On January 17, 2025, President Biden issued Executive Order 14144 which covered among other things requirements for agencies to implement Post Quantum Cryptography (PQC) algorithms as soon as practicable. On June 6, 2025, President Trump signed an Executive Order modifying the original one to redirect efforts from proactive development to identifying and managing vulnerabilities, moving away from initiatives perceived as regulatory overreach.
Perhaps the best way to show the specific changes is to provide a marked-up version of the relevant subsection 4(f) in this order to show what has been added and deleted. You can view the original Executive Order 14144 published in January in the Federal Register here and the modifications that have just been made to it here. A Fact Sheet that provides an overview of the modifications made in the areas of cybersecurity related Executive Orders 14144 and 13694 can be accessed here.
Marked-Up Comparison
(f) Alongside their benefits, quantum computers pose significant risk to the national security, including the economic security, of the United States. Most notably, a A quantum computer of sufficient size and sophistication— — also known as a cryptanalytically relevant quantum computer (CRQC)—) — will be capable of breaking much of the public-key cryptography used on digital systems across the United States and around the world. In National Security Memorandum 10 of May 4, 2022 (Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems), I directed the Federal Government to prepare for a transition to cryptographic algorithms that would not be vulnerable to a CRQC.
(i) Within 180 days of the date of this order By December 1, 2025, the Secretary of Homeland Security, acting through the Director of the Cybersecurity and Infrastructure Security Agency (CISA), and in consultation with the Director of the National Security Agency, shall release and thereafter regularly update a list of product categories in which products that support post-quantum cryptography (PQC) are widely available.
(ii) Within 90 days of a product category being placed on the list described in subsection (f)(i) of this section, agencies shall take steps to include in any solicitations for products in that category a requirement that products support PQC.
(iii) Agencies shall implement PQC key establishment or hybrid key establishment including a PQC algorithm as soon as practicable upon support being provided by network security products and services already deployed in their network architectures.
(iv) Within 90 days of the date of this order, the Secretary of State and the Secretary of Commerce, acting through the Director of NIST and the Under Secretary for International Trade, shall identify and engage foreign governments and industry groups in key countries to encourage their transition to PQC algorithms standardized by NIST.
(v) Within 180 days of the date of this order By December 1, 2025, to prepare for transition to PQC, the Secretary of DefenseDirector of the National Security Agency with respect to National Security Systems (NSS), and the Director of OMB with respect to non-NSS, shall each issue requirements for agencies to support, as soon as practicable, but not later than January 2, 2030, Transport Layer Security protocol version 1.3 or a successor version.
June 10, 2025
Leave A Comment