Preparing for Q-Day: New Executive Orders Address Quantum Innovation and Post-Quantum Cryptography
On 22 June 2026, President Donald Trump signed two significant executive orders aimed at accelerating quantum-technology innovation while simultaneously preparing federal systems and critical infrastructure for the cybersecurity risks posed by future quantum-computing capabilities.
Taken together, the orders signal an update to the National Quantum Strategy (NQS). Rather than treating quantum technology solely as a long-term research initiative, the Administration is pursuing a whole-of-government effort focused on deployment, commercialization, national-security applications, and cyber resilience.
The first executive order, “Ushering in the Next Frontier of Quantum Innovation,” establishes the Quantum Computer for Application Development and Discovery Science (QC-ADDS) Effort, a coordinated federal initiative intended to develop and deploy a scientifically useful quantum computer. The second executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” directs federal agencies to accelerate the adoption of post-quantum cryptography (PQC) to protect government systems and sensitive information against future quantum-enabled cyber threats. PQC refers to “cryptographic algorithms or methods that are designed to be resistant to attack by both a quantum computer and a classical computer.”
Why This Matters
These executive orders identify quantum technology as a strategic policy priority with implications for cybersecurity, government procurement, critical infrastructure, and emerging technology investment. Quantum technology has arrived, and its implications are significant.
Both domestic and foreign organizations may soon encounter new federal expectations relating to encryption standards, cybersecurity governance, supply-chain security, technology procurement, and participation in federally funded research initiatives. Companies that begin planning now may be better positioned to address future compliance requirements and capitalize on emerging opportunities.
Key Points
- “Harvest Now, Decrypt Later” is real. Adversaries may be collecting encrypted data today with the expectation that future quantum-computing capabilities could permit decryption of that information years later. It is critical that industry and government alike take notice and secure their infrastructure.
- Boards of directors and senior management should consider whether quantum readiness should be incorporated into data-governance programs, cybersecurity governance, enterprise risk management, and technology investment planning.
- Quantum technology is now a strategic national priority comparable to artificial intelligence, advanced semiconductors, and other emerging technologies. Quantum computing has the potential to transform industries including manufacturing, pharmaceuticals, energy, agriculture, logistics, and materials science by enabling solutions to certain computational problems that are difficult or impractical for classical computers.
- Companies that develop, deploy, procure, or rely upon advanced computing infrastructure should begin evaluating their exposure to quantum-related cybersecurity risks. Preparation is key—this process will take time and cannot occur overnight.
- Government contractors and entities participating in federally funded research and development programs may encounter new opportunities, funding streams, reporting obligations, and compliance requirements. The “national PQC migration policy” mandates a government-wide transition to quantum-resistant encryption to protect critical infrastructure and sensitive data.
Federal agencies are expected to accelerate adoption of quantum-resistant cybersecurity measures and to implement the National Institute of Standards and Technology’s (NIST) approved Federal Information Processing Standards (FIPS) for PQC, potentially influencing requirements for contractors, suppliers, and critical infrastructure operators.
Executive Order: Ushering in the Next Frontier of Quantum Innovation
The Administration’s quantum-innovation order creates the QC-ADDS initiative, directing multiple federal agencies to coordinate efforts to develop a quantum computer capable of advancing scientific discovery and solving problems beyond the capabilities of classical computing systems.
The initiative involves various federal stakeholders and will require a coordinated effort. The order also contemplates expanded development of quantum sensing and quantum-networking technologies, areas critical to national security and economic competitiveness.
The executive order further directs agencies to develop technical requirements, coordinate federal investments, and support the establishment of advanced quantum infrastructure. While the timeline for achieving large-scale fault-tolerant quantum computing remains uncertain, the Administration seeks to deploy a quantum computer capable of enabling meaningful scientific breakthroughs by 2028.
For companies operating in the quantum ecosystem—including hardware manufacturers, software developers, cloud-service providers, research institutions, and investors—the order signals continued federal support for commercialization and deployment efforts.
Executive Order: Securing the Nation Against Advanced Cryptographic Attacks
Q-Day—the anticipated date when quantum computers become powerful enough to break public-key encryption—is increasingly predicted to be approaching, although the timing remains uncertain. This reality carries practical significance. PQC is essential to protect our critical infrastructure, financial transactions, and way of life from adversarial cyber-attacks.
The order directs federal agencies to accelerate migration toward cryptographic systems designed to withstand attacks from future quantum computers. The Administration has established aggressive timelines for modernizing federal-encryption practices and reducing vulnerabilities associated with quantum-enabled decryption.
The order reflects growing concern regarding “harvest now, decrypt later” risks. Under this scenario, threat actors collect encrypted information today with the expectation that future quantum-computing capabilities may eventually allow them to decrypt sensitive data that currently appears secure.
Although large-scale quantum computers capable of breaking widely used encryption standards may still be years away, organizations that maintain long-lived sensitive information—including intellectual property, trade secrets, financial data, healthcare information, and classified or export-controlled information—should evaluate whether existing protections will remain adequate over the long term.
The executive order also suggests that federal contractors and critical infrastructure operators may face increased expectations regarding quantum readiness and cybersecurity modernization.
Notably, the order also directs the Cybersecurity and Infrastructure Security Agency (CISA), in coordination with NIST, to release public guidance on minimum elements for a “cryptographic bill of materials”—a disclosure mechanism intended to enable automated assessment of the cryptographic assets utilized by any hardware or software element. If broadly adopted, this requirement could compel technology vendors and government contractors to document and disclose the cryptographic components embedded in their products, analogous to the software bill of materials frameworks that have gained traction in recent years.
Industry Impacts
Government Contractors
Federal contractors should anticipate increased scrutiny regarding cybersecurity modernization, encryption practices, supply-chain security, and technology risk management. Future procurement requirements may incorporate PQC standards or quantum-readiness assessments.
Critical Infrastructure Operators
Organizations operating in the energy, telecommunications, transportation, financial services, healthcare, and defense sectors may face heightened expectations regarding cyber resilience and adoption of quantum-resistant security measures.
Technology Companies
Cloud providers, cybersecurity companies, networking vendors, semiconductor companies, and software developers may encounter increased demand for products and services that support PQC and quantum-secure communications.
Research Institutions and Emerging Technology Companies
The federal government’s expanded investment in quantum computing, sensing, and networking technologies may create new funding opportunities, public-private partnerships, and commercialization pathways.
Boards and Management Teams
As quantum risk becomes increasingly connected to enterprise cybersecurity and national security concerns, boards of directors and senior management teams should consider incorporating quantum readiness into broader technology governance and enterprise risk-management frameworks.
Legislative Landscape
The executive orders build upon a foundation of bipartisan congressional activity reflecting sustained legislative interest in quantum technology and postquantum cybersecurity. The Quantum Computing Cybersecurity Preparedness Act (Pub. L. 117-260), signed into law in December 2022, required the Office of Management and Budget (OMB) to prioritize the migration of federal information-technology systems to PQC and directed federal agencies to submit inventories of cryptographic systems vulnerable to quantum-enabled attacks. Separately, the National Quantum Initiative Act (Pub. L. 115-368), originally enacted in 2018 and subsequently reauthorized, established a coordinated federal quantum-research program spanning multiple agencies, including NIST, the US National Science Foundation, and the US Department of Energy, and has provided a framework for sustained federal investment in quantum research and workforce development.
Congressional committees have continued to signal interest in additional legislation addressing quantum-workforce development, supply-chain security for quantum technologies, and expanded requirements for critical infrastructure operators to adopt PQC standards. Taken together with the recent executive orders, these legislative efforts underscore that quantum policy is a bipartisan, multibranch priority—and that organizations should anticipate an evolving and increasingly comprehensive federal-regulatory landscape.
Key Deadlines
The two executive orders establish a series of implementation deadlines. Organizations monitoring federal quantum policy should take note of the following milestones:
| Deadline | Requirement |
| 30 days | Each agency must designate a PQC-migration lead |
| 90 days | OMB must issue guidance requiring agencies to review HVA inventories and develop PQC transition plans |
| 180 days | NIST must initiate a PQC-migration pilot project (completion by 31 December 2027) |
| 180 days | NQS must be updated |
| 180 days | FAR Council must publish a proposed rule requiring covered contractors to comply with FIPS/PQC standards by 31 December 2030 |
| 270 days | CISA must release public guidance on minimum elements for a cryptographic bill of materials |
| 270 days | FAR Council must publish a proposed rule on contractor-vulnerability disclosure programs incorporating cryptographic vulnerabilities |
| 31 December 2030 | All HVAs and high-impact systems must use PQC for key establishment |
| 31 December 2031 | All HVAs and high-impact systems must use PQC for digital signatures |
Recommended Next Steps
Organizations should consider taking proactive steps now, including:
- Conducting inventories of cryptographic assets and dependencies;
- Identifying systems containing long-lived sensitive information;
- Evaluating PQC-migration strategies;
- Assessing vendor and supply-chain readiness;
- Monitoring emerging federal-procurement requirements and technical standards; and
- Incorporating quantum-related risks into cybersecurity governance and enterprise risk-management programs.
How K&L Gates Can Help
The firm is uniquely positioned to assist clients by navigating the legal, regulatory, cybersecurity, procurement, and national-security implications of emerging quantum technologies. Our multidisciplinary team includes lawyers with experience in the White House, the intelligence community, and the US Department of Justice, having worked on government contracts, cybersecurity and privacy, national security, critical infrastructure, emerging technology, artificial intelligence, telecommunications, and public-policy matters.
Our lawyers are actively monitoring developments relating to quantum computing, PQC, federal-procurement requirements, technology regulation, cybersecurity governance, and national-security policy. We assist clients in evaluating emerging compliance obligations, preparing for evolving federal expectations, assessing technology-related risks, and identifying strategic opportunities arising from new government initiatives.
As federal agencies begin implementing these executive orders, organizations should expect additional guidance, technical standards, procurement requirements, funding opportunities, and compliance expectations. Companies that begin planning now may be better positioned to manage both the risks and opportunities presented by the next generation of quantum technologies.
The firm also assists clients with PQC-transition planning, government contracting requirements, technology transactions, supply-chain risk management, incident preparedness, and engagement with evolving federal-regulatory frameworks.
This publication/newsletter is for informational purposes and does not contain or convey legal advice. The information herein should not be used or relied upon in regard to any particular facts or circumstances without first consulting a lawyer. Any views expressed herein are those of the author(s) and not necessarily those of the law firm's clients.
