US President Donald Trump signed two executive orders that require all civilian US federal agencies to overhaul their encryption systems. EO 14409 and EO 14411 thereby set the first binding deadlines for the post-quantum migration of the entire federal IT estate, with a final cutoff in 2031.
Post-quantum cryptography (PQC) refers to encryption methods that resist attacks from powerful quantum computers. Classical algorithms such as RSA and elliptic-curve cryptography, however, can be broken by sufficiently capable quantum machines. The US standards body NIST therefore published the first official PQC standards in 2024 (FIPS 203/204/205), following a process that began back in 2016. Both orders carry the force of law for civilian agencies and their contractors. National security systems under NSA jurisdiction, however, remain explicitly exempt. Trump signed them in the Oval Office, joined by National Cyber Director Sean Cairncross, CTO Ethan Klein, OSTP Director Michael Kratsios, Commerce Secretary Howard Lutnick, and representatives from Google and IBM. Moreover, the deadline is staggered into two phases. By the end of 2030, PQC must be in place for key establishment at high-value assets. By the end of 2031 it must additionally cover digital signatures.
Subscribe to our newsletter
The best articles of the week, directly delivered into your mailbox.
What EO 14409 mandates for the post-quantum migration
The order goes beyond a statement of intent. Instead, it forces a detailed agency roadmap with named officials and staggered interim deadlines. First, all affected agencies must designate a PQC migration lead within 30 days. The Office of Management and Budget (OMB) then has 90 days to issue binding guidance on the transition obligations. Responsibility rests with the OMB director and the National Cyber Director, supported by Commerce/NIST, CISA, and the NSA.
The real leverage, however, sits in the supply chain. CISA must publish guidance on a "cryptographic bill of materials" for critical infrastructure within 180 days. In addition, the Federal Acquisition Regulation Council is to propose compliance rules for contractors in the same window. As a result, the order pulls the entire private federal IT supply chain into scope, not just the agencies themselves. At the same time, NIST is to launch a PQC pilot project within 180 days, due for completion by the end of 2027. Meanwhile, the NSA must submit an initial migration status report after 270 days.
The scope stays clearly defined. It covers civilian agencies plus their contractors, while national security systems remain within the separate domain of the NSA. As the primary algorithmic standard, the order therefore names FIPS 203 (ML-KEM), complemented by FIPS 186-5 for digital signatures and FIPS 140-3 for cryptographic modules.
The threat model behind the orders
The early deadlines stem less from today's quantum computers than from an attack form already underway. With "Harvest Now, Decrypt Later," state actors collect encrypted communications today in order to decrypt them once the hardware is powerful enough. Data that someone intercepts now is therefore retroactively at risk, long before a working quantum computer exists. The EO text names exactly this logic as its central justification.
"The development of large-scale quantum computers, particularly in the hands of adversaries, will pose a significant threat to widely used cryptographic security systems." - EO 14409, White House, June 22, 2026
In addition, the technical horizon is shifting fast. The Project Eleven report published in May 2026 documents how the qubit requirements for an attack on RSA-2048 are collapsing. The estimate fell from 20 million physical qubits in 2021 to under 500,000 (Google/Babbush, March 2026). In a neutral-atom approach it drops even further, to roughly 10,000 qubits (Cain/Oratomic, March 2026). Current systems with fewer than 1,000 logical qubits, however, still cannot break cryptographic methods. A cryptographically relevant quantum computer requires several thousand high-quality logical qubits. The window is therefore open, yet it is closing noticeably.
The second order addresses the other side of this equation. EO 14411 establishes the QC-ADDS program, which is to provide at least one quantum computer at a Department of Energy facility for research. Furthermore, the Pentagon must prioritize three quantum-sensor projects within 60 days, with the goal of fielding them by September 2028. Through this, Washington aims to close the Chinese lead in quantum networking, which is considered substantial.
6.9 million Bitcoin with exposed public keys
The government deadline carries direct relevance for the crypto sector, which a recent industry report quantifies. The Coinbase Independent Advisory Board on Quantum Computing and Blockchain, a panel of academic and industry cryptography experts founded in January 2026, published the report "Post-Quantum Migration and Abandoned Coins" on June 11, 2026. Some of the authors include Yehuda Lindell (Coinbase/Bar-Ilan), Dan Boneh (Stanford), Scott Aaronson (UT Austin), Justin Drake (Ethereum Foundation), Sreeram Kannan (Eigen Labs/UW), and Dahlia Malkhi (UCSB). The core finding: between 6.9 and 7 million BTC sit in addresses with an already publicly exposed public key, more than a third of the circulating supply.
The breakdown reveals two sources of this vulnerability. Roughly 1.7 million BTC sit in legacy P2PK addresses from the Satoshi era. A further roughly 5 million BTC are exposed through address reuse, large portions of which sit in the cold wallets of well-known crypto exchanges. Project Eleven further puts the total volume at risk from elliptic-curve cryptography at more than USD 3 trillion in digital assets. For the time horizon, the report names a base scenario of 2033 for the so-called Q-Day, and as early as 2030 in an aggressive scenario.
The Coinbase advisory board therefore recommends starting the technical migration immediately, independent of the political governance debate over the so-called "abandoned coins." This question of whether lost or dormant Satoshi holdings should be protected or frozen can be handled separately from the technical switch. Current quantum computers cannot break the underlying cryptography anyway.
Blockchains and the governance dilemma
For decentralized protocols, the problem is sharper than for federal agencies. A government administration has a chain of command through which it can enforce deadlines. An open network like Bitcoin, by contrast, has none. The SegWit upgrade offers the precedent: four years of debate passed for a change that was largely technically uncontested. A PQC consensus is considerably more complex and could therefore take at least as long.
Several networks have nonetheless already begun. Ripple announced a multi-phase plan for PQC migration on the XRP Ledger by 2028, and Solana is pursuing a strategy to integrate new signature schemes. At Bitcoin, the BIP-360 proposal advances a quantum-safe address type, while quantum-resistant initiatives are also running at Ethereum and TRON. Centrally managed chains can react faster than networks that must organize a broad consensus. In addition, the US Department of Commerce announced an investment of USD 2 billion in quantum-chip foundries and startups in May 2026. Meanwhile, the NIST standards FIPS 203 (ML-KEM, formerly CRYSTALS-Kyber) and FIPS 204 (ML-DSA) form the algorithmic basis.
The open question is therefore not whether the consensus arrives, but when. The decisive factor will be whether it stands in time before the more aggressive Q-Day scenario, which Project Eleven dates to 2030.
