Government
Executive Order 14144
Federal cybersecurity executive order includes PQC in modernization agenda.
Evidence timeline
14 months that changed the landscape
25 key events from January 2025 through February 2026. Government mandates, NIST standards, platform deployments, and financial disclosures.
Evidence timeline of 25 key post-quantum cryptography events from January 2025 through February 2026. Includes Executive Order 14144, DHS PQC guidance, UK NCSC migration timeline (2028/2031/2035), OpenSSH 10.0 ML-KEM default, BlackRock SEC quantum risk disclosure, Microsoft and Apple PQC deployments, Cloudflare majority PQC traffic milestone, G7 PQC roadmap for financial sector, CISA product categories, and Red Hat RHEL 10.1 ML-KEM/ML-DSA support. Categories: government, standards, platform, financial.
Q1 2025
5 events
Government
DHS Public PQC Guidance
Department of Homeland Security releases public guidance on post-quantum cryptography preparation.
Standards
SSH Hybrid ML-KEM Draft
IETF draft for SSH hybrid ML-KEM key exchange submitted, marking late-stage standardization progress.
Platform
Go 1.24 Ships with PQC
Go 1.24 releases with built-in ML-KEM support plus FIPS 140-3 Go Cryptographic Module.
Government
UK NCSC Migration Timeline
UK National Cyber Security Centre publishes migration milestones: 2028, 2031, and 2035 deadlines.
Q2 2025
7 events
Government
DHS “Prepare Now” Memorandum
DHS issues memorandum directing preparation for post-quantum cryptography now, not when ready.
Platform
OpenSSH 10.0 ML-KEM Default
OpenSSH 10.0 makes ML-KEM hybrid key exchange the default for all new connections.
Financial
BlackRock SEC Filing
BlackRock expands quantum risk disclosure language in iShares Bitcoin Trust SEC prospectus amendment.
Platform
Microsoft PQC to Windows & Linux
Microsoft brings post-quantum cryptography support to Windows Insiders and Linux platforms.
Platform
Red Hat RHEL 10 PQC
Red Hat documents PQC support in RHEL 10, signaling enterprise Linux readiness.
Government
GSA PQC Buyer’s Guide v1.0
General Services Administration releases Post-Quantum Cryptography Buyer’s Guide for federal procurement.
Government
White House Amends EO 14144
White House action and fact sheet reinforcing PQC requirements in federal cyber modernization.
Q3 2025
3 events
Standards
Go FIPS 140-3 ML-KEM Validation
Go’s cryptographic module achieves FIPS 140-3 validation for ML-KEM implementation.
Platform
Apple Quantum-Secure TLS Guidance
Apple publishes operational guidance for quantum-secure encryption in TLS across its platforms.
Financial
Fed Reserve HNDL Paper
Federal Reserve publishes “Harvest Now, Decrypt Later” in FEDS 2025 series, formally acknowledging the threat model.
Q4 2025
6 events
Platform
Google Cloud KMS PQC Preview
Google Cloud announces post-quantum KMS preview, bringing PQC to cloud key management.
Government
NCSC Annual Review
UK NCSC annual review reinforces quantum migration timeline and preparation urgency.
Platform
Cloudflare: Majority PQC Traffic
Cloudflare reports majority of human internet traffic now uses post-quantum cryptography.
Platform
AWS Private CA PQC Certificates
Amazon Web Services adds PQC digital certificates to AWS Private Certificate Authority.
Platform
Microsoft PQC APIs GA
Microsoft post-quantum cryptography APIs become generally available across Microsoft platforms.
Platform
Amazon S3 PQC TLS
Amazon S3 adds PQC TLS key exchange, extending post-quantum protection to object storage.
Q1 2026
4 events
Financial
G7 PQC Roadmap
U.S. Treasury announces G7 Cyber Expert Group roadmap for coordinating financial sector PQC transition.
Government
CISA PQC Product Categories
CISA releases post-quantum cryptography product categories, translating the issue into procurement criteria.
Platform
Apple Platform Security Update
Apple updates platform security guide with quantum-secure guidance and operational recommendations.
Platform
Red Hat RHEL 10.1 ML-KEM & ML-DSA
Red Hat announces full ML-KEM and ML-DSA support in RHEL 10.1.
Full evidence base