Key facts
- The White House has drastically shortened the deadline for adopting quantum-resistant encryption systems.
- High-value and high-impact systems must transition to quantum-resistant cryptographic key establishment by December 31, 2030.
- These systems must transition to quantum-safe digital signature schemes by December 31, 2031.
- The new deadlines are approximately five years sooner than previous timelines, reflecting reduced estimates for building cryptographically relevant quantum computers.
- The executive order establishes a government-wide transition coordination process and directs engagement with foreign governments on PQC algorithm adoption.
- New procurement rules will require covered contractors to meet quantum-readiness deadlines and implement vulnerability disclosure policies.
The White House has significantly accelerated the timeline for government agencies and organizations to transition to quantum-resistant encryption systems, citing the escalating threat posed by the potential development of cryptographically relevant quantum computers. An executive order, titled "Securing the Nation against Advanced Cryptographic Attacks," mandates that computing systems designated as "high-value assets" and "high-impact systems" must adopt new quantum-safe key establishment schemes by December 31, 2030, and quantum-safe digital signature schemes by December 31, 2031.
This accelerated timeline, which is about five years shorter for many entities than previously anticipated, comes in response to recent research suggesting that the resources and costs required to build a quantum computer capable of breaking current encryption are lower than previously estimated. Major technology companies like Google and Cloudflare have already begun to shorten their own transition timelines, aiming for completion by 2029.
The executive order highlights the risk of adversaries collecting sensitive information now and decrypting it later once large-scale quantum computers become operational. It establishes a government-wide process for coordinating this transition, led by the Director of the Office of Management and Budget and the National Cyber Director, with each federal agency designating a point person to report progress.
Furthermore, the order directs the Secretary of State to collaborate with NIST, the Department of Defense, Homeland Security, the National Cyber Director, and the Director of National Intelligence to engage with foreign governments and industry groups to promote the adoption of NIST-standardized PQC algorithms. NIST and the Cybersecurity and Infrastructure Security Agency will also issue guidance on cryptographic bills of materials (CBOMs), detailing all components within encryption systems.
New procurement rules are expected to require "covered contractors" to meet the same quantum-readiness deadlines and implement vulnerability disclosure policies. Experts note that this transition is complex and not a simple "drop-and-replace" exercise, as new public key sizes can be significantly larger. Separately, the White House has issued another executive order to support the development of quantum computing, aiming to establish a national effort to build the world's first powerful quantum computer.