Imagine someone recorded every phone call you made today, planning to listen to them all in ten years when the technology to decode them finally exists. That is the threat the federal government is trying to get ahead of right now.
President Trump put his signature on an executive order June 22 that requires every federal agency to swap out its current encryption for quantum-resistant alternatives. The order sets two firm dates. Systems that handle key exchange - the process that lets two parties share encrypted information securely - must be upgraded by the end of 2030. Digital signatures, which verify that a message actually came from who it claims to, get one more year, until the end of 2031.
Shifts like this quietly reshape entire industries, and Market Briefs breaks down what they mean for investors every morning - you also get a free investing masterclass when you sign up.
The logic behind the rush is straightforward. A quantum computer powerful enough to break today's encryption does not exist yet. But the data that current algorithms protect is being collected and stored right now. Once that machine arrives, everything sitting in storage becomes readable. Security researchers call this the "harvest now, decrypt later" problem.
Until now, the government was working toward a 2035 target established by a 2022 National Security Memorandum. This order cuts years off that schedule.
The deadlines are not arbitrary. In August 2024, the National Institute of Standards and Technology finalized the encryption standards these dates are built on. For key exchange, the standard is FIPS 203, built around an algorithm called ML-KEM. For digital signatures, the standards are FIPS 204 and 205, which use ML-DSA and SLH-DSA. NIST published these standards almost two years ago. The executive order is what finally gives them enforcement teeth.
The first deadlines hit fast. Within 30 days, every federal agency must appoint someone responsible for the migration. That person reports to the agency's chief information officer and oversees the full process - cataloging what encryption is in use, planning the transition, and executing the swap. Within 90 days, the Office of Management and Budget will tell agencies exactly how to review their systems and submit their plans.
NIST itself has to prove the concept works. The agency must complete a pilot migration on some of its own systems by the end of 2027.
The order does not stop at federal networks. The Federal Acquisition Regulatory Council has six months to write a rule extending the same 2030 compliance requirement to government contractors. A second rule, due in 270 days, would force contractors to disclose cryptographic weaknesses in their products.
CISA and NIST have 270 days to define what a "cryptographic bill of materials" looks like. Think of it as an ingredient label for encryption - a machine-readable document that catalogs every cryptographic tool embedded in any given system. You cannot replace algorithms you do not know exist.
The same day, Trump also signed a separate order called "Ushering in the Next Frontier of Quantum Innovation." That one addresses the supply side of the equation - actually building the quantum machines that create the threat in the first place.
For federal agencies and the companies that sell them technology, the real work starts with a catalog. Every place encryption touches - every login, every data transfer, every digital signature - needs to be found, documented, and scheduled for replacement.
Contractors should expect a compliance deadline written into their next federal contract. The standards are ready. The deadlines are set. The hard part is figuring out what you have before the clock runs out.
Whether 2030 and 2031 become real enforcement dates or just targets that slip will depend on the guidance OMB writes in the next 90 days and the rules the FAR Council proposes. But the direction is clear: the government is done waiting.
If you want to see these slow-moving shifts before the market does, read Market Briefs each weekday - it takes five minutes and comes with a 45-minute investing course as a bonus.
