Seville, Spain
Seville, Spain
+(34) 624 816 969
US President Donald Trump has signed two executive orders that mark a before and after in the country's technological strategy. On one hand, concrete deadlines are set for federal agencies to migrate to post-quantum cryptography; on the other, a coordinated initiative is launched to boost quantum computing as a driver of innovation and national security. These measures not only affect the government but will have a direct impact on contractors, technology providers, and ultimately, the entire digital ecosystem.
Table of contents [Show]
The executive orders, titled Securing the Nation Against Advanced Cryptographic Attacks and Ushering in the Next Frontier of Quantum Innovation, aim to address two sides of the same coin: preparing for the risks of quantum computing while accelerating its development. According to the White House, this is a comprehensive strategy for national security, economic competitiveness, and cybersecurity.

The cryptography order has the most immediate impact. It establishes binding federal deadlines to migrate to quantum-resistant standards developed by the National Institute of Standards and Technology (NIST). Agencies must complete the migration of key establishment mechanisms by December 31, 2030, and digital signature systems by December 31, 2031. Within 30 days, each agency must designate a senior official to oversee the process.
Chris Hickman, CISO of Keyfactor, notes that this order "forces action" and "is aligned with what we've seen in other global jurisdictions." The deadlines not only affect agencies but will pressure contractors and critical infrastructure operators. "Many vendors don't want to lose federal revenue, so it's time to take this seriously," he adds.
The order introduces a key concept: the cryptographic bill of materials (CBOM), similar to an SBOM but focused on cryptographic algorithms and libraries. NIST and CISA have 270 days to define the minimum elements of this inventory. Experts have long insisted that migration cannot happen without knowing where cryptography is used. Additionally, a federal migration pilot program will be created before the end of 2027 to identify challenges and best practices.

The Federal Acquisition Regulatory Council must develop procurement requirements that obligate vendors to comply with NIST standards before 2030. This means that security companies, cloud services, software development, and managed services working with the federal government will have to demonstrate compliance. As Ilona Cohen of HackerOne points out, "federal networks are only as resilient as the contractors that support them."
To delve deeper into how companies can prepare for these changes, we recommend our guide on Ethical Hacking and Penetration Testing, where we address the importance of auditing cryptographic security.
The Administration warns that adversaries may already be collecting encrypted communications to decrypt them in the future, when sufficiently powerful quantum computers exist. This scenario, known as harvest now, decrypt later, underscores the urgency of migration. Although experts debate when such computers will arrive, authorities insist that waiting is not an option.
The second executive order creates the Quantum Computing for Accelerated Discovery and Development for Science (QC-ADDS) program, aiming to develop at least one quantum computer capable of driving scientific discoveries. Participants include the Department of Energy, Department of Commerce, Department of Defense, NSF, NASA, NSA, and other intelligence agencies.
Stefan Leichenauer of SandboxAQ highlights that "coordinated investment across the entire stack is required: cryptography, computing infrastructure, data generation, and application development." The order also promotes quantum networks, quantum sensing, and the creation of a national benchmarking capability.

The initiative seeks to move quantum technologies from the lab to the market, strengthening national supply chains and supporting technology transfer. Ankur Saxena of TDK Ventures states that "quantum computing is transitioning from a scientific frontier to an engineering and industrial race." Additionally, the National Quantum Initiative Advisory Committee will be reconstituted, and the Quantum Counterintelligence Protection Team will be expanded to protect intellectual property.
Talent development is another pillar: educational programs, certifications, and vocational training will be supported, along with national workforce development institutes in quantum science and information. If your company seeks to integrate these technologies, our guide on Implementing Generative AI in Workflows can offer a similar adoption framework.
These executive orders reflect a growing consensus in Washington: quantum computing is no longer just a research project but a strategic technology requiring simultaneous investment, governance, and risk management. For cybersecurity leaders, the post-quantum cryptography provisions have the most immediate impact, with deadlines, inventories, and procurement requirements marking the shift from planning to execution.
At ForgeNEX, we will continue to monitor these developments. Meanwhile, we invite you to explore other analyses such as Anthropic and the Open Source Security Body or The AI IPO Tsunami, which contextualize the current competitive landscape.
Original source: ComputerWorld. Analysis and adaptation by ForgeNEX.