Cybersecurity leaders are warning that the race to build a quantum computer powerful enough to crack today’s protections is tightening faster than many expected, with some saying Q-day could arrive within a few years. Palo Alto Networks said that day would not make the internet collapse, but it would force an immediate replacement of public key infrastructures, certificate authorities and digital identities to keep systems and data safe.
Niccolo De Masi said at the World Economic Forum in January that people assume Q-day is happening in 2040, but he thinks it is going to arrive like a freight train by the end of the current U.S. administration. His warning lands as organizations around the world race to build a quantum computer capable of solving problems too complex for classical computing, and as no one can say with certainty when a cryptographically relevant machine will break through.
That uncertainty has not stopped governments and industry from setting deadlines. The National Institute of Standards and Technology, the Canadian Centre for Cyber Security and the U.K. National Cyber Security Centre are targeting complete post-quantum cryptography migration by 2035. IBM says it plans to build a large-scale, fault-tolerant quantum computer by 2029, a timetable that keeps the pressure on defenders even as the hardware remains out of reach today.
The numbers behind the warnings have also shifted in recent months. Iceberg Quantum said in a February paper on arXiv.org that a quantum computer with about 100,000 qubits could break RSA encryption within a week, far below earlier estimates that put the threshold at 20 million qubits. In March, Google Quantum AI said the cryptography protecting major cryptocurrencies, including Bitcoin and Ethereum, could be defeated with a quantum computer with 500,000 physical qubits within minutes.
That gap between old assumptions and newer research is what makes the issue so urgent now. ExecutiveBiz published a guide on May 15, 2026, on how organizations can prepare for Q-day, and the Potomac Officers Club is scheduled to hold its 2026 Cyber Summit panel on Quantum Computing and Post Quantum Cryptography on May 21. The message from both industry and government is the same: the work of replacing vulnerable systems has to start before the hardware arrives.
Q-day does not mean the internet goes dark. It means the trust system that underpins modern digital life is exposed, from certificates to identities to the encryption that protects sensitive traffic. The closer researchers get to a cryptographically relevant quantum computer, the less room there is to delay the shift to post-quantum cryptography, because the first organization to underestimate the timeline may not get a second chance.
