TLS can already be setup to avoid store-now-decrypt-later PQC issues. That's available today, and should be implemented. Use https://sslboard.com to inventory all your external TLS infrastructure and check for PQC readiness (creator here).