However, one firm has warned that a gap exists in how the national vision views Post-Quantum Cryptography risks.

On 3 February 2026, the US White House mobilized a sweeping, whole-of-government effort to accelerate the development of quantum technologies, to establish a national vision to maintain leadership in this critical field.

Some initiatives include lowering commercial barriers, strengthening supply chains, and focusing on scientific applications and discovery.

However, the draft order notably omits provisions related to post-quantum cryptography (PQC). The CISA does issue federal guidance, and government contracts are expected to mandate PQC compliance in 2026. However, one Big Tech player has sounded an alarm that the initiatives may be underestimating the timeframe in which malicious use of quantum computing resources could start becoming rampant.

In a recent policy brief and blog post, Kent Walker, president of global affairs at Google/Alphabet, and Hartmut Neven, founder and lead of Google Quantum AI, argued that large‑scale quantum machines capable of breaking public‑key cryptography may arrive sooner than many expect.

The pair have warned that malicious actors are already carrying out “store now, decrypt later” attacks. This means sensitive records could be at risk even if no quantum‑capable machine exists now. The firm’s own research has shown that the quantum resources needed to crack widely used schemes such as RSA‑2048 are far lower than earlier estimates, compressing the timeline for when such attacks could become feasible from decades to years.

Also, private sector efforts alone may be insufficient, and the pair are calling on policymakers to treat quantum‑resistant encryption as critical infrastructure, mandating upgrades, modernizing legacy systems, and fostering global alignment on standards. They estimate that enterprises, governments, and security teams have roughly 12–24 months to begin meaningful migration, with critical sectors such as finance and healthcare needing to move faster to avoid regulatory and audit pressure.

The firm is deploying NIST‑aligned algorithms such as ML‑KEM in Chrome and across its cloud and identity‑security stack, aiming to complete its production‑scale post‑quantum migration by 2026.