Cloudflare has accelerated its post-quantum security roadmap, announcing plans to achieve full quantum-resistant protection across its global network by 2029, amid growing concerns that advances in quantum computing could undermine current encryption standards sooner than anticipated.
The company’s updated strategy expands beyond post-quantum encryption to include authentication considered a more complex and critical layer of internet security. This shift aims to ensure that identities, certificates, and digital signatures remain secure in a future where quantum computers could potentially break widely used cryptographic systems such as RSA and elliptic curve encryption.
The urgency stems from recent breakthroughs in quantum research, which indicate that the timeline for “Q-Day” when quantum systems can crack traditional encryption may arrive faster than expected. Cloudflare’s move aligns with broader industry momentum, with players like Google also pushing for accelerated adoption of post-quantum cryptography.
“Credible new research and rapid industry developments suggest that the deadline to migrate is much sooner than expected.”
Cloudflare has already made notable progress in this space. Since 2022, it has enabled quantum-resistant encryption by default for websites and APIs on its platform, addressing risks such as “harvest now, decrypt later” attacks. The company reports that over 65% of human-generated traffic on its network is already protected using post-quantum encryption.
However, the company emphasizes that encryption alone is insufficient. Authentication systems responsible for verifying trust across the internet remain more challenging to upgrade due to dependencies on legacy infrastructure and certificate-based systems. Security experts warn that vulnerabilities at this level could allow attackers to forge credentials in a post-quantum world.
To address this, Cloudflare has outlined a phased roadmap, including the rollout of post-quantum authentication mechanisms starting in 2026, broader deployment by 2027, and full integration into its Cloudflare One platform by 2028, culminating in a fully quantum-secure network by 2029.
Cloudflare recommends that enterprises begin preparing now by prioritizing post-quantum readiness in procurement decisions and evaluating vendor preparedness. It also called on governments to lead coordinated transitions using standardized frameworks, warning that fragmented approaches could slow progress.
The company reiterated its commitment to making post-quantum security accessible by default, at no additional cost, reinforcing its broader mission to strengthen internet security at scale.
