Digital trust is now entering one of the most disruptive periods in its history. Two forces are converging that will redefine how organizations secure their data and transactions:
- The radical shortening of SSL/TLS certificate lifespans to just 47 days by 2029
- The impending migration to post-quantum cryptography (PQC)
Each shift alone demands significant changes to Public Key Infrastructure (PKI). Together, they represent a fundamental shift in how trust will be built and maintained online.
These changes demand immediate attention, not for some distant deadline, but because they are already here. Shorter certificate lifespans are phasing in, forcing organizations to rethink how they manage renewals at scale. Meanwhile, the race toward PQC is no longer theoretical. Adversaries are already stockpiling encrypted data, waiting for quantum decryption capabilities.
Certificates in the Spotlight
The CA/Browser Forum’s decision to shorten SSL/TLS certificate lifespans to 47 days by 2029 represents a major operational challenge. Tasks once handled annually will soon require near-continuous attention, putting pressure on existing tools and teams.
The 2025 State of Crypto Agility Report found that 96% of IT leaders are concerned about the change, yet only 19% feel prepared, and just 5% have fully automated certificate management. Without automation, the risk of outages, customer frustration, or regulatory penalties grows sharply.
“Perhaps because they have been around for three decades, it’s like TLS certs have kind of been absorbed into the ‘plumbing’ that simply makes IT work, at least in the perception of many respondents,” said Rik Turner, Chief Analyst, Cybersecurity at Omdia. “That’s why it feels like not enough of them are aware of the 47-day issue that’s barreling down the pike towards them, and don’t seem to have thought through the need for automation that it is going to impose on their organization.”
Few organizations are ready for 47-day renewals or the automation they require, and waiting until the last minute is risky because threat actors may already be harvesting encrypted data.
The PQC Imperative
NIST has set 2030 as the deadline to deprecate RSA and ECC algorithms, putting every organization on the clock to prepare for a post-quantum future. For many, this is not just a technology project but a complete transformation of security infrastructure.
The report shows that 98% of IT leaders expect major challenges during the transition, and 92% anticipate barriers from cost to lack of expertise. Yet only 14% have inventoried systems vulnerable to quantum threats. Compliance pressure, more than security concerns, currently drives PQC planning.
Beyond quantum risks, organizations face the challenge of untangling outdated cryptography and aligning with modern IT architectures. Most migrations today are slow, fragmented, and lack automation, leaving companies exposed. Done correctly, PQC migration is both a defensive necessity and an opportunity to modernize cryptography management and build AI-driven, quantum-ready security.
The Knowledge-Execution Gap
Awareness of cryptographic change is nearly universal, but execution remains low. More than 90% of IT leaders recognize the challenges of shorter certificate lifespans and PQC migration, yet fewer than 10% say their organization is fully ready. Manual processes, incomplete inventories, and misaligned leadership leave many organizations vulnerable.
Skills shortages compound the issue. About 97% of organizations report gaps in PQC expertise, leaving even well-intentioned teams struggling to plan effectively. Without leadership commitment and specialized knowledge, crypto agility risks becoming another initiative that everyone discusses but few deliver. This gap between knowledge and execution is rapidly becoming the fault line that threatens digital trust.
Expert Perspectives
Industry analysts warn that many organizations underestimate the scale of disruption ahead.
Expired or revoked certificates break the trust between clients and the underlying services – whether those clients are end users with browsers or encrypted channels between API powered business partners,” said Tim Mackey, Head of Software Supply Chain Risk Strategy at Black Duck. “Shortening expiration windows helps reduce the potential impact of encryption key misuse while also promoting the use of automated key management systems.”
PQC migration faces similar challenges. Experts agree that ad hoc fixes will not suffice. Ben Volkow, CEO of QIZ Security, emphasizes that PQC migration is already lagging behind evolving threats. “PQC migration is shaping up to be one of the biggest IT and cybersecurity challenges of the coming decade,” he commented. “The urgency isn’t just about the quantum threat – it’s also about untangling the cryptographic jungle created over the last decade. We see the quantum risk as the catalyst for a new era of cryptography management.”
Many recommend creating a dedicated “Crypto Center of Excellence” (CryptoCOE) to centralize expertise, provide governance, and align leadership. Such a structure ensures that cryptography is treated as a core element of digital trust rather than background plumbing.
Urgency and Action
In the near term, managing 47-day certificate renewals is critical. Organizations that fail to automate risk outages, customer frustration, and regulatory penalties long before quantum computing becomes a pressing concern. Even minor lapses can have outsized impacts on digital trust.
Looking further ahead, PQC migration represents an existential challenge. “PQC migration is both the greatest cryptographic risk and the biggest modernization opportunity of the decade,” said Volkow, “one that demands we move from outdated, fragmented crypto management to AI-driven, automated, and quantum-ready security.”
Moving to quantum-resistant algorithms cannot be piecemeal. To address both crises, organizations must act now: implement full automation for certificate management, inventory systems vulnerable to quantum attacks, and make crypto agility a board-level priority. Proactive action today will safeguard digital trust and prevent tomorrow’s disruptions from causing far greater damage.
