Bottom line: Microsoft shortens its PQC migration to six years and integrates quantum-safe requirements into the Secure Future Initiative to address accelerated quantum computing risks.
Microsoft will transition critical products to post-quantum cryptography (PQC) by 2029, accelerating its timeline. The background is accelerated quantum computing advances that could threaten existing encryption standards sooner than previously expected.
Microsoft has announced the Quantum Safe Program (QSP) with a shortened timeframe. Critical products and services are to be transitioned from classical encryption methods to post-quantum cryptography by 2029. This occurs in parallel with the integration of quantum-safe requirements into Microsoft’s Secure Future Initiative (SFI) to make the transition measurable and controllable.
The company justifies the acceleration with changed framework conditions. Previous planning had presented PQC as a future problem – important, but distant. Advances in quantum research and development have shifted this risk horizon, however. Microsoft warns that cryptographically relevant quantum computers could become available sooner than expected. The classic scenario for CISOs is the harvest-now-decrypt-later attack: data is stolen and stored encrypted today in order to decrypt it after powerful quantum computers become available. Similar steps have already been taken by Apple, Google, and Signal.
Microsoft recommends not merely the adoption of new algorithms, but comprehensive infrastructure modernization on three pillars. First: update network cryptography through modern protocols such as TLS 1.3 to support hybrid and post-quantum-safe key procedures. Second: establish crypto-agility to flexibly exchange existing algorithms with PQC variants without completely redeveloping applications. Third: modernize cryptographic trust chains – for code signing, certificate issuance, software updates, and hardware-based key protection.
For security managers, this means that the transition to PQC cannot be treated as an isolated cryptography project. It requires inventory and modernization of the entire cryptographic infrastructure, including legacy systems and dependency chains. The NIS2 relevance lies in proactive risk mitigation through technological preparation for emerging threats.
Source: www.it-daily.net · Published 1 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.2.