On June 22, 2026, the White House signed two executive orders that together define the US government's quantum computing posture for the rest of this decade. One orders the construction of a quantum computer capable of genuine scientific research, with a 2028 target. The other sets the first executive-level, binding deadlines for migrating federal systems to quantum-resistant encryption: key establishment by 2030, digital signatures by 2031.
Michael Kratsios, director of the White House Office of Science and Technology Policy, confirmed both orders in a press call: "We believe this can happen by 2028."
This post breaks down what the orders actually say, the cryptographic standards they mandate, the threat they are responding to, and what the US–China quantum race looks like in mid-2026.
Two orders, two tracks
The administration framed this as a dual strategy: capture the upside of quantum computing while protecting against the downside.
Order 1 — Build a quantum computer: Tasks the Departments of Energy and Defense with building and hosting a quantum computer for scientific research. Establishes a performance benchmarking center, expands counterintelligence measures to protect quantum research from foreign threats, and initiates workforce development programs. A separate measure instructs agencies to develop five-year deployment plans for quantum-enabled sensors and networks.
Order 2 — Secure against quantum attacks: Requires all federal civilian agencies to migrate to post-quantum cryptography on a firm timeline, designate a PQC migration lead within each agency, and maintain a living cryptographic inventory. The order cites NIST's finalised standards — ML-KEM and ML-DSA — as the required algorithms.
The full texts are available on the White House at Ushering in the Next Frontier of Quantum Innovation and Securing the Nation Against Advanced Cryptographic Attacks.
Claude for Work
Use Claude as a thought partner for writing, research & decisions — no coding required. 2 live sessions with Yash Thakker.
Claude for Work is a 2-day live workshop on using Claude to supercharge your daily work — writing, research, analysis, and decision-making — without any coding required. Learn how to set up Claude Projects with custom instructions, run deep-research sprints, co-write documents that sound like you, and build repeatable prompt systems for your team. August 1–2, 2026. Hosted by Yash Thakker, founder of AISOLO Technologies, instructor to 350,000+ students.
Includes 1-year access to all session recordings, a personal prompt library, Discord community access, and a certificate of completion. No coding or technical background required. Designed for managers, marketers, founders, and writers.
What is the "harvest now, decrypt later" threat
The cryptography order explicitly references what security researchers call harvest now, decrypt later (HNDL): nation-state adversaries are exfiltrating and storing encrypted government and enterprise traffic today, betting that a sufficiently powerful quantum computer will eventually break the RSA and elliptic-curve encryption protecting it.
The logic is straightforward. Classified government communications, intellectual property, or financial data that needs to remain secret for 10, 20, or 30 years is protected by encryption that was designed against classical computing threats. If a cryptographically-relevant quantum computer (CRQC) becomes available in the 2030s, all that archived traffic can be decrypted retroactively. The window for "harvest" is now; the window for "decrypt" is a decade out.
This is not theoretical. Intelligence assessments cited in the order acknowledge active collection of encrypted data by foreign adversaries. The 2030 deadline for key establishment migration is not arbitrary — it is a race against the estimated arrival date of a CRQC.
The NIST standards being mandated
NIST finalised its first post-quantum cryptography standards in 2024. The June 2026 executive order mandates two of them:
ML-KEM (FIPS 203) — Module-Lattice-Based Key-Encapsulation Mechanism, derived from the CRYSTALS-Kyber algorithm. Used for key exchange — the process by which two parties establish a shared secret over an insecure channel. Replaces RSA-based and elliptic-curve Diffie-Hellman key establishment. The 2030 federal deadline covers this.
ML-DSA (FIPS 204) — Module-Lattice-Based Digital Signature Algorithm, derived from CRYSTALS-Dilithium. Used for authenticating the source and integrity of messages, code signatures, certificates. Replaces RSA and ECDSA signatures. The 2031 federal deadline covers this.
Both are lattice-based, meaning their security rests on the hardness of mathematical problems over high-dimensional lattices — problems that are believed to be hard for both classical and quantum computers. NIST also published SLH-DSA (FIPS 205), a hash-based backup signature scheme, as an alternative to ML-DSA if lattice assumptions are ever weakened.
The migration path for organisations running both classical and post-quantum systems during the transition is a hybrid approach: running simultaneous key exchanges using existing elliptic-curve methods alongside ML-KEM, then combining both shared secrets cryptographically. This provides security even if one algorithm is compromised.
Agency requirements in the order
Each federal civilian agency must:
- Designate a PQC migration lead — a named employee reporting directly to the chief information officer.
- Maintain a cryptographic inventory — a living list of every system using public-key cryptography, prioritised by data sensitivity and expected lifespan.
- Publish a transition plan — a prioritised roadmap to ML-KEM and ML-DSA migration by the respective deadlines.
- Complete a NIST pilot — within 180 days of the order, the Secretary of Commerce through NIST must run a PQC migration pilot on a subset of NIST-operated systems, to be completed no later than December 31, 2027.
High-value assets (HVAs) and high-impact systems are first in line. The order does not exempt legacy infrastructure — agencies must inventory it and plan accordingly.
The quantum computer goal: 2028
The order targeting quantum computing research sets an explicit 2028 target for a quantum computer capable of meaningful scientific computation. The language is careful — this is not a universal, fault-tolerant quantum computer that breaks encryption. It is a system useful for materials science, chemistry, drug discovery, and logistics optimisation problems that are intractable on classical machines.
The Departments of Energy and Defense are the named hosts. DOE's national laboratories (Argonne, Oak Ridge, Lawrence Berkeley) already run some of the world's largest classical supercomputers and have existing quantum hardware programs. The 2028 target aligns with IBM's own roadmap: the company announced a $10 billion quantum commitment in 2026 and targets delivery of a large-scale fault-tolerant quantum computer by 2029. The Commerce Department separately announced $2 billion in equity stakes across nine quantum-computing companies, including new IBM ventures, in May 2026.
Where the US–China race stands in mid-2026
The executive orders explicitly reference competition with China as a rationale. The current state of the race is roughly:
US advantages: More commercially available quantum processors, deeper private-sector investment (Google, IBM, Microsoft, Amazon), stronger access to advanced semiconductor components, and a broader commercial ecosystem of 325+ Fortune 500 companies and universities working with IBM's quantum systems alone.
China's position: China's government named quantum technology as a national strategic priority in its 2026–2030 Five Year Plan. USTC's Jiuzhang (photonic) and Zuchongzhi (superconducting) processors have produced some of the strongest experimental quantum-advantage demonstrations. China leads on state-funded research investment but trails on the commercial layer.
Neither country has produced a cryptographically-relevant quantum computer. The 2028 target from the US order — a scientifically useful machine, not a CRQC — is plausible. The timeline for a CRQC that can break 2048-bit RSA is still debated, but most estimates from the cryptographic community point to a window somewhere between 2030 and 2040. The 2030 migration deadline is designed to close that window before it opens.
What this means for developers and security teams
The executive orders formally apply to federal civilian agencies. But the downstream effects are broader:
Federal contractors and vendors — Any software, hardware, or service vendor selling into the federal market will need to meet the same cryptographic standards. FedRAMP, FISMA, and procurement requirements will update to reflect the 2030 and 2031 deadlines.
Critical infrastructure — Financial services, healthcare, utilities, and telecommunications operators regulated or connected to federal systems will face similar pressure.
Private sector long-lived data — If your system stores data that needs to remain confidential beyond 2035, you are in the harvest-now-decrypt-later threat window. That includes patient records, intellectual property, source code, and financial records. The migration from RSA/ECC to lattice-based standards is not a drop-in swap — TLS libraries, certificate authorities, HSMs, and application-layer key management all need updating.
Practical first step: Run a cryptographic inventory. Identify every place your systems generate, exchange, or verify keys using RSA or elliptic-curve algorithms. Prioritise by data sensitivity and expected lifespan. Libraries like OpenSSL 3.x have early ML-KEM support; test environments can be built today. The 2030 deadline is closer than it sounds once you account for procurement cycles and compliance review.
The bigger picture
The US has had informal quantum strategies and agency-level PQC guidance since NIST began the post-quantum standardisation process in 2016. What changed on June 22, 2026 is binding executive authority with named deadlines, named agency leads, and named algorithms.
For quantum computing, the 2028 target gives DOE and DOD a concrete deliverable and a budget anchor. For cryptography, the 2030 and 2031 deadlines give procurement officers and CIOs a hard date to plan backwards from.
The harvest-now-decrypt-later threat does not wait for the executive order to take effect. Data being encrypted today with RSA-2048 or P-256 is being archived by adversaries who believe they have time on their side. The orders are designed to change that calculation before the window closes.
The primary sources — the two executive orders — are published in full at whitehouse.gov and are worth reading directly if you are working on federal compliance or building systems with long data-retention requirements.