The question "will quantum computers break encryption?" has an answer: yes, with a sufficiently large cryptographically relevant quantum computer, the public-key algorithms that protect most of the world's sensitive communications and stored data will fail. The more pressing question, one most organisations have not answered, is how long their specific organisation has before that failure becomes their problem. A defence contractor holding 25-year classified records faces a different window than a retailer with 3-year transaction logs. The Q-Day Timeline Risk Calculator produces a personalised risk window based on your actual data, your current algorithms, and your migration capacity. Calculate your organisation's Q-Day window
What the Q-Day Timeline Risk Calculator Does
The calculator applies Mosca's inequality framework to your specific inputs to produce a probability-weighted risk window. The inequality has three components:
- x: the time your organisation needs to complete migration to quantum-safe cryptography
- y: the time your data must remain confidential (data longevity, how long after creation it needs protection)
- z: the estimated time until a cryptographically relevant quantum computer (CRQC) exists
If x + y exceeds z, you have a problem now. Either your migration will not complete before a CRQC arrives, or your data will still need to remain secret when one does, or both. The HNDL dimension means y is not a future consideration: data that already exists and needs long-term protection is already in the inequality.
The calculator takes three primary inputs: your data classification (sensitivity level and longevity requirement), your current cryptographic algorithms, and your migration readiness estimate (how far along you are and how many months to full migration at current pace). From these, it outputs a probability score with a risk window. not a single binary Q-Day date, because there is no scientifically defensible single date. Published expert estimates range from the early 2030s to the 2040s and beyond. The probability framing is the epistemically honest approach, and it is more useful than a false specific.
Why the Timeline Matters More Than the Threat Level
The standard failure mode in board-level quantum security discussions is treating Q-Day as a future event whose distance makes current action optional. Most organisations acknowledge the threat. Far fewer have translated it into a specific claim about their own window and what it means for the pace of their migration programme.
The HNDL dimension changes the calculus. Data that is already at risk is not data that will become at risk when a CRQC arrives, it is data that adversaries with sufficient storage infrastructure are plausibly harvesting right now, holding until the decryption capability exists. For an organisation with 15-year-old classified records still being accessed on live systems, Q-Day is not a future event. The clock on that data started when it was first created.
Migration velocity is the variable most organisations underestimate. Enterprise-scale cryptographic migrations typically take 3 to 7 years from the first inventory to the last legacy system. If current CRQC estimates place a meaningful probability of arrival within 8 to 10 years, an organisation with zero migration progress today is already operating inside a narrow window. The final 20 per cent of cryptographic assets, embedded systems, legacy OT, undocumented code signing keys, old PKI hierarchies, consistently takes as long as the first 80 per cent.
The policy trigger arrived on 13 August 2024, when NIST published FIPS 203, FIPS 204, and FIPS 205. These are the finalised post-quantum standards. An organisation that was "watching the standards process" no longer has that rationale for inaction. The standards are final. The migration path is documented. What most organisations lack now is not information but a clear statement of their own specific timeline pressure.
Most organisations that claim to take quantum security seriously have not asked the question this calculator asks: at our current migration pace, what is our probability of completing migration before our CRQC window closes? The gap between how that question sounds in a board meeting and how few organisations can answer it is the problem the calculator exists to close.
Our tools are designed as directional tools only. Advice and standards are changing rapidly and although we update tools as new information is periodically released they are not designed as a replacement for expert advice. If your organisation results show high-priority exposure the next step is to contact our team or speak to a qualified expert member.
How to Use the Q-Day Timeline Risk Calculator
Step 1. Open the calculator. No registration required. The tool runs entirely within your session.
Step 2. Select your primary data classification. The tool asks you to identify the most sensitive data your organisation holds and how long it must remain confidential. This is your y variable in the Mosca inequality. Be precise about the longevity, a common mistake is entering the data retention policy (how long you are required to keep the data) instead of the data protection requirement (how long it must remain secret from adversaries). These can be very different numbers.
Step 3. Identify your current cryptographic algorithms. The tool prompts you with common algorithm options. Select the algorithms protecting your most sensitive data categories. If you are uncertain, select the ones you know are in use, the output will flag data confidence accordingly.
Step 4. Estimate your migration readiness. The tool asks two things: what proportion of your infrastructure has been assessed for PQC migration, and what is your estimated months-to-complete at current resource and pace. Both estimates can be rough, the output accounts for uncertainty ranges. This is your x variable.
Step 5. Review the Mosca inequality output. The calculator presents your risk window as a probability score: the likelihood that your migration will complete before your modelled CRQC window closes, given the x + y + z variables you have provided. A score below 50 per cent means your current pace puts you at higher probability of incomplete migration than complete when your CRQC window arrives.
Step 6. Download or save your result. The output includes a plain-English summary you can include in a report or board briefing.
How to Interpret Your Q-Day Timeline Results
The result is a probability and a window, not a deadline. Use it accordingly.
A narrow window (high probability that migration will not complete in time) requires immediate programme initiation. Not a planning phase, an active migration programme with resourced delivery. The asset categories with the highest y values (longest longevity requirements) should be the first tranche.
A wider window (migration completion probability is favourable under current pace) does not mean the problem is solved. CRQC estimates are updated as quantum hardware progress is published. The window that looks comfortable today may narrow significantly following a hardware breakthrough. Re-running the calculator annually is the minimum.
To take this to your board: frame it as "at current pace, we have a [X per cent] probability of completing migration before our modelled quantum window closes. Our highest-priority data categories require migration to begin within [N] months." That framing converts an abstract probability into a resource and timeline question the board can engage with.
From here, the Cryptographic Asset Prioritisation Matrix helps you rank which specific assets to move first within your window. The post-quantum risk assessment provides the full organisational exposure picture.
Discuss your results with a QSECDEF expert member. A directional assessment is the starting point, not the programme. If your results show high-priority exposure, the next step is a discussion about a structured migration programme with defined milestones. Request a consultation with our team or find a qualified expert member.
