Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration
Security WeekArchived Jun 23, 2026✓ Full text saved
Federal agencies are required to transition high-value assets and high-impact systems to use PQC by the end of 2030 and 2031. The post Trump Signs Executive Order Accelerating Post-Quantum Cryptography Migration appeared first on SecurityWeek .
Full text archived locally
✦ AI Summary· Claude Sonnet
President Donald Trump on Monday signed an executive order to strengthen data protection in preparation for the arrival of practical quantum computing.
Executive Order 14409 highlights the threat posed by ‘harvest now, decrypt later’, in which threat actors exfiltrate encrypted data now, intending to crack the encryption later using quantum computers.
The private sector has been taking major steps toward post-quantum cryptography (PQC), including companies such as Google, Dell, and HP. And now the US government is also attempting to establish a clear roadmap and accelerate PQC migration.
The new EO tasks OMB, NIST, NSA, DHS, and CISA with working together to develop and oversee the implementation of comprehensive technical guidance to help federal agencies adopt PQC.
Agencies will have to inventory their high-value assets and high-impact systems and transition them to PQC for key establishment by December 31, 2030, and for digital signatures by December 31, 2031.
The order instructs agencies to designate a PQC migration lead, and the Department of Commerce will run a pilot project until the end of 2027.
“The pilot program will showcase a successful migration by 2027, setting a clear example for agencies to fortify their cyber defenses as quantum technology advances,” the White House said in a fact sheet accompanying Executive Order 14409.
The State Department has been tasked with encouraging and assisting critical infrastructure operators and foreign governments in their PQC transition, while the Pentagon, NASA, and the General Services Administration have been directed to find cost-saving opportunities.
Federal contractors will also be required to comply with NIST standards regarding the use of PQC-compliant algorithms by the end of 2030.
“This executive order sends an unambiguous signal to every organization doing business with the federal government: the clock is ticking and maybe running out for some,” commented Garfield Jones, EVP Strategy and Research at QuSecure.
“The 2030 deadline for key establishment is a tangible compliance deadline, and the gap between where most organizations are today and where they need to be is significant,” Jones added. “Agencies and contractors that haven’t started a cryptographic inventory are already behind. The organizations that move now will have options. The ones that wait will find themselves managing a crisis.”
This comes shortly after President Trump signed an executive order establishing a voluntary framework for federal vetting of frontier AI models before their public release.
Related: Google Slashes Quantum Resource Requirements for Breaking Cryptocurrency Encryption
Related: Quantum Bridge Raises $8 Million for Quantum-Safe Key Distribution Solution
Related: Quantum Decryption of RSA Is Much Closer Than Expected
WRITTEN BY
Eduard Kovacs
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones
Texas Parks & Wildlife Data Breach Affects 3 Million Individuals
Cisco to Acquire WideField Security to Boost Splunk’s Agentic SOC
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
Accenture to Acquire Majority Stake in Dragos, All of runZero, NetRise in $4.1 Billion OT Cybersecurity Push
Rokarolla Banking Trojan Targets 200 Applications
SailPoint to Acquire Entro in Reported $200 Million Deal
Kodak Admits Data Breach After ShinyHunters Hack Claims
Latest News
Algerian Man Extradited to US for Running Cybercrime Marketplaces
FFmpeg PixelSmash Flaw Allows RCE on Video Players, Media Servers, NAS Appliances
OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery
Russian Initial Access Broker Behind FortiBleed Campaign
Canadian Electricity Provider London Hydro Discloses Data Breach
Xsolis Data Breach Affects 1.4 Million Individuals
Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
Attackers Exploit Gravity SMTP Plugin Flaw to Harvest Valuable WordPress Data
Trending
Webinar: How Modern Breaches Bypass MFA And Evade Detection
June 17, 2026
Today’s attackers are no longer breaking in — they’re logging in. Join this live webinar as we break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification, and access management processes.
Register
Webinar: Modern Exposure Validation In The AI Era
June 24, 2026
AI has accelerated both sides of the fight. Adversaries are weaponizing vulnerabilities faster, while defenders are racing to ship detections and configurations. Join this live webinar as we explore how to prove your controls actually hold against new threats, map your security maturity, and unite breach simulation with automated pentesting into a single, coordinated program.
Register
People on the Move
SolarWinds has appointed Justin Henkel as Chief Information Security Officer.
J. Paul Haynes has joined Cinchy as Chief Executive Officer.
Hatem Naguib has become Chief Executive Officer at Sysdig.
More People On The Move
Expert Insights
What The Latest ShinyHunters Breaches Reveal About Modern Cyberattacks
Groups like ShinyHunters are demonstrating that attackers do not necessarily need malware or zero-day exploits to cause massive damage. (Torsten George)
No Exploits Required
Four decades of incident response experience suggest that exploits are often the symptom, not the root cause, of today’s cybersecurity failures. (Tod Beardsley)
After AI Reaches Production: 12 Ways Security Teams Can Take Control
Security teams need more than visibility into AI applications, they need a repeatable framework for monitoring, investigating, and defending them in production. (Joshua Goldfarb)
Everybody Is Vibe Coding But Nobody Told The Security Team
AI-driven development is not something organizations can or should block. But it must be governed. (Danelle Au)
The Zero-Knowledge Threat Actor And The End Of Responsible Disclosure
AI can help attackers generate malware, create malicious payloads, bypass simple security checks, and convert vague malicious intent into functional code. (Etay Maor)
Flipboard
Reddit
Whatsapp
Email