Navigating Post-Quantum Cryptography: A Q&A on Meta's Migration Strategy

As quantum computing advances, the security of conventional public‑key cryptography is under threat. Organizations like Meta have begun migrating to post‑quantum cryptography (PQC) to protect sensitive data from future decryption. In this Q&A, we explore Meta’s approach—from risk assessment to deployment—and share practical lessons for the broader community.

Why is post‑quantum cryptography migration necessary now?

Quantum computers, once mature, will break most current public‑key encryption methods. Experts estimate this could happen within 10–15 years, but an immediate threat already exists: “store now, decrypt later” (SNDL) attacks. Adversaries can collect encrypted data today and decrypt it once quantum computers are available. This puts long‑term secrets—like personal data, intellectual property, and encrypted communications—at risk. Recognizing this, standards bodies such as NIST and the UK’s NCSC have published migration deadlines, including a target of 2030 for critical systems. Meta has taken a proactive stance, deploying PQC across its infrastructure to ensure billions of users remain protected now and in the future. Waiting is not an option because the threat window has already opened.

What are the main challenges organizations face during PQC migration?

Complexity and incomplete technical capabilities are two major hurdles. Many systems rely on a patchwork of cryptographic implementations, making it difficult to inventory all dependencies. Additionally, PQC algorithms often have larger key sizes and slower performance than traditional algorithms, requiring careful integration. Meta’s experience shows that organizations must first conduct a thorough risk assessment and cryptographic inventory. Without a clear picture of what uses which algorithm, migration plans can stall. Missing or immature tooling also complicates testing and rollback. To address this, Meta proposes PQC Migration Levels—a framework that helps teams prioritize use cases and manage complexity. By breaking migration into incremental steps, organizations can reduce disruption while maintaining security.

Which PQC standards are being adopted, and what role has Meta played?

NIST has finalized the first industry‑wide PQC standards: ML‑KEM (Kyber) for key encapsulation and ML‑DSA (Dilithium) for digital signatures. Additional algorithms like HQC are in the pipeline. Notably, Meta cryptographers are co‑authors of HQC, reflecting the company’s commitment to advancing global security. These standards provide robust defenses against SNDL attacks. Meta is already deploying them in internal systems, starting with high‑priority services. The company also actively shares insights and lessons learned to help the broader community navigate the transition. By contributing to algorithm development and open‑source testing, Meta aims to accelerate PQC adoption while ensuring compatibility with existing infrastructure.

How did Meta approach its own PQC migration from start to finish?

Meta’s migration followed a structured, multi‑step process. First, a risk assessment identified which systems handle sensitive data and rely on vulnerable cryptography. Next came a detailed cryptographic inventory—mapping every use of public‑key algorithms across the massive infrastructure. Then Meta designed and tested PQC‑enabled alternatives, focusing on minimal performance impact. Deployment occurred gradually, with guardrails to enable quick rollback if issues arose. The team also developed tooling to automate key management and certificate updates. Throughout the multi‑year effort, Meta stressed the importance of cross‑team coordination and documentation. The result is a production‑ready PQC ecosystem that protects user data against future quantum threats while maintaining the high availability and low latency that billions of users expect.

What are PQC Migration Levels, and how do they help other organizations?

The PQC Migration Levels concept, introduced by Meta, categorizes use cases by their cryptographic complexity and security requirements. For example, Level 1 might cover internal services with minimal interoperability needs, allowing quick wins. Level 5 could involve high‑risk, globally distributed systems requiring extensive testing and backward compatibility. This tiered approach helps teams allocate resources efficiently, avoid a one‑size‑fits‑all rollout, and track progress across the organization. By sharing this framework, Meta hopes to reduce the friction of PQC adoption. Organizations can adopt or adapt these levels to their own risk landscapes, accelerating the industry‑wide shift toward quantum‑safe cryptography without overwhelming engineering teams.

What key takeaways can other companies learn from Meta’s experience?

Several lessons stand out. First, start now—even if the quantum threat feels distant, SNDL attacks are already happening. Second, invest in a thorough cryptographic inventory; you cannot protect what you cannot see. Third, embrace standards and contribute to open‑source tools to benefit from community testing. Fourth, plan for incremental migration; use a level system to prioritize based on risk and complexity. Fifth, build in guardrails and rollback capabilities to avoid service disruptions. Finally, document and share your journey. Meta’s proactive sharing of lessons learned is intended to help other organizations navigate the transition more effectively, efficiently, and economically. The future of digital security depends on collective action, and every step toward PQC counts.