Trump sets post-quantum crypto deadlines, launches broader federal quantum initiative

US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing.

The actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in the Next Frontier of Quantum Innovation.” Accompanying White House fact sheets frame the initiatives as part of the administration’s broader national security, economic competitiveness, and cybersecurity strategy.

For security leaders, the most immediate impact comes from the cryptography order, which establishes federal migration deadlines for quantum-resistant encryption, directs agencies to inventory cryptographic assets, and signals future procurement requirements for government contractors.

“It’s a great step and definitely in alignment with what we’ve seen from other jurisdictions around the world,” Chris Hickman, CISO at post-quantum cryptography company Keyfactor, tells CSO. “It compels action.”

Hickman said the deadlines could have effects far beyond federal agencies because contractors and critical infrastructure operators will face increasing pressure to demonstrate readiness for post-quantum cryptography.

“A lot of suppliers out there don’t want to lose revenue from the federal government, so it’s time to take this stuff seriously,” he said.

The administration argues that adversaries may already be collecting encrypted communications and sensitive data in anticipation of future breakthroughs that could render today’s public key cryptography obsolete.

The White House described the threat as a “harvest now, decrypt later” scenario in which information stolen today could be stored and decrypted years from now once sufficiently powerful quantum computers become available.

Although experts continue to debate how long it will take to build cryptographically relevant quantum computers, federal officials argue that organizations cannot wait until such systems exist before beginning preparations.

The White House said the order builds on a broader administration cybersecurity agenda, including a June 2025 cybersecurity executive order and the Cyber Strategy for America released earlier this year. Officials said the effort is intended not only to protect federal systems but also to accelerate adoption of quantum-resistant security technologies across critical infrastructure sectors and the broader digital ecosystem.

Ilona Cohen, chief legal and policy officer at HackerOne and former general counsel of the White House Office of Management and Budget, said in a statement that recent administration cybersecurity initiatives reflect growing concern about the role contractors play in federal cyber risk. “Federal networks are only as resilient as the contractors supporting them,” Cohen said.

Federal migration deadlines established

The executive order directs federal agencies to accelerate migration to post-quantum cryptography standards developed by the National Institute of Standards and Technology.

NIST finalized its first post-quantum cryptography standards in 2024 and continues to evaluate additional algorithms intended to replace cryptographic systems vulnerable to future quantum attacks.

Under the order, federal agencies must complete migration of key-establishment mechanisms by Dec. 31, 2030. Migration of digital-signature systems must be completed by Dec. 31, 2031. Within 30 days, agencies must designate senior officials responsible for overseeing post-quantum cryptography migration efforts.

The Office of Management and Budget must issue implementation guidance within 90 days, while agencies are expected to develop plans for replacing vulnerable cryptographic systems across federal environments.

The deadlines represent one of the clearest federal mandates to date regarding the timeline for government adoption of post-quantum cryptography.

Cryptographic bill of materials requirements

The order also introduces measures intended to improve visibility into cryptographic dependencies throughout government systems and software supply chains.

Among the most significant is a directive requiring NIST and the Cybersecurity and Infrastructure Security Agency to develop minimum elements for a cryptographic bill of materials (CBOM) within 270 days.

The concept is similar to a software bill of materials but focuses specifically on identifying cryptographic algorithms, libraries, and dependencies embedded within products and systems.

Security practitioners have long argued that organizations cannot effectively migrate to post-quantum cryptography without first understanding where cryptography exists throughout their environments.

The administration also directed NIST to establish a federal post-quantum cryptography migration pilot program by the end of 2027 to identify implementation challenges and develop migration best practices.

Contractors likely to face new compliance obligations

The executive order also signals significant future implications for federal contractors.

The Federal Acquisition Regulatory Council was directed to develop procurement requirements that would require covered contractors to comply with applicable NIST post-quantum cryptography standards by the end of 2030.

While details remain to be determined, the provision suggests federal purchasing requirements may become a major driver of post-quantum cryptography adoption across the technology industry.

Security vendors, cloud providers, software developers, and managed service providers that do business with federal agencies may ultimately need to demonstrate compliance with emerging post-quantum cryptography requirements.

The order’s emphasis on cryptographic inventories, migration planning, and standards compliance suggests federal agencies will increasingly expect suppliers to understand and document the cryptographic components embedded within their products.

Quantum innovation initiative expands

Alongside the cybersecurity order, Trump signed a separate executive order, which intends to accelerate the development of quantum computing and related technologies.

The administration argues that quantum technologies could eventually transform industries, including pharmaceuticals, manufacturing, logistics, energy, and defense, while providing strategic advantages in scientific research and national security.

At the center of the initiative is a government-wide effort known as Quantum Computing for Accelerated Discovery and Development for Science (QC-ADDS), which aims to develop at least one quantum computer capable of enabling what the administration calls “quantum-enabled scientific discovery.”

The Department of Energy, Department of Commerce, Department of Defense, National Science Foundation, NASA, National Security Agency, and elements of the intelligence community are directed to coordinate research and development activities under the program.

Agencies are tasked with developing technical requirements within 90 days and implementation plans within 180 days.

Industry leaders said the order reflects a growing recognition that leadership in quantum computing will require coordinated investment across multiple layers of the technology stack.

“The United States has a window of opportunity to lead in this domain,” Stefan Leichenauer, vice president of engineering at SandboxAQ, said in a statement. “It requires coordinated investment across the stack: cryptography, compute infrastructure, data generation, and application development. It also requires strong partnerships between government, industry, and academia.”

The order also calls for expanded support for quantum networking and quantum sensing technologies and directs the creation of a national capability for evaluating and benchmarking quantum computing systems.

Commercialization, workforce, and security priorities

A major focus of the innovation initiative is moving quantum technologies from research laboratories into commercial deployment.

The White House said the United States must strengthen domestic quantum supply chains, support technology transfer, and ensure federally funded discoveries translate into commercial products and economic growth.

Ankur Saxena, investment director at TDK Ventures, thinks the order reflects the industry’s growing focus on turning scientific advances into deployable technologies. “Quantum is shifting from a scientific frontier to an engineering and industrial race,” Saxena said in a statement. “US leadership will depend not just on breakthrough hardware, but on resilient supply chains and the enabling infrastructure that makes quantum deployable at scale.”

The administration also announced plans to reconstitute the National Quantum Initiative Advisory Committee and expand activities of the Quantum Counterintelligence Protection Team to help protect sensitive research and intellectual property.

The order places significant emphasis on workforce development as well, directing agencies to support quantum-related education, credentialing, and apprenticeship programs and to establish National Quantum Information Science and Technology Workforce Development Institutes.

Two sides of the same strategy

The executive orders reflect an effort to pursue what administration officials view as two sides of the same challenge: accelerating development of quantum technologies while preparing for the security consequences those technologies may eventually create.

For cybersecurity leaders, the post-quantum cryptography provisions are likely to have the most immediate impact. The combination of migration deadlines, cryptographic inventory requirements, pilot programs, and anticipated procurement mandates signals that federal agencies are moving from planning for post-quantum cryptography to implementing it.

For the broader technology sector, the orders underscore a growing consensus in Washington that quantum computing is no longer merely a long-term research project but a strategic technology that requires simultaneous investment, governance and risk management.