, but a fundamental architectural overhaul. Cryptography does not live in one place: it is embedded in every secure connection, every certificate, every digital signature, every VPN tunnel of an organization. Changing it is like replacing a building’s foundations without demolishing it.
The lag between having the algorithms and being able to use them in real systems is the first obstacle. NIST has the algorithms, but getting them into the legacy-heavy guts of enterprise hardware and software is a different story. Much of the world’s digital infrastructure runs on old systems that were not designed to change cryptography easily, and many of them do not even allow a simple update. The migration collides with the reality of an old, heterogeneous technology base.
There is also an underlying security risk that NIST itself acknowledges. The standards were chosen after an eight-year global cryptanalytic scrutiny, which gives confidence but not absolute certainty. NIST explicitly maintains the SLH-DSA algorithm as a backup to hedge against unforeseen advances in lattice cryptanalysis. That is: even the replacements could, in theory, have weaknesses not yet known, which is why an alternative of a different mathematical nature is kept. Prudence is built into the design, which also adds complexity to the migration.
Why the consensus changed just now
For years, the quantum threat was treated as distant science fiction. Something changed between late 2024 and early 2026 that moved the experts’ consensus. Three quantum-hardware milestones between late 2024 and early 2026 materially changed the consensus on how near the threat is. It is not that Q-Day arrived, but that it stopped seeming impossible: advances in quantum processors made credible what was once speculative, and that credibility was enough to activate regulators and companies.
The mathematical mechanics of the risk are concrete and worth understanding without mysticism. Quantum computers threaten the current security model through Shor’s algorithm, which can solve certain mathematical problems exponentially faster than classical methods; a sufficiently powerful quantum computer could break RSA-2048 encryption in hours, compromising decades of encrypted communications that were stored or intercepted. Current encryption is not magic: it rests on certain mathematical problems being too slow to solve for a classical computer. Shor’s algorithm, run on quantum hardware, eliminates that slowness, and with it the protection.
The market is already moving around that future certainty. The market to migrate global enterprise cryptographic infrastructure is projected above 15 billion dollars by 2030, and most organizations have not started because the tooling did not exist. Companies dedicated exclusively to post-quantum migration have emerged, with cryptographic-inventory platforms and planning wizards, a sign that the problem stopped being theoretical to become an industry. That a 15-billion market exists to solve it is the best proof that organizations take it seriously, if late.
Those who already started and the regulatory pressure piling on
Against the majority that has not yet begun, some giants already published their plans and shared them. Meta published its migration playbook in April 2026, with a six-step framework, five maturity levels, hybrid-first deployment and combined automated and developer-reported inventory, that generalizes to any enterprise. That one of the world’s largest tech companies not only migrates but publishes its method is a sign that the problem is seen as collective: it does no good to be safe if your supply chain is not. The dominant strategy is hybrid deployment, which combines classical and post-quantum cryptography at once so as not to be exposed during the transition.
The pressure comes not only from national-security deadlines, but from financial and sectoral regulation. Regulatory frameworks like DORA and NIS2, along with sectoral regulators, are tightening cryptographic-resilience expectations. For a European bank or a critical infrastructure, post-quantum migration stops being a voluntary best practice and becomes a compliance obligation, with audits and penalties behind it. That regulatory layer accelerates what the technical threat alone could not: turning an abstract risk into a box that must be checked before a supervisor.
There is a sector where the threat is existential and not only about confidentiality: blockchains. Beyond blockchains, the implications of quantum computing extend to any system that stores encrypted data for extended periods. A cryptocurrency whose security depends on public-key cryptography could see the keys protecting funds compromised. The Open Quantum Safe project, with its open-source library liboqs, offers implementations of the resistant algorithms so developers of any system can start testing the transition without depending on a commercial vendor. The defense, at least in its basic layer, is available to whoever wants to take it.
Who has the most to lose
Not all data runs the same risk, and understanding the difference is key to prioritizing. The criterion is the information’s shelf life. Data that loses value in days — tomorrow’s weather, today’s price — does not interest whoever harvests to decrypt in a decade. But there are categories of information whose sensitivity lasts years or decades, and those are the target. Long-lived data — intellectual property, source code, M&A files, government records, cryptographic key material — is already exposed regardless of when Q-Day arrives.
The sectors with long memory are the most vulnerable. Healthcare organizations holding patient records, financial institutions with decades of transaction history and government agencies with classified information face the same harvest risk. A medical record does not expire; a biometric identity cannot be reissued; a state secret must remain secret for generations. For those categories, today’s classical encryption is a promise of confidentiality that a patient adversary can break tomorrow.
The risk worsens with an uncomfortable detail about permanent identifiers. Unlike a password, which can be changed after a leak, there is data that admits no reissue. A fingerprint, an iris pattern, a genome cannot be “changed” if leaked. Biometric exposure is permanent, which makes it the clearest possible case for protecting the data at rest rather than relying on the network around it. For that class of information, today’s harvest is a deferred sentence: the harm cannot be undone when decryption arrives.
What it means for the region
For governments and companies in Latin America, the quantum threat is often perceived as a problem of the big and the rich, distant and abstract. It is a miscalculation. The harvest does not discriminate by size or country: if encrypted data travels over an interceptable network and has long-term value, it is a candidate to be stored, no matter where it comes from. A ministry’s records, a public health system’s histories, an exporting company’s intellectual property all share the same exposure as those of a great power.
The region’s disadvantage is one of capacity, not exposure. While the big providers and rich governments already have roadmaps, budgets and migration tools, organizations in mid-sized economies often have not even begun the inventory phase that takes one or two years. That readiness gap is the real vulnerability: not the lack of one’s own quantum computer, but the lack of a plan for when someone else’s arrives. The lag in starting translates, datum by datum, into more information accumulating on others’ drives.
There is, however, an advantage in arriving with the roadmap already drawn by others. US cybersecurity agencies jointly published a six-step quantum-readiness playbook that has become the de facto standard sequence for enterprise adoption, and it starts with the cryptographic inventory, not with a vendor purchase. The first step costs no money and requires no cutting-edge technology: it is knowing where vulnerable encryption is used. A regional organization can start that inventory today, with modest resources, and gain the months it would otherwise lose waiting. The migration is expensive and long, but the first move — knowing what you have — is within reach of anyone who decides not to wait.
It is also worth dismantling a common excuse: the idea that since Q-Day is uncertain, it is better to wait for technology and prices to mature before investing. That logic fails because of the asymmetry already described. Whoever waits for certainty about the quantum computer’s date will not arrive in time, because the migration they must complete takes longer than the warning they will get. And while they wait, their long-lived data keeps traveling with classical encryption over networks someone may be recording. Waiting is neither neutral nor free: each year of delay is one more year of information accumulating on a patient adversary’s drive. In this threat, unlike almost any other in cybersecurity, postponing the defense does not reduce the cost of acting later; it increases the harm already being done in silence.
The balance of the clock
The post-quantum migration brings together an unusual combination of certainties and unknowns. The certainty is that the math protecting information today will be breakable, that the standards to resist it already exist and that the deadlines are fixed through 2035. The unknown is only when exactly the quantum computer capable of breaking current encryption will arrive, the so-called Q-Day, which could be a decade or more away. But that unknown does not authorize waiting, because the data harvest is already happening and the migration already takes as long as it takes.
The verdict the clock leaves is one of silent urgency. Unlike a visible attack, the harvest leaves no immediate trace: no one notices their encrypted data was copied until, years later, someone reads it. That invisibility is what makes the threat easy to postpone and dangerous to postpone. The question for any organization with data that must stay secret in 2035 is not whether to migrate, but whether it started the inventory that takes two years to do. Q-Day has an uncertain date; the vulnerability clock, by contrast, is already running, and it started the day the data went out encrypted toward a network someone could be listening to.