US Government Mandates Post-Quantum Cryptography Migration by 2030

iconCryptoBriefing
Share
AI summary iconSummary

The quantum computing threat to modern encryption just got its most concrete federal deadline yet. President Trump signed two executive orders on June 23 mandating that federal agencies and contractors migrate their systems to post-quantum cryptography, with high-value assets required to use new encryption standards for key establishment by December 31, 2030.

What the executive orders actually require

The two orders, designated EO 14409 and EO 14411, attack the quantum problem from different angles. EO 14409 is the enforcement mechanism, establishing specific deadlines for transitioning federal systems to NIST-approved post-quantum cryptography standards. EO 14411 focuses on accelerating US quantum technology development more broadly.

Here’s the timeline baked into EO 14409. NIST must initiate a post-quantum cryptography migration pilot by December 31, 2027. Federal agencies must complete migration of high-value assets to PQC standards for key establishment by December 31, 2030. Digital signature migration gets an extra year, with a deadline of December 31, 2031.

Advertisement

The orders specifically cite the “harvest now, decrypt later” threat. This is the scenario where adversaries collect encrypted data today, stockpile it, and wait until sufficiently powerful quantum computers exist to crack the encryption retroactively.

The policy trail leading here

These executive orders didn’t materialize from nowhere. They build on a progression of federal cybersecurity policy stretching back several years.

National Security Memorandum 10, issued in 2022, first highlighted the risks posed by cryptanalytically relevant quantum computers, the kind capable of breaking widely used encryption like RSA and elliptic curve cryptography. The more recent EO 14306, from June 2025, refined previous requirements while preserving key benchmarks, including a January 2, 2030, target for TLS 1.3 support across federal systems.

CISA, the Cybersecurity and Infrastructure Security Agency, published a post-quantum cryptography product categories list in January 2026. That document created a catalog of PQC-ready tools and solutions that agencies could begin evaluating.

Why crypto investors should pay attention

Bitcoin’s security model relies on elliptic curve cryptography, specifically the ECDSA algorithm, for signing transactions. Ethereum uses the same foundation. A sufficiently powerful quantum computer could theoretically derive private keys from public keys, enabling an attacker to spend someone else’s funds.

Some blockchain projects have already begun exploring quantum-resistant cryptographic solutions. But the major networks, Bitcoin and Ethereum included, have not yet implemented protocol-level changes to address the quantum threat. Ethereum’s roadmap has referenced post-quantum considerations, and various research proposals exist, but production-ready migration remains distant.

The “harvest now, decrypt later” strategy applies to blockchain transactions just as readily as it applies to classified government communications, arguably more so, since blockchain data is public by design.

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.