The honest answer to when quantum computers will break RSA encryption is not a date, it is a range with a lot of uncertainty in it

[EarlyBird]

The timeline for a quantum computer capable of cracking RSA-2048, the encryption protecting most of the internet, has shifted dramatically in the last year. Algorithm improvements alone have dropped the estimated qubit requirement from 20 million down to under a million, and some early 2026 research suggests architectures that could do it with fewer than 100,000 under certain conditions. None of those machines exist. But the direction of travel matters as much as the current position. Governments are not waiting for a precise date: the US, EU, and others are mandating migration to quantum-safe encryption now, because overhauling security infrastructure takes years and the encrypted data being captured today could be decrypted by future machines. The answer to when is probably somewhere between 2029 and the late 2030s, with enormous uncertainty in both directions

[Anchor99]

The fact that algorithm improvements alone cut the qubit requirement 20 times without any hardware change is the bit that should be making headlines

[DecentBloke]

2029 to late 2030s is a huge window. The difference between those two ends is whether this is a problem for IT teams now or a problem for the next generation

[MJF]

Mandating migration before the threat arrives is exactly the right call. The alternative is scrambling when it is already too late

[GlassKnight]

Anyone who gives you a specific year is guessing. The honest answer has always been a range and good on governments for acting on the range rather than waiting for certainty