NIST mandates quantum-safe cryptography by 2035 but past crypto migrations have taken 10-20 years, leaving almost no margin

NIST finalized the first three post-quantum cryptography (PQC) standards in August 2024 (ML-KEM, ML-DSA, SLH-DSA) and set a timeline for deprecating quantum-vulnerable algorithms: 112-bit classical cryptography deprecated by 2031, all quantum-vulnerable algorithms disallowed after 2035. But NIST itself acknowledges that historical cryptographic transitions (e.g., DES to AES, SHA-1 to SHA-2) have taken 10 to 20 years. With the standards finalized in 2024 and the deadline in 2035, organizations have at most 11 years -- at the low end of what history says is needed. Why it matters: Because most enterprises have not even begun inventorying their cryptographic dependencies, they will discover the migration is far larger and more complex than anticipated, so CISOs will face a simultaneous deadline with thousands of other organizations all needing the same scarce PQC implementation expertise, so the cybersecurity consulting and vendor ecosystem will be overwhelmed, so many organizations will miss the 2035 deadline and remain vulnerable to 'harvest now, decrypt later' attacks where adversaries are already collecting encrypted data today for future quantum decryption, so sensitive data with long shelf lives (medical records, financial data, classified intelligence) will be retroactively compromised. The structural root cause is that cryptography is deeply embedded in every layer of enterprise technology -- from TLS certificates and VPNs to database encryption, code signing, IoT firmware, and hardware security modules -- and no organization has a complete inventory of where cryptographic algorithms are used. Unlike a software library upgrade, cryptographic migration requires touching hardware (HSMs, smart cards, embedded devices), firmware, protocols, and every application that handles encrypted data. The 'harvest now, decrypt later' threat also means the effective deadline is not 2035 but today, since any data encrypted with vulnerable algorithms that is intercepted now will be decryptable once quantum computers are powerful enough.