With the signing of two executive orders on quantum computing this week, President Trump has set a new course for the industry. Quantum computing has been a research priority and a speculative threat for decades. What changed is that Washington has now treated it as a near-term security and industrial policy issue – which means the policy clock for encryption migration has started ticking whether the technology is ready or not.
The first order covers the security side. It directs federal agencies to accelerate migration to post-quantum cryptography, assigns the Office of Management and Budget, the National Cyber Director, Commerce, the NSA and DHS to lead the effort and requires agencies to move high-value assets to PQC-compliant systems by 2030 or 2031 depending on the use case. A Commerce pilot is due by December 2027.
The second order covers the industrial side, directing the development of a powerful quantum computer for scientific research and accelerating quantum-enabled technologies including sensors.
By issuing these orders, the administration identifies quantum technology as both a strategic race to win and a significant cybersecurity threat to manage.
What “Harvest Now, Decrypt Later” Actually Means
The phrase “harvest now, decrypt later” describes a threat that’s already live, even though quantum computers capable of breaking modern encryption don’t exist yet.
The concern is that adversaries – state actors in particular – are already intercepting and storing encrypted data today, with the intention of decrypting it once quantum capability arrives. If you’re protecting data that needs to stay confidential for ten or twenty years – classified government information, long-term financial records, medical data, intellectual property – the threat window is now, not in the future.
This is why governments aren’t waiting for a cryptographically relevant quantum computer to exist before acting. The US migration deadlines of 2030 and 2031 reflect a policy judgment that the transition away from quantum-vulnerable algorithms needs to begin now, because the systems and data most at risk can’t be migrated quickly. Legacy infrastructure, vendor-heavy IT stacks and long-lived sensitive data are the hardest to move. Starting late means the highest-risk assets are the last to be protected.
The five to ten year window before quantum computers can break current encryption is a reasonable shorthand, but not a settled scientific deadline. Public estimates vary widely: some researchers put RSA-breaking capability much later, while others cluster around the 2030s. The uncertainty cuts both ways, which is exactly why governments are moving now rather than waiting for consensus.
More from News
- Forget AI Chatbots – Factories Are Replacing Workers With Robots
- Seven UK Ministers In 10 Years: What Has Constant Government Change Done To SMEs?
- Industry Experts React To The Prime Minister’s Resignation
- Where Are Business Owners Learning How To Run Their Companies?
- AI Bosses Told The G7 Not To Trust Them – Why Is Their Cry For Help So Terrifying?
- The Gulf Built Its AI Empire During Conflict, How Could Peace Change Things?
- Jeff Bezos Says Blue Origin Isn’t Trying To “Reinvent Space Travel”; Rather, They’re “Going To Make It Cost Effective”
- Why Is The 2026 World Cup Turning Stadiums Into Mass Surveillance Hubs?
What The Deadlines Mean For Businesses
The US orders matter beyond American borders because they set migration timelines that supply chains, technology vendors and regulated industries globally will be expected to align with. Any business with considerable US public sector exposure, or whose technology stack includes US-derived security infrastructure, will feel the downstream pressure.
The larger trend is that governments are converging on similar timelines regardless of geography. The UK’s NCSC has published a PQC migration roadmap targeting completion by 2035, with high-priority upgrades from 2028. The EU has directed critical infrastructure to begin transitioning by the end of 2026 and complete migration no later than 2030. The policy direction is consistent across major economies: start now, prioritise the highest-risk assets first.
The real challenge for businesses isn’t guessing when quantum computing will fully arrive. It’s three more specific ones: where is our cryptography currently implemented, how long does our sensitive data need to stay confidential and which systems would be hardest to upgrade on short notice? The answers determine how urgent the timeline is. Sectors with long-lived sensitive data – healthcare, financial services, legal, defence supply chains – face the most acute pressure. Those with shorter data lifecycles have more flexibility, but the window to act in an orderly way is narrower than it looks on most IT roadmaps.
Trump’s orders didn’t make quantum computers more powerful – they made the deadline to prepare for them official.
