The White House Just Accelerated the PQC Clock


The clock on post-quantum cryptography (PQC) did not start last week.

Last week, a U.S. Presidential Executive Order, Securing the Nation Against Advanced Cryptographic Attacks – The White House, mandated that federal agencies complete their transition to Post-Quantum Cryptography (PQC) by the end of 2030. Around the same time, Google projected that “Q-Day”—the point when quantum computers can break today’s elliptic-curve cryptography (ECC) protecting much of TLS traffic—could arrive as early as 2029.

That is closer than most organizations realize.

But focusing only on 2029 misses the bigger problem.

Adversaries are not waiting for Q-Day.

They are already executing harvest-now, decrypt-later attacks; collecting encrypted traffic today with the expectation that future quantum compute will allow them to decrypt it later.

That means the sensitive data you are protecting right now may already be compromised.

This Is Not a Federal Problem. It’s Everyone’s Problem

It would be a mistake for enterprises to treat the federal directive as relevant only to government agencies.

We have seen this exact pattern before.

Organizations delayed transitions from:

  • RSA 1024 to RSA 2048
  • 3DES to AES
  • TLS 1.0 to TLS 1.2+

Each time, the laggards eventually scrambled when:

  • browsers stopped supporting older protocols,
  • regulators flagged noncompliance,
  • insurers increased cyber requirements,
  • and customers began demanding stronger security controls.

PQC will be no different.

In fact, the consequences may be bigger.

Unlike prior migrations, this transition impacts nearly every digital system that depends on public-key cryptography.

That includes:

  • Browser-to-application communication
  • APIs and microservices
  • Containers and service meshes
  • Database connections
  • VPNs
  • Firewalls
  • Identity and access systems
  • Software signing pipelines

In short:

If your business depends on encrypted communication, PQC affects you.

The attack surface is massive.

And that is what makes the timeline deceptive.

2030 sounds comfortable.

It isn’t.

The Smartest First Step: Start at the Edge

Organizations do not need to wait for application teams to rewrite code.

They can begin at the application delivery layer.

Because ADCs, reverse proxies, and WAFs already sit in the TLS termination path, they are the natural control point for early PQC adoption.

An edge-first approach enables organizations to:

  • Terminate hybrid PQC TLS sessions
  • Protect browser-to-application traffic
  • Reduce long-term exposure immediately
  • Avoid backend application disruption

This enables something every executive wants:

Meaningful risk reduction without massive architectural change.

The Bottom Line

The White House directive did not start the quantum countdown.

It simply made it impossible to ignore.

The organizations that move early will:

  • reduce long-term data exposure,
  • avoid rushed migrations,
  • and gain a strategic security advantage.

The organizations that wait will face rising pressure from regulators, customers, insurers, and the market.

The PQC clock is already ticking. The smartest first step is to start protecting applications at the edge—today.

Looking for Guidance? What C-Level Leaders Must Do Now—Before It Becomes a Crisis

Prakash Sinha

Prakash Sinha

Prakash Sinha is a technology executive and evangelist for Radware and brings over 29 years of experience in strategy, product management, product marketing and engineering. Prakash has held leadership positions in architecture, engineering, and product management at leading technology companies such as Cisco, Informatica, and Tandem Computers. Prakash holds a Bachelor in Electrical Engineering from BIT, Mesra and an MBA from Haas School of Business at UC Berkeley.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center
CyberPedia