Key takeaways
- The White House’s latest Executive Order confirms that post quantum cybersecurity is now a present-day national priority, not a future consideration.
- Clear timelines and agency-level mandates signal an accelerated transition from post-quantum planning to real-world implementation.
- Quantum computers capable of breaking today’s cryptography are now treated as a mainstream security threat by the US government.
- The policy reinforces global momentum around NIST-standardised post-quantum cryptography and international alignment.
- For organisations and innovators like PQShield, this marks a decisive moment to move from readiness to deployment and help shape a quantum-safe digital future.
What the White House’s latest Executive Order means for PQC
This week, the outgoing White House Administration published an Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity, further reinforcing the strategic importance of post quantum cybersecurity across government, industry, and critical infrastructure.
While the priorities of the new government might be unclear as yet, it’s interesting to see this emphasis following on from previous guidance – both from President Biden, and indeed, President Trump in his first term, who issued EO 13984 (January 2021) to address the very real threat of malicious cyber activity directed against the USA.
Cybersecurity remains a geopolitical priority
With the current geopolitical landscape, it seems likely that cybersecurity will continue to be a priority for the US.
As the current Administration points out, the policy of the United States remains focused on protecting the federal government, private sector, and critical infrastructure from adversaries both home and abroad. The difference now is that quantum-enabled threats are no longer considered hypothetical.
Post-quantum cryptography moves into focus
As part of the Executive Order, the White House covers several actions, and lays out specific timelines directly related to post-quantum cryptography (PQC).
There’s no longer doubt that quantum computers, capable of breaking existing cryptography, are considered a mainstream threat. As a result, urgency around post quantum cybersecurity and the profile of PQC itself is accelerating rapidly.
2025 timelines signal urgency
Once again, it’s interesting to note this emphasis on PQC, particularly the timelines specified throughout 2025.
These milestones underline how quickly post-quantum considerations are moving from guidance into expectation.
Below is a summary of the key post-quantum requirements outlined in the Executive Order.
Post-quantum considerations
- Within 180 days of the publication of the EO (July 14, 2025) the Director of CISA is required to release a list of product categories where PQC support is widely available.
- Within 90 days (October 12, 2025), agencies must ensure that any solicitations or requests for products in those categories specified by CISA, support PQC.
- Agencies must implement PQC or hybrid key establishment with a PQC algorithm as soon as possible when supported by existing network security products and services.
- Within 180 days (July 14, 2025), the Secretary of State and the Secretary of Commerce will encourage the transition to NIST-standardized PQC algorithms in other countries.
- By January 2, 2030, the Secretary of Defense and the Director of the Office for Management and Budget will also require agencies to support TLS 1.3 or a subsequent version, in order to prepare for transition to PQC.
A turning point for post-quantum adoption
For many, 2024 was the year in which post-quantum cryptography became a high-profile, mainstream topic. As we move into early, it’s great to see the US leading the way, in what will undoubtedly be a defining year for post quantum cybersecurity, both domestically and globally.
With existing guidance such as CNSA 2.0, the National Cyber Strategy (2023), the ongoing NIST standardization project, further emphasis from the executive branch, and incoming legislation, it’s likely that the rest of the world will follow the path, both in industry regulation, political positioning, and in updates to international technology supply chains.
What this means for PQShield
You can read the Executive Order in full here to find out more about how the US is promoting innovation in cybersecurity against attacks from adversaries.
For innovators such as PQShield, who’ve been actively shaping the standards and building the PQC solutions the world needs, this raised profile of post-quantum cryptography reinforces an important truth: post quantum cybersecurity is central to protecting the digital world in the quantum age.
Start your post-quantum journey with confidence
If your organisation is assessing its readiness for the quantum era, now is the time to act. PQShield helps organisations design, test, and deploy practical post-quantum cryptography solutions aligned with emerging global standards.
Contact PQShield to discuss your post-quantum readiness
Frequently Asked Questions
What is post quantum cybersecurity?
Post quantum cybersecurity refers to security strategies and technologies designed to protect systems against attacks from quantum computers.
It focuses on replacing vulnerable cryptographic algorithms with quantum-resistant alternatives, such as those developed through NIST’s PQC standardisation process.
Why is post-quantum cryptography important now?
Quantum computers are progressing faster than previously expected. Even before large-scale quantum machines exist, attackers can harvest encrypted data today and decrypt it later. This makes early adoption of post-quantum cryptography critical.
How does PQShield support post-quantum transitions?
PQShield provides end-to-end PQC solutions, including cryptographic libraries, hardware IP, secure firmware, and crypto-agility tooling. These enable organisations to adopt PQC in a phased, standards-compliant way.
Are PQShield’s solutions aligned with NIST standards?
Yes. PQShield has played an active role in the NIST PQC standardisation process and builds solutions aligned with NIST-selected algorithms, ensuring long-term compatibility and compliance.
When should organisations start planning for post quantum cybersecurity?
Now. Regulatory timelines are tightening, and retrofitting cryptography later is costly and risky. Early planning, including risk assessment, crypto inventory, and phased deployment, helps organisations stay ahead of both threats and compliance requirements.