Microsoft has announced plans to implement quantum-safe solutions in its products and services from 2029, with the tech giant aiming for a complete transition by 2033.
This is two years ahead of the 2035 deadline set by a number of governments around the world for a complete transition to post-quantum cryptography (PQC) across digital infrastructure and services, including in the US and UK.
The new timeline has been incorporated into the Microsoft Quantum Safe Program (QSP), an initiative first set out in 2023 to accelerate the company’s efforts to protect its own infrastructure, and that of its customers, partners and ecosystems from the future threat posed by quantum computing.
Microsoft also urged customers to start planning their own quantum-safe journey.
“Migration to post quantum cryptography (PQC) is not a flip-the-switch moment, it’s a multiyear transformation that requires immediate planning and coordinated execution to avoid a last-minute scramble,” the firm noted in a blog dated August 20.
Microsoft said it is aligning its quantum-safe efforts with US government agency requirements and guidance. This includes the National Security Agency (NSA)’s Commercial National Security Algorithm Suite 2.0, which provides stringent requirements for quantum resistant solutions for National Security Systems (NSS) and related assets.
The tech giant is also closely monitoring quantum-safe initiatives from international governments, such as the EU, UK, Australia and Japan, to align with its efforts.
A Phased Transition Journey
Microsoft’s QSP strategy aims to enable early adoption of quantum-safe capabilities by 2029, gradually making them default by 2033.
It set out three key phases for this strategy:
- Integrating PQC algorithms into foundational security components like SymCrypt, the primary cryptographic library that provides consistent cryptographic security across Windows, Microsoft Azure, Microsoft 365 and other platforms
- Updating foundational components in products and services considered core infrastructure, such as Microsoft Entra authentication, key and secret management, and signing services
- Integrating PQC into Windows Azure services, Microsoft 365, data platforms, AI services and networking, providing comprehensive protection across all platforms and applications
Microsoft has already conducted early foundational work in order to be in a position to make a full transition to PQC by 2033.
This began with an enterprise-wide inventory to assess and prioritize cryptographic asset risks. From there, it addressed critical dependencies, invested in quantum-safe research and collaborated on hardware and firmware innovation.
Countering the Emerging Quantum Threat
PQC refers to cryptographic algorithms that can withstand attacks from powerful quantum computers.
Experts believe we are seven to 15 years away from the development of quantum computers that are powerful enough to break current encryption protocols, a scenario which would leave all digital data, connections and components exposed.
In February 2025, Microsoft announced the development of the world’s first quantum chip, named Majorana 1 – a breakthrough that it said provides a pathway to building quantum computers that can scale to a million qubits in “years, not decades.”
The US National Institute of Standards & Technology (NIST) formalized the world’s first PQC standards in August 2024. This set out three PQC algorithms that provide quantum-resistant solutions for different types of systems and use cases, providing a framework for organizations to begin transitioning to quantum-safe solutions.
These standards have provided the basis for government and industry guidance on migrating to PQC across the globe, in addition to the development of quantum-safe solutions.
Image credit: hafakot / Shutterstock.com