Cloudflare sets a deadline for post-quantum security 🔐

While quantum computers have not yet broken modern cryptography at real scale, large infrastructure companies are already starting to speak the language of deadlines. Cloudflare is directly pushing the market toward a transition to post-quantum protection and is aiming for broader coverage by 2029. Against this backdrop, NIST in its roadmap marks 2030 as the threshold after which part of the current algorithms should be considered obsolete, and 2035 – as the point of their full removal from standards.

What exactly is changing

This is primarily about the gradual abandonment of familiar schemes such as RSA and ECC in those scenarios where data must remain protected for years. Cloudflare emphasizes that the threat here is not only future, but also strategic already now, because the harvest now, decrypt later scenario is at work – when encrypted data is collected today in order to decrypt it later, when quantum tools become strong enough.

Why this matters right now

The main problem is that such a migration is not done in a single day. NIST directly points to a phased transition: part of the current algorithms will be deprecated after 2030, and full abandonment should come after 2035. Cloudflare, for its part, says that it does not want to wait until the last moment and is already building post-quantum protection into its infrastructure as a standard direction of development.

• NIST has already marked the time boundaries for moving away from quantum-vulnerable cryptography
• Cloudflare is accelerating its own plan and speaks about 2029
• the main risk concerns not only future attacks, but also data that is already being intercepted now

What this means for the market

For business and the financial sector, this is a signal not to postpone the topic until later. If a company works with personal, payment, or other long-lived data, then waiting for the appearance of a real quantum breach is already too late. That is exactly why Cloudflare is promoting the idea that post-quantum protection should become the default level of security, rather than an option for individual clients.

Conclusion

The story here is simple: the market received not an abstract warning, but a time frame. NIST already outlines 2030 and 2035 as transition points, while Cloudflare is trying to accelerate preparation even more. For companies, this means one thing – post-quantum migration is already ceasing to be a topic for the future and is gradually becoming part of the current security strategy.