Emerging
Jun 23, 2026 Major2
81%
Trump Signs Executive Order Setting 2030 Deadline for Federal Post-Quantum Cryptography Transition
President Trump signed Executive Order 14409 on June 22, 2026, setting December 31, 2030, and 2031, deadlines for federal agencies to migrate to post-quantum cryptography and digital signatures, accelerating the previous 2035 timeline by four to five years. The order addresses the quantum computing threat and aligns with NIST standards finalized in 2024, with immediate requirements for agencies to identify migration leads and inventory systems within 30 to 90 days.
Quick Facts
Who
President Trump
What
Signed Executive Order 14409 on post-quantum cryptography transition
When
June 22, 2026
Where
United States
- Signed Executive Order 14409 on post-quantum cryptography transition
- Set deadline for migration of high-value assets and high-impact systems to post-quantum cryptography
- Set deadline for deployment of post-quantum digital signatures
- Addressed 'harvest now, decrypt later' threat
- Established phased implementation schedule with agency-level requirements
President Trump signed Executive Order 14409 on June 22, 2026, titled "Securing the Nation Against Advanced Cryptographic Attacks," mandating that federal agencies transition high-value assets and high-impact systems to post-quantum cryptography by December 31, 2030, and deploy post-quantum digital signatures by December 31, 2031. The order accelerates the government's previous timeline by four to five years, moving the deadline forward from 2035 as set by the 2022 National Security Memorandum 10.
The executive order addresses the "harvest now, decrypt later" threat, wherein adversaries collect encrypted U.S. government data today for decryption once quantum computers become sufficiently powerful. The order aligns with cryptographic standards finalized by the National Institute of Standards and Technology (NIST) in August 2024, including FIPS 203 (ML-KEM algorithm for key establishment), FIPS 204 (ML-DSA for digital signatures), and FIPS 205 (SLH-DSA). National security systems remain on a separate track.
The order establishes a phased implementation schedule with immediate requirements. Within 30 days, each federal agency head must designate a post-quantum cryptography migration lead reporting to the agency's Chief Information Officer. Within 90 days, the Office of Management and Budget will issue guidance requiring agencies to inventory high-value assets and high-impact systems, develop migration plans, and submit them for review. NIST will conduct a pilot migration on its own systems by December 31, 2027, to validate the transition approach.
The order extends compliance requirements beyond federal agencies to federal contractors and critical infrastructure. The Federal Acquisition Regulatory Council has 180 days to propose a rule requiring covered contractors to meet NIST's post-quantum cryptography standards by December 31, 2030. A second rule, due in 270 days, will incorporate cryptographic vulnerability disclosure requirements into contractor programs. Within 270 days, CISA and NIST must publish minimum standards for a cryptographic bill of materials—a machine-readable inventory of cryptographic assets in hardware and software—enabling crypto-agility across systems.
The transition represents a significant undertaking for federal agencies and industry partners. The primary challenge lies in identifying and inventorying existing cryptographic implementations across complex systems and networks. A companion executive order signed the same day, "Ushering in the Next Frontier of Quantum Innovation," advances quantum computing development, underscoring the urgency of the cryptographic migration. Industry observers note that success depends on practical implementation through OMB guidance and regulatory rules that will determine whether the 2030 and 2031 deadlines create enforceable procurement pressure or face slippage as occurred with previous federal migration initiatives.
Why This Matters
This accelerated post-quantum cryptography mandate creates immediate procurement and operational obligations for federal agencies and their contractors, directly impacting technology budgets and system upgrade timelines across government. Organizations must begin inventorying cryptographic assets now to meet the aggressive 2030–2031 deadlines, while the regulatory framework (due within 180–270 days) will determine enforcement mechanisms and competitive advantage for vendors offering quantum-safe solutions. Failure to transition exposes sensitive government data collected today to future decryption by adversaries with quantum capabilities, making this a critical national security and operational resilience issue for both public and private sector leaders.
Timeline & Sources
Jan 1, 2022
WireNational Security Memorandum 10 set federal PQC migration deadline to 2035
Jun 22, 2026
WirePresident Trump signed Executive Order 14409 on post-quantum cryptography transition
Jun 23, 2026
WireNews reports published on the executive order
Dec 31, 2027
WireNIST completes pilot migration on its own systems
Jan 1, 2029
WireCloudflare targets full post-quantum security
Dec 31, 2030
WireDeadline for federal agencies and contractors to migrate high-value assets and high-impact systems to post-quantum cryptography
Dec 31, 2031
WireDeadline for federal agencies to deploy post-quantum digital signatures