← Back to Blog
Industry||6 min read

Google Targets 2029 for PQC Migration: What This Means for UK Businesses

While NIST targets 2035, Google is moving faster. Here's why and what you should do.

Google has announced its goal to complete migration to post-quantum cryptography by 2029 — six years before the NIST deadline of 2035. This move by the tech giant has significant implications for the entire digital ecosystem.

Why Is Google Moving So Quickly?

Google's decision reflects several factors:

  • Retroactive protection: Data transmitted today could be decrypted in the future
  • Scale: Google handles billions of connections daily; migration takes years
  • Leadership: Setting the de facto industry standard
  • Quantum uncertainty: Quantum computers might arrive sooner than expected

What Google Has Already Done

  • • Chrome has supported X25519Kyber768 since 2023
  • • Gmail and Google Cloud are testing post-quantum TLS
  • • Internally, Google already uses hybrid encryption for sensitive data

Comparing Timelines

OrganisationDeadlineNotes
Google2029Complete infrastructure migration
NSA (CNSA 2.0)2030US government systems
NCSC (UK)2035Complete deprecation of RSA/ECDSA
NIST2035Full deprecation of vulnerable algorithms
EU2026 roadmapNational roadmaps by Dec 2026

Impact on the Ecosystem

When Google moves, the entire web follows. Here's what to expect:

Browsers and Clients

Chrome represents over 65% of the browser market. When Chrome requires PQC for secure connections (as it did with HTTPS), sites that don't support it will see warnings or be blocked.

Cloud and Hosting

Google Cloud, AWS, and Azure are all adding PQC support. Providers that don't keep up will lose enterprise clients with security requirements.

CDNs and Certificates

Cloudflare, Akamai, and major CDNs are implementing post-quantum TLS. Certificate Authorities are preparing certificates with PQC signatures.

For UK Businesses

If your site/service doesn't support post-quantum TLS when Chrome requires it, your users will see security warnings. It's a question of "when", not "if".

What UK Businesses Should Do

Today (2026)

  • Ensure TLS 1.3 is supported and preferred
  • Verify there are no fallbacks to TLS 1.0/1.1
  • Begin cryptographic inventory
  • Assess infrastructure readiness

2027-2028

  • Implement hybrid TLS (classical + PQC)
  • Test compatibility with PQC-enabled clients
  • Update cryptographic libraries
  • Plan digital signature migration

2029

  • PQC active on all public services
  • Progressive deprecation of classical-only schemes
  • Compliance with new browser requirements

The Prerequisite: TLS 1.3

Post-quantum cryptography requires TLS 1.3. If your site still supports TLS 1.2 as the primary version (or worse, TLS 1.0/1.1), the first step is to upgrade.

Our free scanner instantly verifies your TLS configuration and tells you if you're ready for the PQC transition.

Are You Ready for 2029?

Check your TLS and PQC readiness with a free scan.

Conclusion

Google's 2029 target isn't a whim: it's a clear signal that the transition to post-quantum cryptography is accelerating. Businesses that wait for NIST's 2035 deadline may find themselves behind the market.

For UK organisations, this means planning must start now. Three years for a complete cryptographic migration isn't long, especially for complex infrastructures.