As quantum computing advances, the threat to current encryption methods grows. Meta has been proactively migrating its infrastructure to post-quantum cryptography (PQC) to protect user data against future attacks like “store now, decrypt later” (SNDL). This Q&A covers key aspects of Meta’s migration framework, including risk assessment, standards adoption, and practical lessons for other organizations. Learn how Meta is preparing for a quantum-safe future and what steps you can take today.
1. Why is post-quantum cryptography (PQC) migration necessary?
Quantum computers, once sufficiently powerful, will be able to break widely used public-key encryption algorithms such as RSA and ECC. This would compromise the security of digital communications, financial transactions, and private data. Although experts estimate this capability may be 10–15 years away, adversaries can already collect encrypted data today with the expectation of decrypting it later—a tactic known as “store now, decrypt later” (SNDL). To prevent future exposure, organizations must transition to quantum-resistant algorithms now. Industry bodies like NIST and the UK’s NCSC recommend prioritizing PQC for critical systems by 2030. Meta recognized this urgency early and began deploying post-quantum encryption across its internal infrastructure to ensure long-term security for billions of users.
2. What is the “store now, decrypt later” threat and why should businesses care?
“Store now, decrypt later” (SNDL) is a strategic attack where adversaries collect encrypted data today, anticipating that future quantum computers will be able to decrypt it. This means sensitive information—from personal messages to corporate secrets—could be compromised years after it was originally secured. Even if quantum computers are still a decade away, the data is at risk if collected now. Businesses that handle confidential data, especially those in finance, healthcare, and government, must treat SNDL as an immediate concern. As explained earlier, migrating to PQC is the only way to protect against this future decryption. Meta’s proactive deployment of post-quantum encryption in its internal systems is designed to shield user data from such attacks, ensuring that today’s encrypted information remains safe tomorrow. Learn more about NIST’s PQC standards.
3. Which PQC standards are being adopted, and how is Meta involved?
The U.S. National Institute of Standards and Technology (NIST) has published the first industry-wide PQC standards: ML-KEM (Kyber) for key encapsulation and ML-DSA (Dilithium) for digital signatures. Additional algorithms like HQC are under development. Notably, Meta cryptographers are co-authors of HQC, reflecting the company’s commitment to advancing cryptographic security globally. These standards provide robust defenses against SNDL attacks. Meta is integrating these algorithms into its infrastructure, collaborating with the broader community to refine implementations and share insights. By adopting NIST-approved standards, Meta ensures compatibility with future security ecosystems and helps drive industry-wide adoption.
4. What are “PQC Migration Levels” and how do they help organizations?
Managing PQC migration across diverse use cases is complex. Meta introduced the concept of PQC Migration Levels to help teams prioritize and execute transitions efficiently. These levels categorize systems based on cryptographic exposure, sensitivity of data, and operational impact. For example, Level 1 might apply to low-risk internal tools, while Level 5 targets high‑security user‑facing services. By mapping systems to these levels, organizations can allocate resources effectively, implement appropriate guardrails, and monitor progress. This framework reduces the risk of missing critical assets and ensures a structured, repeatable migration process. Meta’s own deployment across internal infrastructure used this level‑based approach to balance speed with security.
5. What is Meta’s overall approach to PQC migration?
Meta’s strategy encompasses four phases: risk assessment, inventory, deployment, and guardrails. First, they evaluate which systems are vulnerable to quantum attacks and prioritize based on sensitivity. Next, they catalog all cryptographic assets across the infrastructure. Deployment involves implementing PQC algorithms in phases, starting with internal networks and critical services. Finally, guardrails include continuous monitoring, performance testing, and fallback mechanisms to maintain security during and after migration. By sharing this framework, Meta aims to help other organizations avoid common pitfalls and accelerate their own transitions. The company’s proactive stance ensures that billions of daily users remain protected against future quantum threats.
6. What is the recommended timeline for starting PQC migration?
Industry guidance from NIST and NCSC suggests that organizations should begin migration now and target 2030 for critical systems. However, the timeline varies by risk profile. Systems with long‑lived data (e.g., government archives, medical records) require earlier action due to the SNDL threat. Meta started its multi-year process years ago, testing PQC algorithms in internal networks before broader rollout. For most businesses, the key is to start with assessment and inventory immediately, then prioritize high‑risk assets. Waiting until quantum computers arrive is too late—data already captured can be decrypted later. As noted earlier, the SNDL risk makes early adoption essential.
7. What lessons has Meta learned from its PQC migration that others can apply?
Meta has shared several key takeaways. First, start early—the complexity of mapping cryptosystems across a large infrastructure takes time. Second, use standardized algorithms like ML-KEM and ML-DSA to ensure interoperability. Third, adopt migration levels to manage risk across diverse use cases. Fourth, invest in tooling for automated discovery and testing of cryptographic assets. Fifth, engage the community—Meta contributed to HQC and participates in open standards development. Finally, prepare for hybrid deployments where classic and quantum-resistant algorithms run together during transition. These lessons help organizations of any size avoid costly mistakes and build a resilient post-quantum security posture.