Securing the Nation Against Advanced Cryptographic Attacks
Jun 25, 2026
Signed by: Donald Trump
Signed on: Jun 22, 2026
Published on: Jun 25, 2026
Jun 25, 2026
Signed by: Donald Trump
Signed on: Jun 22, 2026
Published on: Jun 25, 2026
Summary
Protects the nation's computer systems from future threats by switching to new, stronger ways of hiding information that can resist quantum computers.
What problem does this solve?
Future quantum computers could easily break current security, letting enemies read secret U.S. information. This order requires the government to switch to new, quantum-resistant security to protect sensitive data.
What does this order do?
Sets deadlines for transition to new encryption
Requires high-value federal systems to use Post-Quantum Cryptography (PQC) for key establishment by December 31, 2030, and for digital signatures by December 31, 2031.
Requires government contractors to update security
Directs the Federal Acquisition Regulatory Council to propose a rule requiring government contractors to use NIST-approved PQC algorithms by December 31, 2030.
Appoints agency leads for the security transition
Mandates that every federal agency must name a 'PQC migration lead' within 30 days to oversee the agency's switch to the new cryptographic standards.
Creates guidance for a 'cryptographic bill of materials'
Directs the Department of Homeland Security and NIST to release public guidance on the minimum elements for a 'cryptographic bill of materials' to help automatically check security assets.
Promotes international adoption of U.S. standards
Requires the Secretary of State to work with other countries and industry groups to encourage them to switch to the PQC algorithms standardized by NIST.
Who does this affect?
- Federal government agencies
- Government contractors
- Critical infrastructure owners and operators
What is the real world impact?
•
Protects national security from future threats
Ensures that sensitive government data and critical infrastructure remain secure against powerful quantum computers that could break current encryption methods.
•
Establishes U.S. leadership in cybersecurity standards
By mandating the adoption of NIST-developed PQC standards, the U.S. encourages other countries and international industries to follow its lead, strengthening global digital security.
When does this start?
This order takes effect on June 22, 2026, and sets several deadlines for federal agencies and contractors over the next decade.
Agency PQC leads appointed
Within 30 days of the order (July 22, 2026), each agency must identify its PQC migration lead.
NIST pilot project completion
A pilot project for PQC migration run by NIST must be completed no later than December 31, 2027.
Deadline for key establishment transition
By December 31, 2030, all high-value and high-impact federal systems must use PQC for key establishment.
Deadline for contractor compliance
By December 31, 2030, covered government contractors must comply with NIST's PQC standards.
Deadline for digital signature transition
By December 31, 2031, all high-value and high-impact federal systems must use PQC for digital signatures.