Skip to content
Email Tools

News · editor

Proton Mail rolls out post-quantum encryption to every plan, free included

Proton Mail turned on optional post-quantum encryption for every user — free and paid — on May 5, 2026, on OpenPGP v6, against 'harvest now, decrypt later'.

Alexis Dollé By Alexis Dollé ·
Proton Mail rolls out post-quantum encryption to every plan, free included

Proton Mail flipped a switch most encrypted email services have been talking about for two years and almost none have shipped to end users. On May 5, the Geneva-based provider turned on optional post-quantum encryption for every account, free tier included, and pushed the standards work upstream so other providers can follow. For Proton’s eighteen million users it is one toggle. For the email ecosystem, it is the first time post-quantum cryptography has reached a mainstream consumer inbox.

What’s actually shipping

Proton Mail now offers post-quantum protection as an opt-in setting under Encryption and keys. Once enabled, the account generates a new key pair based on OpenPGP v6 with post-quantum cryptographic algorithms layered on top of the existing RSA or elliptic-curve keys. New outgoing encrypted emails use the post-quantum key; old emails stay encrypted with the previous keys. The rollout covers every plan, including the free tier. (Source: Proton, May 5, 2026.)

The opt-in lives at account.proton.me → Encryption and keys → Post-quantum protection. The feature is rolling out gradually — Proton notes that some accounts will not see it for a few more days. Once turned on, the new keys take effect immediately for any new encrypted thread.

The protection is built on OpenPGP v6, the newer standard that adds modern cryptographic algorithms and post-quantum primitives. (Source: Privacy Guides, May 7, 2026.) Proton has not abandoned RSA or ECC — those keys keep working — but post-quantum becomes an additional layer for users who want it.

Why it matters for everyday inbox users

The threat Proton is hedging against is called “harvest now, decrypt later” — adversaries capturing encrypted email today and holding it for the day quantum computers can crack RSA. For long-lived secrets like medical records, legal correspondence, or trade contracts, that risk is real even if the quantum computer is still ten years away. Turning on post-quantum protection now is the only way to make sure an intercepted email today is still unreadable in 2036.

The harvest-now risk has been the standard quantum-readiness argument for years. (Source: Help Net Security, May 6, 2026.) What changed in May 2026 is that the option is finally one click away for a regular Proton user — no PGP keyring management, no command-line tools, no security-engineer-grade setup.

Two caveats are worth flagging before you toggle it on. End-to-end encrypted forwarding is not yet compatible with the new keys, so users who rely on that feature should hold off. And recipients outside Proton who use legacy PGP clients still get your traditional key — interoperability with the wider PGP world will arrive only as OpenPGP v6 spreads, which Proton is pushing for with Thunderbird and the rest of the open ecosystem. (Source: CyberInsider, May 5, 2026.)

What to do this week

Update every Proton app you use to the latest version, then turn the toggle on. If you do not see the option yet, wait — the rollout is gradual. If you rely on end-to-end encrypted forwarding, leave the toggle off until Proton ships compatibility. For everyone else, the cost of enabling is one password prompt and a key generation step you only do once.

If you are weighing Proton Mail against other encrypted providers, our Mailfence review and Startmail review cover the two European alternatives most often cross-shopped with it. Neither has shipped post-quantum protection at the consumer level yet, which makes this week’s Proton move a meaningful gap in the privacy market — for the first time, the question “what happens to my email when a working quantum computer arrives” has a checkbox answer for normal users.

Standards bodies have not yet caught up — the U.S. NSA is still targeting 2033 for full transition and Google has pushed its own deadline to 2029. Proton just compressed that timeline for an entire user base in a single afternoon.

Alexis Dollé, founder of Email Tools
Alexis Dollé
Founder & Editor

Alexis Dollé, email expert for 10+ years. Founder of Email Tools. I test every email client and utility myself, then write about them the way I’d explain them to a friend — no marketing fluff, no sponsored rankings, every claim sourced.

LinkedIn

Frequently asked questions

What is Proton Mail’s post-quantum encryption? — an opt-in layer built on OpenPGP v6, live May 5, 2026

Post-quantum encryption is a new optional protection layer Proton Mail switched on for every account on May 5, 2026. It uses post-quantum cryptography built on top of OpenPGP v6 so that emails encrypted today cannot be decrypted later by a future quantum computer, even if the ciphertext has been intercepted and stored in the meantime.

Is post-quantum protection free on Proton Mail? — yes, every plan including free

Yes. Proton confirmed in its launch post that post-quantum protection is available across every plan, including the free tier. There is no upsell — free accounts get the same option as Unlimited, Business, or Visionary users.

How do I turn it on? — account.proton.me → Encryption and keys → enable

Open account.proton.me, go to Encryption and keys in the sidebar, find Post-quantum protection, click Enable post-quantum protection, tick the acknowledgment box, then enter your password to generate the new keys. Make sure every Proton app you use is on the latest version first — older clients cannot read the new keys.

Does it re-encrypt my existing emails? — no, only new messages going forward

No. Post-quantum protection only applies to messages encrypted with the new keys going forward. Old emails stay encrypted with your previous RSA or ECC keys, which Proton continues to support.

What is “harvest now, decrypt later” and why does Proton care? — adversaries store ciphertext now, decrypt with quantum later

Harvest now, decrypt later is an attack model where an adversary records encrypted traffic today and stockpiles it, betting that quantum computers will eventually be powerful enough to break the encryption retroactively. Proton’s argument for shipping post-quantum protection now is that emails containing long-lived secrets — medical records, legal correspondence, contracts — should not be left readable a decade from now.

Is there a downside? — forwarding incompatibility, minor performance hit on old hardware, Proton-to-Proton only for now

Three small ones. End-to-end encrypted forwarding is not yet compatible with post-quantum keys. Users on older hardware may notice minor performance differences when encrypting or decrypting. And the new keys only interoperate with other Proton users and with future OpenPGP v6 implementations — recipients on legacy PGP setups still fall back to your classic key.

Sources
  1. Proton, May 5, 2026 — Introducing post-quantum encryption in Proton Mail
  2. Proton Support — How to enable post-quantum protection in Proton Mail
  3. Help Net Security, May 6, 2026 — Proton Mail brings quantum-safe email encryption to all accounts
  4. CyberInsider, May 5, 2026 — Proton Mail rolls out quantum-resistant encryption for all users
  5. Privacy Guides, May 7, 2026 — Proton Mail launches post-quantum encryption