On June 22, 2026, President Trump signed Executive Order 14412, "Securing the Nation Against Advanced Cryptographic Attacks." It's the most visible signal yet that post-quantum cryptography has moved from research to regulatory requirement.
But the EO is actually the fourth deadline in a sequence that started months ago. Here's the full picture — four dates, what each one requires, and what it means for developers who aren't building national security systems.
The four deadlines
September 21, 2026 — FIPS 140-2 moves to the Historical List
This is the most immediate deadline and the least discussed.
On September 21, 2026, every FIPS 140-2 certificate moves to NIST's Historical List. Once there, federal agencies cannot rely on it to justify new procurement decisions — only FIPS 140-3 validations count for new acquisitions.
The module doesn't stop functioning. Existing deployments aren't instantly forbidden. But for any new purchase, a Historical-List certificate no longer satisfies the validation requirement.
If your product signs anything — tokens, documents, firmware, API responses — and you sell to government, healthcare, financial services, or defense contractors, this is a revenue-impacting deadline. After September 21, competitors with FIPS 140-3 validated modules have an immediate procurement advantage.
January 1, 2027 — CNSA 2.0 becomes a procurement gate
CNSA 2.0 is the NSA's Commercial National Security Algorithm Suite — the post-quantum cryptography mandate for National Security Systems. Starting January 1, 2027, all new NSS acquisitions must support CNSA 2.0 compliant algorithms.
The specific algorithms: ML-KEM-1024 for key establishment, ML-DSA-87 for digital signatures. These are the NSS-specific parameter sets — the highest security level, required for classified environments. For commercial and civilian use, ML-DSA-65 is the recommended variant: same algorithm family, NIST security level 3, optimized for API and production workloads.
The cascade reaches beyond defense. Defense contractors, sub-tier suppliers, and commercial vendors selling into classified environments are all on the hook. Enterprise buyers are already adding CNSA 2.0 requirements to RFPs for systems that will never touch a classified network.
Combined with the FIPS 140-2 sunset in September and CMMC Level 2 enforcement in November 2026, this creates a five-month compliance squeeze in the fall of 2026 that cannot be solved by urgency alone.
December 31, 2030 / 2031 — EO 14412 deadlines
EO 14412 sets two hard deadlines for federal agencies: post-quantum encryption for high-value systems by December 31, 2030, and post-quantum authentication by December 31, 2031. Federal contractors face the same 2030 deadline.
This is a significant compression of the prior federal target, which was around 2035. The reason: quantum computing is advancing faster than earlier estimates suggested. Cloudflare moved their own internal post-quantum security target to 2029 in April 2026, following research breakthroughs from Google and other labs.
The EO applies directly to federal agencies and contractors without requiring Congressional approval. Within 30 days of signing, every federal agency must designate a PQC migration lead. Agency migration plans must be submitted to OMB by October 22, 2026 — less than four months away.
One important clarification: the EO does not appropriate new funding. Only Congress can do that. Bipartisan legislation to codify the EO into law is already moving.
2030 / 2035 — NIST deprecation of RSA and ECDSA
This is the baseline that all the above builds on. NIST guidance places RSA and ECDSA — the algorithms signing most JWTs, documents, and API tokens in production today — on a path to deprecated status by 2030 and disallowed by 2035.
The EOs and CNSA 2.0 accelerate the federal timeline, but the underlying NIST trajectory is independent of any executive order and would survive any change in administration.
The two EOs are a paired strategy
Trump signed a second executive order the same day — EO 14413, "Ushering in the Next Frontier of Quantum Innovation" — which launches a national effort to develop a quantum computer capable of quantum-enabled scientific discovery by 2028.
The two orders are complementary by design. The government is accelerating quantum computing capabilities at the same time it's ordering cryptographic defense. That's not coincidence — it's the clearest signal yet that the timeline for cryptographically relevant quantum computers is being taken seriously at the policy level.
The harvest-now problem
EO 14412 explicitly cites "ongoing cyber activity against our Nation" where adversaries are "collecting United States information now, and decrypting it later once large-scale quantum computers are operational."
This is harvest-now-decrypt-later, and it's the reason the timeline matters today regardless of which deadline applies to your organization. If you're signing documents, contracts, health records, financial transactions, or firmware today with RSA or ECDSA, those signatures are potentially being archived by well-resourced adversaries.
The compliance deadlines are the floor. The actual threat model suggests starting sooner.
What this means if you're not in government or defense
EO 14412 creates direct obligations for federal agencies and contractors. For everyone else, there's no immediate legal mandate — but three things are worth understanding:
Procurement cascades. The federal procurement bar becomes the commercial market benchmark. It happened with IPv6, with DNSSEC, with TLS 1.3. Enterprise buyers follow federal requirements even when they're not legally required to.
The NIST timeline is independent. RSA-2048 and ECDSA are deprecated by 2030 and disallowed by 2035 under NIST guidance regardless of any executive order. That's the baseline.
Migration cost compounds. Updating cryptographic primitives across a production system touches every service that signs or verifies tokens, every client that stores them, every integration that depends on the format. The cost now is an afternoon of integration work. The cost in 2029 under regulatory pressure is measured in sprints.
The algorithms
The EO references NIST's finalized post-quantum standards from August 2024:
- ML-DSA (FIPS 204) — digital signatures. The replacement for RSA and ECDSA for signing tokens, documents, certificates, and API responses.
- ML-KEM (FIPS 203) — key establishment. The replacement for ECDH for TLS handshakes and key exchange.
Both are production-ready, standardized, and implemented in audited libraries. The migration cost now is a fraction of what it will be under regulatory pressure.
A practical starting point
Three things worth doing now, in order:
Audit where you generate signatures. JWT issuance, document signing, webhook signatures, device certificates, API tokens. Find everything.
Identify what has long-term security requirements. A session token expiring in an hour is different from a signed compliance document. Prioritize the latter.
For anything new, start with ML-DSA-65. The standard is final, implementations exist, and the migration cost now is an afternoon of work.
The two algorithms these mandates require — ML-DSA for signatures and ML-KEM for key establishment — are what the FIPSign suite covers. PQ-Sign handles post-quantum signing with ML-DSA-65 (NIST FIPS 204). PQ-Proxy handles post-quantum TLS with X25519MLKEM768 (NIST FIPS 203). Free tier at fipsign.dev.
Top comments (0)