OMB Gives Agencies 120 Days to Draft Post-Quantum Encryption Plans as 2030 Deadline Accelerates
Updated
Updated · FedScoop · Jun 26
OMB Gives Agencies 120 Days to Draft Post-Quantum Encryption Plans as 2030 Deadline Accelerates
2 articles · Updated · FedScoop · Jun 26
Summary
Federal agencies have 120 days to finalize post-quantum cryptography migration plans under a new OMB memo, with the government aiming to reduce as much quantum risk as feasible by Dec. 31, 2030.
The guidance requires agencies to prioritize high-impact systems, high-value assets and sensitive or quantum-vulnerable systems, update governance, and name a migration lead as plans move through five phases ending in full migration by 2035.
Trump's new quantum orders tightened deadlines from a 2022 Biden-era goal, requiring high-impact and high-value systems to adopt PQC for key establishment by end-2030 and for digital signatures by end-2031.
Experts split on whether that pace is enough: former Energy CIO Ann Dunkin warned 'harvest now, decrypt later' threats could make 2031 too late, while former ONCD official Phil Stupak said moving faster may be unrealistic.
Funding and market readiness remain major obstacles, with officials and contractors saying Congress, procurement support and more PQC-compliant products will be needed to upgrade legacy systems, cloud services and vendor-managed environments.
The US mandates a quantum-proof transition by 2030, but will the private sector be able to supply the necessary technology in time?
With adversaries already harvesting data, is a $7 billion quantum-proofing plan fast enough to protect America's most vital secrets?
Meeting the 2030 PQC Mandate: Federal Migration, Industry Impact, and the Urgent Need for Quantum-Resistant Security
Overview
In June 2026, the U.S. federal government issued a directive that mandates a rapid shift to quantum-resistant encryption standards, marking a major change in cybersecurity policy. This move requires not only federal agencies but also organizations working with the government or managing critical infrastructure to prepare for post-quantum security on an accelerated timeline. The Federal Acquisition Regulatory Council must propose rules to ensure contractors comply with new NIST standards by the end of 2030. This urgent action is driven by the growing threat from advancements in quantum computing, which could soon break current encryption and put sensitive data at risk.