Are you already exposed?
Describe your situation — the data you hold, how long it must stay secret, how long your migration takes, when a quantum computer might arrive, and the crypto you use today. The verdict updates live.
How long this data must remain secret.
How long it takes you to roll out PQC.
When a cryptographically-relevant quantum computer (CRQC) arrives.
Already exposed
This data must stay secret for 25 years, but a quantum computer may exist in 10. Anything an adversary records today can be decrypted well inside that window — classic harvest-now-decrypt-later. By Mosca's inequality (X + Y = 32 > Z = 10) you have already failed for this data class.
Harvest-now-decrypt-later is active. The deadline for confidentiality is today, not Q-Day — ciphertext captured now sits in storage until a quantum computer can open it.
Signatures are different. A signature only needs to be quantum-safe by the time a CRQC exists — there’s no retroactive risk. Encrypted secrets get no such grace period, which is why confidentiality migrates first.