Read this first
The case for migrating now does not depend on a quantum timeline. It depends on the asymmetry of consequences: migrating early is recoverable engineering overhead; migrating late is unrecoverable. Decide against the asymmetry, not the date.
Most post-quantum conversations stall on the same question: when does the quantum computer actually arrive? It is the wrong question to organise around, because it invites a bet on a date nobody can call — and then treats the migration as optional until that date is near.
The two failure modes are not equal
If migration turns out to be premature, the cost is engineering overhead: larger keys, larger signatures, more bandwidth, more complex protocol negotiation. These costs are real, but they are recoverable. If migration is late, the consequences are categorically different — private keys become extractable, signatures become forgeable, and traffic encrypted today is decrypted retroactively.
The first failure mode is engineering debt; the second is unrecoverable.
What to do this quarter
Begin a cryptographic inventory now and enable hybrid key exchange (X25519MLKEM768) on TLS-terminating services behind a flag. Neither step requires certainty about timelines — both reduce the unrecoverable side of the asymmetry.
Harvest-now-decrypt-later makes the asymmetry concrete today. An adversary does not need a quantum computer now to benefit from one later; they only need to store your ciphertext now and wait. For anything with a long confidentiality lifetime, the clock has already started.
Don't wait for the factoring record
Treating a public quantum milestone as the trigger to start assumes migration is instantaneous. It is not — for most organisations it is a multi-year programme. By the time the milestone lands, the migration should already be well underway.
Have a system that needs this?
Secure my organization