The post-quantum conversation has a framing problem. Most coverage fixates on “Q-Day” — the still-uncertain moment when a cryptographically relevant quantum computer can break RSA and elliptic-curve cryptography. Because that date is unknown and probably years away, the topic gets filed under “important but not urgent,” and migration budgets get deferred.

That framing misses the deadline that is actually on the calendar. The first hard post-quantum consequence for most organizations is not cryptographic — it is procurement. And it lands on September 21, 2026.

The FIPS 140-2 Historical List deadline

Here is the concrete mechanism. NIST’s Cryptographic Module Validation Program (CMVP) validates encryption modules against the FIPS 140 standard, and federal agencies are generally required to use FIPS-validated cryptography. FIPS 140-2 is the older standard; FIPS 140-3 is its successor.

On September 21, 2026, every FIPS 140-2 certificate moves to NIST’s “Historical List.” Once a certificate is on the Historical List, federal agencies cannot rely on it to justify new procurement decisions. The module does not stop functioning, and existing deployments are not instantly forbidden — but for any new purchase, a Historical-List certificate no longer satisfies the validation requirement. Agencies must move to FIPS 140-3-validated modules.

For any company that sells software, hardware, or cloud services into the federal government — or into healthcare, financial services, and other sectors that key their requirements to FIPS validation — this is a revenue-impacting deadline, not an abstract cryptography milestone. If your product’s cryptographic module is validated only under FIPS 140-2, then after September 21, 2026 it becomes harder for federal customers to buy it, and your competitors with FIPS 140-3-validated modules gain an immediate procurement advantage. The CMVP queue for FIPS 140-3 validation is long, which makes this a “start now or miss it” situation.

The standards are finished — the excuse for waiting is gone

The other reason the clock is genuinely running: the post-quantum algorithms are no longer drafts. In August 2024, NIST finalized its first three post-quantum cryptography standardsFIPS 203 (ML-KEM, for key encapsulation), FIPS 204 (ML-DSA, for digital signatures), and FIPS 205 (SLH-DSA, a stateless hash-based signature scheme). These are production-ready, federally blessed algorithms. The long-standing rationale for deferring migration — “the standards aren’t final yet” — expired in 2024.

NIST’s transition guidance, NIST IR 8547, lays out the runway: the agency will deprecate quantum-vulnerable algorithms (RSA, ECDSA, ECDH, and the like) over the coming years and disallow them entirely by 2035, with high-risk systems expected to transition much earlier. 2035 is the outer boundary, not the target.

CNSA 2.0: the national-security deadline at January 2027

Running in parallel, the NSA’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) mandates quantum-safe algorithms for National Security Systems, and its timeline is more aggressive than the civilian one. CNSA 2.0’s first compliance milestone — quantum-resistant algorithms for new national-security systems — arrives in January 2027. Software and cloud services, firmware and networking equipment, and traditional IT follow on a staged schedule running through the early 2030s. Contractors and vendors in the national-security supply chain are effectively bound by these dates through their customers, even where no civilian regulation yet compels them.

For broader context on the timeline pressure and CISA’s posture, see our Q-Day countdown analysis.

‘Harvest now, decrypt later’ makes today’s data tomorrow’s breach

The deadline that should worry compliance teams most has no fixed date at all, because the harm is already accruing. Adversaries can intercept and store encrypted traffic today and decrypt it later, once quantum hardware matures — the “harvest now, decrypt later” threat. Any data with a long confidentiality lifespan — health records, financial transactions, trade secrets, government communications, anything that must stay secret for a decade or more — is effectively being compromised now if it travels over RSA/ECC-protected channels, even though the decryption is years away. For this category of data, “we’ll migrate before Q-Day” is not a strategy, because the interception has already happened.

What to do now

  1. Inventory your cryptography. You cannot migrate what you have not mapped. Build a cryptographic bill of materials (CBOM) — every algorithm, key length, certificate, and protocol across applications, infrastructure, and vendors. This is the foundational step every framework (NIST, NSA, the December 2025 CEPS financial-sector task force) now recommends first.
  2. Check your FIPS validation status against September 21, 2026. If any cryptographic module you ship or depend on is validated only under FIPS 140-2, start the FIPS 140-3 validation or replacement process immediately — the CMVP queue is long and the procurement consequence is real.
  3. Prioritize by data lifespan. Apply post-quantum protection first to data with the longest confidentiality requirements, where “harvest now, decrypt later” exposure is greatest. Long-lived secrets are the genuine emergency.
  4. Build cryptographic agility. Architect systems so algorithms can be swapped without re-engineering — this is the durable capability that survives every future transition, not just this one. Hybrid (classical + PQC) schemes are the pragmatic interim posture.
  5. Map your obligations to the right deadline. Federal/regulated sales → the FIPS 140-2 Historical List (Sept 21, 2026). National-security supply chain → CNSA 2.0 (new systems, Jan 2027). General enterprise → NIST IR 8547’s deprecation runway toward 2035.
  6. Push PQC readiness into vendor management. Your third parties’ cryptography is your cryptography. Add post-quantum migration roadmaps and FIPS 140-3 status to vendor assessments and contract requirements.

The post-quantum threat is often dismissed as a problem for the 2030s. But the compliance consequences are a problem for 2026: a procurement cutoff in September, a national-security mandate in January 2027, finalized standards that remove every excuse for delay, and a data-interception threat that is already underway. The organizations treating cryptographic migration as a near-term program — starting with an inventory and a FIPS 140-3 plan — are the ones that will still be sellable to federal and regulated customers a year from now.

This article is provided for informational purposes only and does not constitute legal advice.