On June 22, 2026, President Trump signed two executive orders establishing the United States government’s most comprehensive quantum technology policy framework to date. The first targets the development of a commercially relevant quantum computer by 2028. The second sets binding deadlines for federal post-quantum cryptography migration by 2030 and 2031. Read together, they represent an acknowledgment that the United States is simultaneously racing to develop the capability that will break current encryption and racing to replace the encryption that capability will break — on timelines that may not be as comfortable as the policy language implies.
By Vladimir Tsakanyan, PhD · Center for Cyber Diplomacy and International Security · cybercenter.space
The White House Instagram post that accompanied the June 22 signing ceremony used the phrase “Golden Age of American Quantum.” The executive orders themselves are somewhat more precise about what that phrase requires. The first, establishing the Quantum Computer for Application Development and Discovery Science effort, directs the Department of Energy and the Department of Defense to build and host a quantum computer capable of initiating the era of quantum-enabled scientific discovery — a machine that White House Office of Science and Technology Policy Director Michael Kratsios said the administration believes can be delivered by 2028. The second directs the Office of Management and Budget and the National Cyber Director to lead an accelerated nationwide migration to post-quantum cryptography, with binding deadlines of 2030 for high-value assets in certain use cases and 2031 for others.
The two orders were signed on the same day. They should be read as a single strategic document in two parts — the first describing the offensive capability the United States intends to build, the second describing the defensive migration that capability makes necessary. The relationship between them is not coincidental. It is the central policy logic of the current quantum era: the country that builds the most capable quantum computer will have the ability to break the encryption protecting every other country’s secrets, and the country whose encryption has not been migrated to quantum-resistant standards by the time that computer exists will bear the consequence.
What the First Order Actually Establishes
The quantum innovation executive order’s centrepiece is the QC-ADDS effort — a federally coordinated programme to develop at least one quantum computer of sufficient scale to initiate what the order terms “quantum-enabled scientific discovery.” The machine is intended for delivery to a Department of Energy facility, with availability extended to the broader scientific community to the extent possible.
The order’s operational architecture is more specific than the announcement language suggests. <cite index=”8-1″>Within 180 days, the Energy Department must explore private-sector partnership models to assess the cost, scope, and timeline for delivering at least one QC-ADDS machine. The Commerce Department must develop a plan that could include advance market commitments to encourage commercial quantum companies to contribute to the effort.</cite> The Secretary of Defense is directed to establish or designate dedicated activities and programmes for national security applications of quantum computing.
<cite index=”10-1″>The order integrates quantum computing, sensing, networking, supply chains, and international coordination into a unified policy framework tied to economic and security priorities, and states that the United States should maintain a technical edge in quantum technology and build a trusted domestic ecosystem across research, manufacturing, commercialisation, and application.</cite>
The 2028 commercial relevance target — the date by which the administration believes a commercially relevant quantum computer can be delivered — connects directly to the $2 billion in equity stakes the Commerce Department announced last month across nine quantum computing companies, including IBM’s new Anderon chip foundry. <cite index=”7-1″>One of the orders also aims to strengthen international cooperation on intellectual property protections and supply chain security measures in light of competitors and adversaries looking to undermine US economic and national security.</cite> The supply chain dimension reflects the same logic that has driven the semiconductor export control framework: quantum computing’s strategic value makes its supply chain a target for the same foreign acquisition and espionage efforts that have characterised the semiconductor competition.
The order also establishes a quantum performance benchmarking centre and counterintelligence measures specifically directed at protecting quantum research from foreign espionage. <cite index=”2-1″>The order tasks the FBI and intelligence community with better protecting the nation’s quantum research from foreign spying.</cite> This counterintelligence dimension reflects documented concerns about systematic Chinese collection against US quantum research — collection that has targeted university laboratories, national laboratories, and private companies across the quantum technology ecosystem.
Analyst note
The 2028 target for a commercially relevant quantum computer is the most consequential and least examined number in either executive order. It is more aggressive than most independent assessments of the quantum computing timeline have placed the threshold of cryptographically relevant capability — the specific capability required to break current public-key encryption at operational scale. The Google internal planning estimate of 2029, the Cloud Security Alliance’s Q-Day estimate of April 2030, and the broader academic consensus have generally placed the most concerning threshold in the 2029-2031 range. An administration that simultaneously sets a 2028 target for quantum computer delivery and 2030-2031 deadlines for post-quantum cryptography migration has implicitly set the two timelines in closer proximity than any prior government assessment. If the 2028 target is achieved, the margin between the capability’s existence and the migration’s completion is measured in months rather than years.
What the Second Order Establishes
The post-quantum cryptography executive order is the more consequential of the two for the immediate cybersecurity posture of the United States government and the critical infrastructure that depends on its security frameworks.
<cite index=”9-1″>The Order directs the Office of Management and Budget and the National Cyber Director to lead an accelerated, nationwide migration to post-quantum cryptography, ensuring the nation and its data stay secure as quantum technology evolves. It directs the Department of Commerce, the National Security Agency, and the Department of Homeland Security to deliver clear, practical guidance to agencies on effectuating and accelerating PQC migration. It also directs agencies to designate a PQC migration lead and to transition high-value assets for certain uses to PQC by 2030 and 2031 depending on the use case.</cite>
<cite index=”9-1″>The Order directs the Department of Commerce to initiate a pilot project for PQC migration, to be completed by December 31, 2027.</cite> The 2027 pilot is the most operationally significant near-term requirement: a completed migration demonstration before the end of next year would provide the methodology, tooling, and institutional knowledge that the 2030 and 2031 agency-wide deadlines require, and whose absence from most federal agencies’ current planning represents the primary risk to the timeline’s achievability.
The binding nature of the 2030 and 2031 deadlines distinguishes this order from the NIST standards framework that preceded it. NIST finalised its post-quantum cryptography standards in August 2024 and published migration guidance, but the adoption of those standards by federal agencies has been voluntary in its pace and inconsistent in its progress. The executive order converts voluntary adoption into mandatory compliance with specific deadlines and designated accountability — an agency PQC migration lead for each covered agency, OMB and National Cyber Director oversight, and the Commerce Department pilot providing the model.
The Harvest-Now-Decrypt-Later Problem This Order Addresses
The post-quantum cryptography executive order is the government’s most direct policy response to the strategic threat that previous analysis in this series identified as the defining characteristic of the current quantum era: harvest now, decrypt later.
The logic is specific. State-sponsored actors — most prominently China’s intelligence services, but also Russia’s and others — have been systematically collecting encrypted communications, classified cables, intelligence assessments, and sensitive government data transmitted over networks protected by current public-key encryption standards. They cannot read this data today. When a cryptographically relevant quantum computer exists — a machine capable of running Shor’s algorithm against RSA and elliptic curve cryptography at operational scale — they will be able to read everything they have collected, retroactively, without any further access to the target’s systems.
The executive order’s 2030 and 2031 deadlines for high-value asset migration are a race against this dynamic. Every day that a high-value federal system continues to operate on quantum-vulnerable encryption is a day that the encrypted traffic it generates is potentially being collected and stored by adversaries awaiting the capability to decrypt it. The deadline is not primarily about protecting communications from future quantum computers. It is about protecting communications transmitted today, yesterday, and over the past several years from the adversary’s archive that is already accumulating them.
The 2028 quantum computer target makes this urgency concrete. An administration that believes a commercially relevant quantum computer can be delivered in 2028 has implicitly acknowledged that the harvest now, decrypt later window — the period during which collected but unreadable data transitions from encrypted to accessible — may close within two years of the migration’s completion deadline. The margin for error in the migration timeline is correspondingly narrow.
The China Competition Dimension
The two executive orders are framed, in the White House fact sheets and in the OSTP director’s comments, explicitly in the context of the competition with China for quantum advantage. <cite index=”7-1″>The orders underscore the importance the Trump administration places on securing US leadership in the quantum race against China — which could fuel advances in artificial intelligence, materials science, and chemistry — while also protecting against the cybersecurity threats posed by the technology.</cite>
China’s quantum investment programme provides the competitive baseline against which the US effort is calibrated. China has invested more than $15 billion in quantum research, has deployed a 2,000-kilometre ground-based quantum key distribution network connecting Beijing and Shanghai, and operates a satellite-based QKD capability that represents the world’s most extensive operational quantum communication infrastructure. Chinese academic institutions and state-supported laboratories have published at a volume and pace in quantum computing research that reflects sustained national investment rather than commercially driven development.
The intelligence counterintelligence dimension of the first executive order — directing the FBI and IC to protect quantum research from foreign espionage — reflects the specific concern that Chinese collection efforts against US quantum research have been systematic and successful enough to warrant a dedicated policy response. The $2 billion equity investment in nine quantum companies announced last month, combined with the QC-ADDS programme and the supply chain security provisions of the innovation EO, constitute a coordinated federal effort to ensure that the foundational technologies of US quantum computing development remain within a trusted domestic and allied ecosystem rather than migrating, through acquisition, talent recruitment, or research partnership, to China’s quantum programme.
Analyst note
The combination of the $2 billion equity investment (announced May 21), the quantum innovation executive order (signed June 22), and the post-quantum cryptography executive order (signed June 22) constitutes the most coherent and comprehensive federal quantum policy framework assembled in a single month. The sequence — equity investment to signal demand and anchor supply chains, innovation EO to establish institutional coordination and timelines, PQC EO to mandate the defensive migration — reflects a policy architecture whose components reinforce each other in ways that individual announcements do not. The question that the architecture does not yet answer is whether the institutional capacity to execute it — at NIST, at the national laboratories, at OMB, and across the federal agency ecosystem — is commensurate with the timeline the orders establish.
The Implementation Challenges
The executive orders establish timelines and designate accountabilities. They do not resolve the implementation challenges that those timelines will encounter.
The cryptographic inventory problem is the most immediate. The post-quantum cryptography migration requires, as a prerequisite, a comprehensive understanding of every cryptographic implementation across every federal system — every certificate, every key, every protocol using RSA, ECC, or Diffie-Hellman key exchange. As previously documented in this series, 73 percent of compliance gaps in PQC migration programmes surface in the discovery phase rather than the implementation phase, because organisations consistently underestimate the breadth of their cryptographic exposure. Federal agencies, operating complex legacy system estates accumulated over decades, will face discovery challenges whose resolution requires time and expertise that the 2027 pilot deadline does not fully accommodate.
The skills gap compounds the inventory challenge. Post-quantum cryptography is a distinct technical discipline whose practitioners are in short supply relative to the demand that the migration will generate. The executive order directs workforce development measures within the quantum innovation framework, but the pipeline between policy direction and trained practitioners is measured in years, not months.
The vendor dependency dimension extends the migration challenge beyond federal systems to the commercial infrastructure on which those systems depend. Federal agency networks connect to commercial vendors, cloud providers, and technology platforms whose own PQC migration timelines are not under federal control. A federal system that has completed its internal PQC migration but continues to exchange data with a vendor operating on quantum-vulnerable encryption has not achieved the security posture the migration is designed to provide. The critical infrastructure provisions of the PQC executive order — directing the administration to help critical infrastructure owners adopt the same protections — acknowledge this dependency without fully resolving it.
The International Dimension
The quantum executive orders carry implications for allied governments and international governance that the domestic policy framing has not foregrounded.
The supply chain and international cooperation provisions of the innovation EO — directing the strengthening of intellectual property protections and supply chain security in cooperation with allies — extend the Pax Silica framework’s logic to the quantum domain: a trusted ecosystem of allied governments and commercial partners whose quantum development infrastructure excludes the actors whose acquisition of advanced quantum capability would pose the most direct strategic risk.
The PQC migration deadlines create an implicit standard for allied government alignment. NATO allies and Five Eyes partners whose cryptographic infrastructure intersects with US government systems will face pressure to align their own PQC migration timelines with the US deadlines — not through any formal allied mandate in the executive orders, but through the practical requirement that the systems of close allies and partners remain interoperable with a US government infrastructure that will be operating on quantum-resistant cryptographic standards by 2030 and 2031. An allied government that has not completed its own migration by the time US systems require quantum-resistant handshakes from their communications partners will face an interoperability gap whose consequences are not hypothetical.
The Policy Architecture in Context
Today’s executive orders are the fourth significant federal quantum policy action in thirteen months: the Trump quantum initiative executive order in May 2025 (first term continuation), the $2 billion equity investment in nine quantum companies announced May 21, 2026, and now the two executive orders signed June 22. They arrive alongside the broader cybersecurity policy architecture documented throughout this series — the Cyber Strategy for America (March 2026), the AI executive order (June 2), the Great American Artificial Intelligence Act discussion draft (June 4), and the export control directive against Anthropic’s frontier models (June 12).
The pattern across this architecture is the assertion of federal primacy over the technology domains — AI, quantum, semiconductors — whose strategic significance makes them objects of great power competition. The quantum executive orders fit this pattern precisely: a federal commitment to build the most capable quantum computer, a federal mandate to migrate to quantum-resistant cryptography, and a federal counterintelligence programme to protect the research that both objectives require.
What the architecture does not yet resolve is the relationship between the offensive and defensive timelines — between the 2028 quantum computer target and the 2030-2031 PQC migration deadlines. An administration that achieves the former on schedule and the latter on schedule has a two-to-three-year window in which the United States possesses cryptographically relevant quantum capability and its most sensitive government systems have already been migrated to quantum-resistant standards. An administration that achieves the former on schedule and the latter late has a different condition entirely.
Bottom Line Assessment
The two executive orders signed on June 22, 2026 represent the most operationally specific federal quantum policy framework to date. Their combination — an offensive capability development programme with a 2028 target and a defensive cryptographic migration with 2030-2031 deadlines — acknowledges, more directly than any prior government document, that the timeline between quantum capability and quantum threat is measured in years, and that the margin for delay in the defensive migration is correspondingly limited.
The policy architecture is sound. Its execution depends on institutional capacity — at the national laboratories, at NIST, at OMB, across the federal agency ecosystem, and within the commercial and allied infrastructure whose migration cannot be mandated by executive order — that the orders establish accountability for but cannot themselves create.
The harvest now, decrypt later problem that the PQC executive order addresses is not a future threat awaiting a quantum computer to activate it. It is an ongoing collection operation whose consequences are deferred, not absent. Every month that federal systems continue to transmit sensitive communications over quantum-vulnerable encryption is a month of additional material for the adversary’s archive. The 2030 and 2031 deadlines are the government’s commitment that the archive will stop growing before the capability to read it arrives.
Whether the migration will be complete before that capability materialises — in the United States, in China, or in the hands of an actor whose development timeline neither government currently tracks with full confidence — is the question whose answer the two executive orders have set in motion without yet guaranteeing.
Quantum Computing · Post-Quantum Cryptography · Executive Order · QC-ADDS · PQC Migration · National Security · China Competition · NIST · Harvest Now Decrypt Later · Vladimir Tsakanyan
Leave a comment