QCready.com
Meta's PQC Migration Framework: A Five-Level Playbook

Meta's PQC Migration Framework: A Five-Level Playbook

Meta's five-tier PQC maturity model gives security teams a practical roadmap for post-quantum migration — from PQ-Unaware to PQ-Enabled.

PQC Migration Risk

On April 16, Meta’s security engineering team published a detailed writeup of their post-quantum cryptography (PQC) migration. It’s one of the more thorough public accounts of how a large tech company is actually handling the quantum threat. The post introduces a five-tier maturity model and a six-step migration strategy, both of which translate well to other organizations.

Why “harvest now, decrypt later” makes this urgent

Meta’s engineers start with a straightforward point: quantum computers will eventually break conventional public-key cryptography. Nobody knows exactly when, but adversaries don’t need a quantum computer today to start collecting your data. Harvest-now-decrypt-later (HNDL) attacks, where encrypted traffic gets captured now and stored until a powerful enough quantum machine exists, mean the clock is already running on any data with long-term sensitivity.

This isn’t a future problem. Any data your organization encrypts today with RSA or ECC that needs to remain confidential for ten or more years is already exposed to this risk. Financial records, health information, government communications, long-lived credentials. The question isn’t whether to migrate to post-quantum cryptography. It’s how fast your organization can move.

The five PQC migration levels

The core of Meta’s framework is a five-tier maturity ladder:

  1. PQ-Unaware — No awareness of quantum threats. Most organizations are still here, uncomfortable as that is.
  2. PQ-Aware — Initial threat assessment done, but design work hasn’t started.
  3. PQ-Ready — Solutions designed and validated technically, but not deployed yet due to cost or prioritization.
  4. PQ-Hardened — All available protections deployed, though some primitives aren’t yet available in the broader ecosystem (HSMs that don’t natively support ML-KEM, for instance).
  5. PQ-Enabled — Full post-quantum protection deployed. The target state.

These levels aren’t just milestone labels. They also tell you something about organizational response time. A PQ-Enabled organization can react immediately if a cryptographically relevant quantum computer shows up. A PQ-Unaware organization might need years just to inventory its exposure. With Q-Day estimates getting revised forward, reaction time matters.

If you’re running a gap assessment, this framework gives you something concrete: classify each system independently and prioritize from there, rather than treating PQC migration as one giant project.

Meta’s six-step migration process

Alongside the maturity model, Meta lays out six steps:

  1. Prioritize — Classify systems by risk. High priority: anything using asymmetric encryption vulnerable to HNDL. Medium: systems at risk from future quantum attacks. Lower: symmetric cryptography (AES-256 remains quantum-resistant at current key sizes).
  2. Inventory — Map all cryptographic usage through automated tooling and developer self-reporting. You can’t migrate what you can’t find.
  3. Address dependencies — Many blockers are external: HSMs, cloud KMS providers, protocol stacks (TLS, IPsec) that don’t fully support ML-KEM or ML-DSA yet. Talk to your vendors now and track their roadmaps.
  4. Design components — Use NIST-standardized algorithms: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) for digital signatures, SLH-DSA (FIPS 205) for hash-based signatures.
  5. Implement guardrails — Update internal policies to block new projects from using quantum-vulnerable algorithms. Restrict APIs that create RSA or ECC keys for sensitive applications.
  6. Integrate — Deploy hybrid schemes that layer PQC algorithms on top of classical cryptography during the transition. This limits your risk if either the classical or post-quantum primitive turns out to have weaknesses.

That last point on hybrid deployment is worth dwelling on. The IETF is actively standardizing hybrid key exchange for TLS 1.3, and NIST has endorsed hybrid approaches for the transition period. You don’t need to wait for universal pure-PQC support before starting. Hybrid protects against both classical and quantum attackers at the same time.

What this means for your organization

Meta’s framework gives enterprise security teams something they’ve been missing: a clear migration model with shared vocabulary. The maturity levels let you align engineering, security ops, and executive stakeholders around the same terms. The six steps give you a project structure.

The most important thing right now: get to PQ-Aware if you aren’t there. Run a cryptographic inventory. Classify your systems. Figure out which assets have HNDL exposure. Check where your HSM and cloud KMS vendors stand. AWS KMS, Google Cloud KMS, and Azure Key Vault have all announced PQC roadmaps, but as of early 2026, none have shipped GA support for ML-KEM or ML-DSA.

NIST published its first three PQC standards in August 2024, and a fourth algorithm (HQC) is on track to finalize by 2026-2027. The standards are stable. Tooling is maturing quickly. The question at this point is execution speed.

← Back to Blog