An executive order signed on 22 June, titled "Securing the Nation Against Advanced Cryptographic Attacks", tells US federal agencies to accelerate the move away from cryptography that could be vulnerable to future large-scale quantum computers. Ars Technica described the order as a sharp shortening of the timetable for dropping quantum-vulnerable cryptography. The order says adversaries may collect encrypted information now and hold it for later decryption, a risk often described by security agencies as "harvest now, decrypt later".
The order does not say such computers can already break widely deployed encryption at useful scale. Its premise is more uncomfortable for public-sector technology teams: migration takes years, and waiting until the threat is practical would leave agencies trying to rebuild cryptographic plumbing under pressure.
The policy target is post-quantum cryptography, meaning algorithms designed to resist attacks by both quantum and classical computers. The National Institute of Standards and Technology released its first three finalised post-quantum encryption standards in 2024 and urged system administrators to start integrating them because full adoption would take time. Those standards include FIPS 203 for key establishment and FIPS 204 and FIPS 205 for digital signatures.
Table: federal post-quantum cryptography deadlines in the White House order
| Deadline | Actor | Required action |
|---|---|---|
| 30 days after 22 June 2026 | Agency heads | Identify a post-quantum cryptography migration lead |
| 90 days after 22 June 2026 | Office of Management and Budget | Issue guidance requiring agencies to review inventories of high-value assets and high-impact systems |
| 180 days after 22 June 2026 | NIST | Start a post-quantum migration pilot on a subset of NIST systems |
| 31 December 2027 | NIST | Complete the pilot project |
| 31 December 2030 | Agencies | Move high-value assets and high-impact systems to post-quantum key establishment |
| 31 December 2031 | Agencies | Move high-value assets and high-impact systems to post-quantum digital signatures |
| 270 days after 22 June 2026 | CISA and NIST | Release public guidance on minimum elements for a cryptographic bill of materials |
Source: White House executive order, 22 June 2026.
The most consequential deadlines apply to high-value assets and high-impact systems outside national security systems. The order directs OMB to issue guidance requiring agencies to review those inventories, develop migration plans and transition key establishment by the end of 2030 and digital signatures by the end of 2031. National security systems are handled through a separate reporting channel led by the National Security Agency.