President Trump’s dual quantum Executive Orders seek to ignite quantum innovation and modernize U.S. digital security

The Trump administration is staking out America’s place at the forefront of the “quantum revolution,” with two Executive Orders (EO) issued by President Trump that aim to strengthen the U.S. quantum ecosystem and promote U.S. leadership in emerging quantum technologies. The EOs reflect the Trump administration’s dual focus on spurring innovation and ensuring the security of America’s digital infrastructure, given the risks that quantum advancements pose to longstanding security practices. The first EO, Ushering in the Next Frontier of Quantum Innovation, calls for a government-wide mobilization around quantum technologies, including a revised National Quantum Strategy, development of a scientifically-relevant quantum computer, advancements in quantum sensing and networking, improved security frameworks, and workforce programs, among other measures. The second EO, Securing the Nation Against Advanced Cryptographic Attacks, requires federal agencies to transition to post-quantum cryptography by 2031. 

Ushering in the next frontier of quantum innovation

The first EO establishes a U.S. policy to maintain a strategic technical advantage in quantum technologies and to lead the development of a "robust and trusted quantum ecosystem" across quantum research, manufacturing, commercialization, and application. 

Key provisions include:

Revised National Quantum Strategy. Within 180 days, the Assistant to the President for Science and Technology (APST) must update the National Quantum Strategy with policies to support the commercialization, deployment, and private-sector partnerships. Relevant agencies must align their processes, policies, and programs with the updated Strategy within 30 days of its publication.

Quantum Computer for Application Development and Discovery Science (QC-ADDS). The EO establishes a national effort to develop a scientifically-relevant quantum computer and deliver at least one such system to a Department of Energy facility. The Secretary of Energy must identify technical specifications within 90 days and explore private-sector partnership models within 180 days. The EO also directs the establishment of a national center to assess quantum computing performance and a plan—potentially including advance market commitments—to encourage contributions from commercial quantum computing companies.

Quantum Sensing and Networking. Within 60 days, the Secretary of War must identify at least three next-generation quantum sensor projects, with the goal of fielding the sensors by September 30, 2028. The Secretaries of Commerce, Energy, the Director of the National Science Foundation (NSF), and the Administrator of the National Aeronautics and Space Administration (NASA) must each develop 5-year plans for advancing quantum sensing and networking across commercial, scientific, and space applications.

Domestic Supply Chain and Ecosystem. The Secretary of Commerce must develop a plan to strengthen the quantum ecosystem through supply chain analysis, standards adoption, and elimination of manufacturing barriers. Within 120 days, relevant agencies must develop plans to partner with the private sector—potentially using prize challenges or advance market commitments—to develop quantum-enabling component technologies domestically. The EO also directs increased access to quantum-relevant foundry resources and NSF grants for user facilities.

Security and Counterintelligence Protections. The APST and the Assistant to the President for National Security Affairs (APNSA) must ensure quantum-related activities maintain robust security controls to safeguard critical information. The EO directs expansion of the Quantum Information Science and Technology Counterintelligence Protection Team (QCPT) to coordinate against adversarial threats and enhance threat-information sharing with industry and academia.

Workforce Development. Within 90 days, Office of Personnel and Management (OPM) must develop a government-wide quantum recruitment and retention strategy. The Secretary of Labor must prioritize Quantum information science and technology (QIST)-relevant needs in workforce training, and NSF must initiate a network of National QIST Workforce Development Institutes.

International Engagement. The Secretaries of State and Commerce must ensure U.S. quantum companies can access strategic markets and allied capital, harmonize export controls and investment restrictions with partners, and prevent adversaries from acquiring critical quantum-enabling technologies. Commerce must also recommend actions to address foreign trade barriers limiting U.S. quantum competitiveness. 

Securing the nation against advanced cryptographic attacks

The second EO addresses the risk that large-scale quantum computers—particularly in the hands of adversaries—will pose a "significant threat to widely used cryptographic security systems." The EO also warns that that ongoing cyber activity presents the risk of adversaries collecting U.S. information now and decrypting it later, once quantum computers become operational. 

Key provisions include:

• Mandatory Post-Quantum Cryptography (PQC) Transition. The EO requires agencies to transition federal information systems to National Institute of Standards and Technlology (NIST)-approved Federal Information Processing Standard (FIPS) for PQC—specifically, all high value assets (HVAs) and high impact systems must use PQC for key establishment by December 31, 2030, and for digital signatures by December 31, 2031. 
• PQC Migration Leads and Governance. Within 30 days, each agency head must designate a PQC migration lead to oversee cryptographic inventory management and develop a prioritized migration plan. The Director of  the Office of Management and Budget (OMB) and the National Cyber Director will lead strategic coordination of the national PQC migration. 
• Technical Guidance and Implementation. NIST, in consultation with National Security Administration (NSA) and Cybersecurity and Infrastructure Security Agency (CISA), must provide agencies with comprehensive technical guidance on PQC implementation. NIST must also initiate a PQC migration pilot project within 180 days, to be completed no later than December 31, 2027. 
• Critical Infrastructure Assistance. Sector Risk Management Agencies must work with CISA to assist critical infrastructure owners and operators in developing PQC migration plans. Within 270 days, CISA and NIST must release public guidance on minimum elements for a "cryptographic bill of materials." 
• Procurement and Federal Acquisition. Within 180 days, the Federal Acquisition Regulatory (FAR) Council must publish a proposed rule requiring covered contractors to comply with PQC-compliant FIPS by December 31, 2030. A separate proposed FAR rule, due within 270 days, must require covered contractors to implement vulnerability disclosure policies encompassing cryptographic vulnerabilities. 
• International Coordination. The Secretary of State must work with NIST, Department of Homeland Security (DHS), the National Cyber Director, the Secretary of War, and the Director of National Intelligence (DNI) to engage foreign governments and industry groups to encourage their transition to PQC algorithms standardized by NIST. 
• National Security Systems. Within 180 days and annually thereafter until PQC migration is complete, the Director of NSA must submit a report to the President on the status of PQC migration for agencies that own or operate National Security Systems. 

Key dates

• July 22, 2026 (30 days): Each agency head must designate a PQC migration lead. 

• September 20, 2026 (90 days): OMB must issue PQC migration guidance; the Secretary of Energy must identify QC-ADDS technical specifications. 
• December 19, 2026 (180 days): The APST must update the National Quantum Strategy. The FAR Council must publish a proposed rule requiring covered contractors to comply with PQC-compliant FIPS by December 31, 2030. NIST must initiate a PQC pilot project and revise Cryptographic Module Validation Program processes. 
• March 19, 2027 (270 days): CISA and NIST must release public guidance on cryptographic bill of materials requirements. The FAR Council must publish a proposed rule on contractor vulnerability disclosure programs encompassing cryptographic vulnerabilities. 
• December 31, 2027: NIST must complete its PQC migration pilot project. 
• December 31, 2030: Agencies must transition all HVAs and high impact systems to PQC for key establishment; covered federal contractors must comply with PQC-compliant FIPS. 
• December 31, 2031: Agencies must transition all HVAs and high impact systems to PQC for digital signatures.

Considerations and next steps for the private sector

Assess cryptographic posture and begin PQC planning now. Although the PQC mandates apply directly to federal agencies, the FAR Council's proposed rule will extend PQC compliance obligations to covered federal contractors by December 31, 2030. Organizations that contract with or supply technology to the federal government should assess their exposure and develop migration roadmaps. The forthcoming CISA guidance on cryptographic bills of materials will likely set a baseline expectation for supply chain transparency that extends beyond direct government contractors. 

Monitor quantum computing supply chain and partnership opportunities. The innovation EO calls for significant private-sector engagement in the quantum ecosystem. Companies with advanced computing, manufacturing, or quantum-enabling technology capabilities should monitor agency implementation to identify partnership and funding opportunities. The reconstitution of the National Quantum Initiative Advisory Committee may present another pathway for industry engagement.

Prepare for new procurement and vulnerability disclosure requirements. The second EO directs two proposed FAR amendments—on PQC compliance and disclosure policies for cryptographic vulnerabilities. Organizations that participate in federal procurement should prepare to comment on these proposed rules when published, engage in industry outreach efforts, and begin evaluating their existing vulnerability disclosure programs for alignment with NIST guidelines.

Engage in international coordination and standards efforts. Both EOs emphasize international dimensions—the innovation EO directs harmonization of export controls, investment restrictions, and research security policies with allies, while the cryptography EO directs engagement with foreign governments to encourage adoption of NIST PQC standards. Companies with global operations should track these developments for potential impacts. Participation in NIST standards processes and international industry groups will position organizations to influence the emerging PQC ecosystem.

Address "harvest now, decrypt later" risks in data governance. Organizations handling sensitive data—including personal data, trade secrets, and critical infrastructure information—should evaluate their data retention policies, encryption implementations, and long-term confidentiality requirements in light of this risk. Implementing hybrid cryptographic approaches or accelerating PQC adoption for the most sensitive data assets may be warranted ahead of regulatory mandates.

Our cross-border, cross practice group team is continuing to monitor developments on quantum. For questions about the EO or guidance on assessing quantum’s impact on your business and planning next steps, please contact the authors.

Authored by Katy Milner, Mark Brennan, Stacy Hadeka, Josh Gelula, and Ambia Harper.