Two Quantum Executive Orders Put Federal Cryptography On A Clock
President Trump signed two quantum executive orders on 22 June, published in the Federal Register three days later. Executive Order 14412, Securing the Nation Against Advanced Cryptographic Attacks, mandates an accelerated government-wide migration to post-quantum cryptography.
Listen to this article

President Trump signed two quantum executive orders on 22 June, published in the Federal Register three days later. Executive Order 14412, Securing the Nation Against Advanced Cryptographic Attacks, mandates an accelerated government-wide migration to post-quantum cryptography. Executive Order 14413, Ushering in the Next Frontier of Quantum Innovation, establishes a whole-of-government effort to accelerate American leadership in quantum information science. Together the quantum executive orders convert a decade of advisory guidance into binding deadlines.
EO 14412 is the one with teeth. It sets 31 December 2030 for federal agencies to move their most sensitive systems to post-quantum encryption and 31 December 2031 for post-quantum authentication. It directs the Federal Acquisition Regulatory Council to require contractor compliance with NIST post-quantum Federal Information Processing Standards by the end of 2030, which extends the obligation well beyond government networks into the supply chain. Any company selling software, cloud services or hardware to the federal government now has a cryptographic migration deadline written into its procurement conditions.
The threat model behind the order is harvest now, decrypt later. Adversaries with the resources to store large volumes of encrypted traffic are assumed to be doing so, on the expectation that a cryptographically relevant quantum computer will eventually make it readable. Data captured in 2026 that must remain confidential for twenty years is already exposed under that model, which is why migration timelines are set against data lifetime and not against any prediction of when the hardware arrives.
Google research published in March suggested that quantum computers capable of breaking current public key encryption could arrive by 2029, considerably earlier than most previous estimates. Whether or not that proves accurate, it moved the policy conversation, and the June orders reflect the revised urgency.
EO 14413 covers the other side of the same coin. It directs agencies to update the National Quantum Strategy, mandates the creation of domestic quantum workforce development institutes, requires plans for advanced quantum sensing and networking, and directs strategies to strengthen domestic quantum supply chains. Supply chain is the underappreciated element. Quantum systems depend on dilution refrigerators, specialised lasers, cryogenic cabling, control electronics and precision fabrication, much of it supplied by a handful of firms globally. Pasqal’s move to establish an on-shore assembly line for laser based multi-qubit control components, supported by $4 million in federal and provincial funding, is exactly the kind of activity the order is intended to encourage.
The market read the orders as supportive, and quantum equities rallied on the announcement before giving back far more in July’s broader technology selloff. The more durable effect is on procurement. Federal quantum purchasing has become a policy instrument, following the $2 billion in funding incentives and equity stakes drawn from CHIPS and Science Act money announced in May, under which nine companies including D-Wave and Rigetti receive direct investment in exchange for equity, and IBM confirmed it would work with the government on America’s first purpose built quantum foundry with a proposed $1 billion award.
For companies outside the federal supply chain the practical guidance is unchanged but more urgent. Inventory cryptographic assets. Identify every use of RSA, Diffie-Hellman, elliptic curve key exchange and elliptic curve signatures across key exchange, authentication, certificates, VPNs, management protocols and APIs. Design for crypto agility so algorithms can be swapped through policy without rewriting applications. Regulators in the United Kingdom, the European Union and Australia have published roadmaps with deadlines between 2030 and 2035, and the UK’s National Cyber Security Centre has urged financial services to complete external TLS hybrids before 2028.
The quantum executive orders make one point clearly. The migration schedule is now driven by policy deadlines and data lifetimes, and no longer by the arrival date of the machine.
Sources
- Nistcsrc.nist.gov
- Federalregisterfederalregister.gov
- Whitehousewhitehouse.gov


