President Donald Trump on Monday set ambitious deadlines for how quickly federal agencies and government contractors must adopt quantum-resistant encryption algorithms, aiming to prevent U.S. adversaries from using quantum computers to decrypt sensitive data in the coming decades.
“The United States must take steps to strengthen cryptographic protections for the Nation’s sensitive data, critical infrastructure, and digital economy,” Trump said in a new executive order.
The directive requires the Office of Management and Budget to issue guidance setting two major deadlines for agencies’ adoption of post-quantum cryptography (PQC) in their high-value assets: Dec. 31, 2030, for key establishment, and Dec. 31, 2031, for digital signatures.
“By accelerating the U.S. Government’s PQC migration timeline, this Order ensures that American cybersecurity keeps pace with emerging technology and recognizes the reality of the accelerating quantum industry,” the White House said in a fact sheet about the new order.
The National Institute of Standards and Technology (NIST), the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency are now required to provide agencies with “comprehensive technical guidance on PQC implementation” on an ongoing basis.
The order also tasks the Commerce Department with pilot-testing PQC algorithms on selected NIST computer systems by the end of 2027.
Trump directed the agencies that write federal contracting rules to issue a regulation requiring contractors to comply with NIST’s Federal Information Processing Standards (FIPS) by the end of 2030. The agencies must also issue a regulation requiring contractors to update their vulnerability disclosure programs to cover “cryptographic vulnerabilities, including testing for lack of encryption and the use of non-FIPS approved algorithms.”
The executive order “sets appropriately aggressive timelines” for federal agencies, according to John Miller, the executive vice president of policy at Information Technology Industry Council, a major tech trade group.
“Policymakers must continue working closely with industry and international partners to modernize strategies to protect systems against attacks and accelerate the next generation of quantum innovation,” Miller said in a statement.
Quantum resistance beyond the federal government
In addition to setting standards for agencies and contractors, Trump’s executive order directs the U.S. government to help the rest of the world with the lengthy and difficult PQC migration process.
The order requires CISA and the other Sector Risk Management Agencies — such as the Environmental Protection Agency and the Treasury Department — to help critical infrastructure operators in their sectors develop PQC adoption plans.
CISA must also publicly release advice for constructing a cryptographic bill of materials, essentially an ingredient list that details the cryptographic standards used in a particular piece of technology.
Another provision requires the State Department, NIST and other agencies to encourage “foreign governments and industry groups in key countries” to use the suite of PQC algorithms that NIST has evaluated and approved.
Leaning into quantum research
In a second executive order, Trump ordered an update to the National Quantum Strategy, the reconstitution of the National Quantum Initiative Advisory Committee and the redoubling of efforts to protect U.S. quantum research from espionage, sabotage and other threats.
The second order also creates a Quantum Computer for Application Development and Discovery Science Effort to “pursue development of a quantum computer at a scale intended to initiate the era of quantum-enabled scientific discovery.” The goal will be to create at least one such computer for the Energy Department to use.
Another provision requires the Office of Personnel Management and other agencies to create a strategy for recruiting quantum experts into government service.
