Trump sets federal deadlines for quantum-resistant encryption
President Trump ordered agencies to move sensitive federal systems to post-quantum cryptography, with key establishment due Dec. 31, 2030, and digital signatures due Dec. 31, 2031.
President Trump issued an executive order directing federal agencies to migrate high-value and high-impact systems to post-quantum cryptography. The order sets a deadline of Dec. 31, 2030, for establishing quantum-resistant keys and Dec. 31, 2031, for migrating digital signature systems. The directive covers sensitive federal systems, procurement, and coordination with critical infrastructure operators.
Agency leaders must appoint a post-quantum cryptography migration lead within 30 days. Those leads will report to agency chief information officers, inventory cryptographic assets and high-value systems, and prepare migration plans. The Office of Management and Budget will issue guidance within 90 days in coordination with the Cybersecurity and Infrastructure Security Agency and the National Cyber Director.
The National Institute of Standards and Technology is required to begin a pilot migration on systems it controls within 180 days and complete that pilot by Dec. 31, 2027, to guide wider adoption. The Federal Acquisition Regulatory Council has 180 days to publish a proposed rule that would require covered contractors to meet NIST standards, including post-quantum algorithms, by the 2030 key-establishment deadline.
Sector Risk Management Agencies will work with CISA to help critical infrastructure operators prepare migration plans. The order directs the Secretary of State to promote adoption of NIST post-quantum standards with international partners. Contractors that support covered federal systems could face new compliance requirements through forthcoming procurement rulemaking.
National Security Systems are excluded from the main migration track and will follow a separate process. The director of the National Security Agency must report progress on those systems to the president within 180 days and then on an annual basis.
Post-quantum cryptography refers to algorithms designed to resist attacks by both classical and quantum computers. The administration cited the risk that adversaries could collect encrypted U.S. data now and decrypt it later once large-scale quantum machines exist. To support planning and transparency, CISA and NIST have 270 days to publish guidance on minimum elements for a cryptographic bill of materials.
The material on GNcrypto is intended solely for informational use and must not be regarded as financial advice. We make every effort to keep the content accurate and current, but we cannot warrant its precision, completeness, or reliability. GNcrypto does not take responsibility for any mistakes, omissions, or financial losses resulting from reliance on this information. Any actions you take based on this content are done at your own risk. Always conduct independent research and seek guidance from a qualified specialist. For further details, please review our Terms, Privacy Policy and Disclaimers.
Articles by this author
