This week, the outgoing White House Administration published an Executive Order on Strengthening and Promoting Innovation in the Nation’s Cybersecurity.
While the priorities of the new government might be unclear as yet, it’s interesting to see this emphasis following on from previous guidance – both from President Biden, and indeed, President Trump in his first term, who issued EO 13984 (January 2021) to address the very real threat of malicious cyber activity directed against the USA.
With the current geopolitical landscape, it seems likely that cybersecurity will continue to be a priority for the US. As the current Administration points out, the policy of the United States remains focused on protecting the federal government, private sector, and critical infrastructure from adversaries both home and abroad.
As part of the Executive Order, the White House covers several actions, and lays out specific timelines directly related to post-quantum cryptography (PQC). There’s no longer doubt that quantum computers, capable of breaking existing cryptography, are considered a mainstream threat, and the urgency, like the profile of PQC, is accelerating.
Once again, it’s interesting to note this emphasis on PQC, particularly the timelines specified throughout 2025. We’ve summarized the key points below.
Post-quantum considerations
- Within 180 days of the publication of the EO (July 14, 2025) the Director of CISA is required to release a list of product categories where PQC support is widely available.
- Within 90 days (October 12, 2025), agencies must ensure that any solicitations or requests for products in those categories specified by CISA, support PQC.
- Agencies must implement PQC or hybrid key establishment with a PQC algorithm as soon as possible when supported by existing network security products and services.
- Within 180 days (July 14, 2025), the Secretary of State and the Secretary of Commerce will encourage the transition to NIST-standardized PQC algorithms in other countries.
- By January 2, 2030, the Secretary of Defense and the Director of the Office for Management and Budget will also require agencies to support TLS 1.3 or a subsequent version, in order to prepare for transition to PQC.
For many, 2024 was the year in which post-quantum cryptography became a high-profile, mainstream topic, and so at the beginning of 2025, it’s great to see the US leading the way, in what will undoubtedly be a year of PQC adoption, both in the United States and around the world.
With existing guidance such as CNSA 2.0, the National Cyber Strategy (2023), the ongoing NIST standardization project, further emphasis from the executive branch, and incoming legislation, it’s likely that the rest of the world will follow the path, both in industry regulation, political positioning, and in updates to international technology supply chains.
You can read the Executive Order in full here to find out more about how the US is promoting innovation in cybersecurity against attacks from adversaries. For innovators such as PQShield, who’ve been actively shaping the standards and building the PQC solutions the world needs, it’s great to see the raised profile of post-quantum cryptography – the key to protecting a digital world in the quantum age.