Type: Law Bulletins
Date: 06/30/2026

Quantum Homework for Everyone: New Executive Orders on Quantum Technology

On June 22, President Trump issued two executive orders titled “Ushering the Next Frontier of Quantum Innovation” (Quantum EO) and “Securing the Nation Against Advanced Cryptographic Attacks” (Cryptographic EO), demonstrating the administration’s increasing focus on quantum.

Quantum technology is a rapidly growing field using quantum-mechanical principles to process data in ways not possible with classical computers. Quantum computers and quantum technologies like photonics and sensors are undergoing significant research and development efforts that will impact every industry. One of the most immediately impactful issues related to quantum computers is their ability to break even the best classical computer encryption protocols. As a result, the United States and many other countries and large companies are dedicating significant funds to quantum research in an effort to ensure the protection of critical encrypted data. Quantum is both an amazing new technology and an imminent security threat.

To that end, the Quantum EO asks an alphabet soup of federal agencies to submit reports on their recommendations to support the quantum industry.

In particular, advisors including the:

  • Assistant to the President for Science and Technology,
  • Secretary of War,
  • Secretary of Commerce,
  • Secretary of Energy,
  • Director of National Intelligence,
  • Director of the National Science Foundation,
  • National Science and Technology Council Subcommittees on Quantum Information Science and Economic and Security Implications of Quantum Information Science,
  • National Aeronautics and Space Administration, and
  • National Security Agency,

are asked to update the national quantum strategy with respect to issues including:

  • Efforts to provide a quantum computer to the Department of Energy;
  • Development of quantum-computer-enabled applications for commercial, government, and national security purposes;
  • Evaluation of quantum computing capabilities;
  • Identification of national security implications raised by quantum;
  • Identification of leading quantum sensor projects and technology;
  • Development of strategies to improve the supply chain for the quantum industry;
  • Strategies to grow the quantum industry;
  • Safeguarding quantum technologies;
  • Growing the quantum workforce; and
  • Coordinating quantum strategy on an international basis.

In contrast to the broad strategic scope of the Quantum EO, the Cryptography EO has a more specific focus: preparation for Q Day. Q Day is an industry term for the date when quantum computers can quickly (within hours) solve the algorithms that underlie current cryptography. This has enormous national security implications and affects every industry with sensitive data. The Cryptography EO specifically calls out the risk that adversaries are collecting encrypted United States data now, with the intention of decrypting it later, once large-scale quantum computers become operational. In other words, the threat is not just a future problem; it is happening today.

The Cryptography EO instructs the Director of the Office of Management and Budget and the National Cyber Director, in consultation with the Assistant to the President for National Security Affairs, the Administrator of the Office of Electronic Government, Secretary of Commerce, Director of National Institute of Standards and Technology (NIST), Director of the National Security Agency, Secretary of Homeland Security, and Director of Cybersecurity and Infrastructure Security Agency (CISA) to work together to develop and coordinate the national Post-Quantum Cryptography (PQC) migration strategy. PQC means cryptographic algorithms or methods designed to resist attack from both quantum and classical computers.

To get the ball rolling quickly, the Cryptography EO requires each agency head to identify a PQC migration lead within 30 days. These migration leads are responsible for overseeing agency-wide cryptographic inventory management, developing a prioritized PQC migration plan, and coordinating cross-agency efforts. Additionally, within 180 days, NIST must initiate a pilot project for PQC migration on a subset of its own information systems, to be completed no later than Dec. 31, 2027. NIST is critical because it is the federal agency leading the development of PQC methodologies.

The Cryptography EO further updates the deadlines for transitioning all high-value assets and high-impact systems to PQC for key establishment by Dec. 31, 2030, and for digital signatures by Dec. 31, 2031.

The Cryptography EO extends beyond federal systems. Sector Risk Management Agencies are directed to work with the Department of Homeland Security through CISA to help critical infrastructure owners and operators develop their own PQC migration plans. Internationally, the Secretary of State is directed to engage foreign governments and industry groups in key countries to encourage adoption of NIST-standardized PQC algorithms. The Cryptography EO also requires CISA, in coordination with NIST, to issue public guidance within 270 days outlining the minimum elements of a “cryptographic bill of materials,” enabling automated assessment of the cryptographic assets in any hardware or software product.

The Cryptography EO further directs the Federal Acquisition Regulatory Council to publish a rule amending the FAR to require covered contractors to comply with NIST’s FIPS by Dec. 31, 2030. Additionally, the FAR Council is directed to publish a proposed rule amending the FAR requirements and contract clauses governing contractor vulnerability disclosure programs to ensure that covered contractors implement vulnerability disclosure policies consistent with NIST guidelines and that such programs incorporate reports of cryptographic vulnerabilities.

On the procurement front, the EO directs several agencies to coordinate cost-saving measures for implementing the national PQC migration, including the migration of cloud-based technologies, shared procurement of PQC tools, joint training programs, and centralized technical support. NIST is also directed to revise the processes used by the Cryptographic Module Validation Program to accelerate validations of cryptographic modules, which should help vendors bring their PQC-compliant products to market faster.

Takeaways From Executive Orders

  1. People who work for one of the named government agencies will have some work to do evaluating quantum-related issues.
  2. For government contractors or subcontractors, the timeline for transitioning to PQC may be accelerated to 2030.
  3. If a company is a critical infrastructure owner or operator, it should expect its Sector Risk Management Agency to provide guidance on developing a PQC migration plan. Relatedly, forthcoming “cryptographic bill of materials” guidance from CISA and NIST will set requirements for documenting cryptographic components in hardware and software products.

Finally, even if a company is not a government contractor or critical infrastructure operator, it should take a thorough inventory of its critical data and encryption protocols and develop a plan to transition to PQC. While the exact date of Q Day is unknown, it is coming soon. In the meantime, bad actors are already hacking encrypted data in hopes of decrypting it soon, so bolstering encryption can only help.

In This Article

You May Also Like