Cloudflare Just Put a Deadline on Post-Quantum Migration — Where Does Your Company Stand?

Quantum computers breaking today’s encryption has long felt like a tomorrow problem. Cloudflare just made it a today problem. The company published a detailed, phase-by-phase roadmap to deploy post-quantum cryptography across every protocol and internal system by 2029. Not a vague commitment — an engineering schedule.

The Threat That’s Already Happening

The most urgent argument for post-quantum cryptography isn’t a future quantum computer. It’s a strategy called Harvest Now, Decrypt Later. Adversaries — state-level and otherwise — are already vacuuming up encrypted traffic in bulk. The bet is simple: store it now, crack it when quantum hardware catches up.

If your data has a shelf life measured in years — government communications, financial records, health data, trade secrets — it may already be under collection. NIST took this seriously enough to finalize the first three post-quantum cryptography standards in 2024: ML-KEM, ML-DSA, and SLH-DSA. More pointedly, NIST set a hard deadline: RSA and ECC must be fully retired by 2035. That’s not a suggestion. It’s a countdown.

Cloudflare’s Three-Phase Playbook

What makes Cloudflare’s announcement notable isn’t ambition — it’s specificity. The roadmap breaks into three distinct phases.

Phase 1 — TLS and external connections (already underway). Since 2024, Cloudflare has been rolling ML-KEM-based post-quantum key agreement into TLS 1.3 handshakes. A significant share of web traffic passing through Cloudflare already has post-quantum protection. Chrome and Firefox support it natively, so end users get the upgrade without touching a single setting.

Phase 2 — Internal service-to-service traffic (2025–2027). Protecting the front door means nothing if the hallways are exposed. This phase targets east-west traffic inside Cloudflare’s data centers — the service mesh layer — along with enterprise tunnel connections through Cloudflare One, their zero-trust platform.

Phase 3 — Full protocol migration (2027–2029). The hard part. Digital signatures, certificate chains, DNSSEC — areas where standardization is still in progress and where post-quantum algorithms introduce significantly larger key and signature sizes. This is the phase most likely to slip, and Cloudflare knows it.

Why Infrastructure Players Move First

Cloudflare proxies a massive slice of global web traffic. When they flip a default, millions of websites get upgraded without their operators lifting a finger. This is the leverage of acting at the infrastructure layer.

They’re not alone. Google shipped ML-KEM support as a default in Chrome and is applying post-quantum cryptography to internal data center traffic. AWS added post-quantum TLS options to its Key Management Service. The hyperscalers are moving.

But the migration isn’t painless. Post-quantum algorithms are bigger and slower than their classical counterparts. An ML-KEM public key runs 800 to 1,568 bytes — compared to 32 bytes for X25519. That’s a 25–50x increase. The downstream effects are real: larger network packets, slower handshakes, and compatibility headaches on constrained devices like IoT hardware. This isn’t a drop-in replacement. It’s a re-engineering effort.

What Companies Should Be Doing Now

Yes, no quantum computer can break RSA today. But cryptographic migrations don’t happen overnight. They take years across any system of meaningful complexity. Three things belong on your near-term agenda.

Map your cryptographic inventory. Know where every algorithm lives — TLS certificates, VPNs, code signing, database encryption, API authentication. The attack surface is wider than most teams assume.

Test hybrid mode. Run classical and post-quantum algorithms in parallel. This is the low-risk way to validate compatibility and catch performance regressions before you’re forced into a hard cutover.

Audit your vendors. Does your cloud provider have a PQC roadmap? Your CDN? Your identity provider? If they don’t have a timeline, that’s your answer — and your risk.

The Clock Is Already Running

Cloudflare’s 2029 target and NIST’s 2035 deadline sound distant until you account for the reality of large-scale cryptographic transitions. The last major migration — SHA-1 to SHA-256 — took over a decade and still left stragglers. Post-quantum is a harder lift.

The signal from Cloudflare’s roadmap is clear: post-quantum security has moved from research papers to engineering schedules at the companies that run the internet’s plumbing. If your data needs to stay confidential five or ten years from now, the time to audit your cryptographic foundations is not next quarter. It’s now.