
On June 22, 2026, President Trump issued two Executive Orders entitled “Ushering the Next Frontier of Quantum Innovation” (Quantum EO) and “Securing the Nation Against Advanced Cryptographic Attacks” (Cryptographic EO) demonstrating the increasing focus of the administration on quantum.
Quantum technology is a rapidly growing technology using quantum-mechanical principles to process data in ways not possible with classical computers. Quantum computers and quantum technologies like photonics and sensors are undergoing significant research and development efforts that will impact every industry. One of the most immediately impactful issues related to quantum computers is their ability to break even the best classical computer encryption protocols. As a result, the United States and many other countries and large companies are dedicating significant funds to quantum research in an effort to ensure the protection of critical encrypted data. Quantum is both an amazing new technology and an imminent security threat.
To that end, the Quantum EO asks an alphabet soup of federal agencies to submit reports on their recommendations to support the quantum industry. In particular, advisors including the Assistant to the President for Science and Technology, Secretary of War, Secretary of Commerce, Secretary of Energy, Director of National Intelligence, Director of the National Science Foundation, National Science and Technology Council Subcommittees on Quantum Information Science and Economic and Security Implications of Quantum Information Science, National Aeronautics and Space Administration, and National Security Agency, are asked to update the National Quantum Strategy with respect to issues including:
- Efforts to provide a quantum computer to the Department of Energy;
- Development of quantum-computer-enabled applications for commercial, government and national security purposes;
- Evaluation of quantum computing capabilities;
- Identification of national security implications raised by quantum;
- Identification of leading quantum sensor projects and technology;
- Development of strategies to improve the supply chain for the quantum industry;
- Strategies to grow the quantum industry;
- Safeguarding quantum technologies;
- Growing the quantum workforce; and
- Coordinating quantum strategy on an international basis.
In contrast to the broad strategic scope of the Quantum EO, the Cryptography EO has a more specific focus: preparation for Q Day. Q Day is an industry term for the date when quantum computers can quickly (within hours) solve the algorithms that underly current cryptography. This has both enormous national security implications and implications for every industry with sensitive data (pretty much every industry). The Cryptography EO specifically calls out the risk of adversaries collecting encrypted United States data now with the intention of decrypting it later once large-scale quantum computers become operational. In other words, the threat is not just a future problem; it is happening today.
The Cryptography EO directs the Director of OMB and the National Cyber Director, in consultation with the Assistant to the President for National Security Affairs, the Administrator of the Office of Electronic Government, Secretary of Commerce, Director of National Institute of Standards and Technology, Director of the National Security Agency, Secretary of Homeland Security, and Director of Cybersecurity and Infrastructure Security Agency (CISA) work together to develop and coordinate the national Post-Quantum Cryptography (PQC) migration strategy. PQC means cryptographic algorithms or methods designed to resist attack from both quantum and classical computers.
To get the ball rolling quickly, the Cryptography EO requires each agency head to identify a PQC migration lead within 30 days. These migration leads are responsible for overseeing agency-wide cryptographic inventory management, developing a prioritized PQC migration plan, and coordinating cross-agency efforts. Additionally, within 180 days, NIST must initiate a pilot project for PQC migration on a subset of its own information systems, to be completed no later than December 31, 2027. NIST is critical because it is the federal agency leading the development of PQC methodologies.
The Cryptography EO further updates the deadlines for transitioning all high value assets and high impact systems to PQC for key establishment by December 31, 2030 and for digital signatures by December 31, 2031.
The Cryptography EO does not stop at federal systems. Sector Risk Management Agencies are directed to work with the Department of Homeland Security through CISA to assist critical infrastructure owners and operators in developing their own PQC migration plans. On the international front, the Secretary of State is directed to engage foreign governments and industry groups in key countries to encourage their adoption of NIST-standardized PQC algorithms. The Cryptography EO also requires CISA, in coordination with NIST, to release public guidance within 270 days describing the minimum elements for a “cryptographic bill of materials,” which would enable automated assessment of the cryptographic assets in any hardware or software product.
The Cryptography EO further directs the Federal Acquisition Regulatory Council to publish a rule amending the FAR to require covered contractors to comply with NIST’s FIPS by December 31, 2030. Additionally, the FAR Council is directed to publish a proposed rule amending the FAR requirements and contract clauses for contractor vulnerability disclosure programs to ensure that covered contractors implement vulnerability disclosure policies consistent with NIST guidelines and that such programs incorporate reports of cryptographic vulnerabilities.
On the procurement front, the EO directs several agencies to coordinate cost-saving opportunities in implementing the national PQC migration, including migration of cloud-based technologies, shared procurement of PQC tools, joint training programs, and centralized technical support. NIST is also directed to revise the processes used by the Cryptographic Module Validation Program to accelerate validations of cryptographic modules, which should help vendors get their PQC-compliant products to market faster.
So what are the takeaways from these two Executive Orders?
- First, folks who work for one of the named government agencies are going to have some work to do evaluating quantum related issues.
- Second, if you are a government contractor or subcontractor, the timeline for completing your transition to PQC may be accelerated to 2030.
- Third, if your company is a critical infrastructure owner or operator, you should expect your Sector Risk Management Agency to come knocking with guidance on developing a PQC migration plan. Relatedly, keep an eye out for the forthcoming “cryptographic bill of materials” guidance from CISA and NIST, which will establish requirements for documenting the cryptographic components in hardware and software products.
- Finally, even if your company is not a government contractor or critical infrastructure operator, you should take a serious inventory of your current critical data and encryption protocols and develop a plan for transitioning to PQC. While we don’t know exactly when Q Day will arrive, it is coming soon.
In the meantime, we know bad actors are hacking encrypted data with the hope that they will be able to decrypt it in the near future, so bolstering your encryption can only help you.
The Taft FinTech and Privacy, Security, and AI teams stand ready to assist organizations in crypto and digital assets, blockchain, financial services, banking, securities, bankruptcy, government investigations, intellectual property, litigation, public policy, tax, technology, transactional, and regulatory issues that serve clients across the FinTech space.
This article is intended for general informational purposes only and does not constitute legal advice.