Let's Encrypt plans to deploy Merkle Tree Certificates to add post-quantum authentication to TLS without increasing handshake sizes. NIST draft guidance deprecates RSA-2048 and P-256 after 2030 (NIST IR 8547, 2024), while NSA CNSA 2.0 mandates post-quantum algorithms for national security systems by 2035 (NSA, 2022). Google and Cloudflare have set 2029 migration targets citing CRQC arrival estimates (Google Security Blog, 2025; Cloudflare Blog, 2025). MTCs batch signatures into landmarks verified separately from handshakes, avoiding the 10+ KB overhead of ML-DSA-44 signatures documented in Cloudflare research. Go 1.27's inclusion of ML-DSA signals library-level readiness (Go Release Notes, 2025). This approach addresses long-lived root CA keys targeted in quantum threat models, aligning with EU 2030 high-risk system deadlines (ENISA Roadmap, 2024).