On June 22, 2026, the White House released two Executive Orders (EOs) on quantum technologies: Securing the Nation Against Advanced Cryptographic Attacks (EO 14412) and Ushering in the Next Frontier of Quantum Innovation (EO 14413).  Through the first EO, the White House seeks “to safeguard America’s most sensitive data, [U.S.] critical infrastructure, and the digital economy that drives jobs and growth.”  (For further reading on this topic, our Post-Quantum Cryptography: A Practical Guide provides a high-level overview of steps organizations should consider to move toward post-quantum cryptography (PQC) to protect their systems.)  The second EO, in comparison, seeks “to supercharge U.S. innovation in quantum technologies.”  Together, these EOs reflect a continued U.S. government focus on core themes in the quantum space — security and innovation.

Securing the Nation Against Advanced Cryptographic Attacks

The Securing the Nation Against Advanced Cryptographic Attacks EO is grounded in one of the fundamental concerns driving the push for PQC: existing encryption standards may soon be easily overcome with quantum computers.  Further, encrypted information that is stolen today could be decrypted in the near future.

In attempting to address these growing security concerns, the EO directs strategic coordination within the federal government for a “national PQC migration policy and strategy,” tasking the Secretary of Commerce with providing “technical guidance on PQC implementation” to federal government agencies.  It further calls for an acceleration of the PQC transition in the U.S. government, directing agencies to transition their high impact systems and high value assets “to use PQC for key establishment by December 31, 2030” and similarly for digital signatures by December 31, 2031.

The EO’s initiatives extend beyond federal systems.  For example, relevant to federal contractors, the EO tasks the Federal Acquisition Regulatory Council to:

  • “publish a proposed rule amending the Federal Acquisition Regulation (FAR) to require covered contractors to comply by December 31, 2030, with NIST’s [Federal Information Processing Standards (FIPS)], including all applicable FIPS incorporating PQC compliant algorithms”; and 
  • “publish a proposed rule amending the FAR requirements and contract clauses for contractor vulnerability disclosure programs to ensure that covered contractors implement vulnerability disclosure policies (VDPs), consistent with NIST guidelines, and that VDPs incorporate reports of cryptographic vulnerabilities, including testing for lack of encryption and the use of non-FIPS approved algorithms.”

In addition, certain agencies are tasked with engaging with the U.S. Department of Homeland Security to support critical infrastructure owners and operators as they design PQC migration plans.  The EO also tasks multiple agencies with encouraging “foreign governments and industry groups in key countries” to adopt NIST’s standardized PQC algorithms.

Ushering in the Next Frontier of Quantum Innovation

The Ushering in the Next Frontier of Quantum Innovation EO focuses on encouraging pathways to expand the United States’ competitive edge in the quantum sector while bolstering national security as it relates to quantum technologies.  For example, the EO establishes a “national effort” to “pursue development of a quantum computer at a scale intended to initiate the era of quantum-enabled scientific discovery.”  In doing so, among other steps, the White House tasks the Secretary of Energy to “explore potential private-sector partnership models” and the Secretary of Commerce to “develop a plan, potentially including advance market commitments, to encourage” commercial quantum computing companies to contribute to the effort.  Federal agencies are also directed to develop a plan to partner with the private sector “to develop quantum-enabling component technologies” domestically, and to identify opportunities for deregulation to remove “quantum-specific market hurdles.”

Within the federal government, the EO requires certain agencies to develop five-year plans for the advancement of quantum sensing and networking as well a “Government-wide [Quantum information science and technology (QIST)] recruitment and retention strategy.”

The EO further directs “the Secretary of Energy, in consultation with the Secretary of War and the Secretary of Commerce,” to “establish a national center to develop the tools and capabilities required to accurately assess the performance of quantum computing systems.”  However, the EO does not specify the relationship between this center and NIST’s existing quantum measurement and benchmarking programs.

The EO also includes several internationally focused priorities.  For example, it emphasizes engaging with international partners to:

  • “ensure that [U.S.] quantum and quantum-enabling technology companies have access to strategic markets and capital from like-minded countries”; and
  • “maintain an international ecosystem of quantum-enabling technology companies with access to trusted supply chains, through, for example, harmonizing investment restrictions with international allies and partners,” among other goals.

Despite the EO’s strong focus on promoting quantum innovation, the White House continues to emphasize the importance of security.  The EO seeks to promote “robust and balanced security controls” over QIST activities, including by tasking the Director of the FBI with proposing “staffing requirements to expand the Quantum Information Science and Technology Counterintelligence Protection Team.”  (You can read more about the FBI’s team here.)

We will continue to monitor these and other quantum-related developments.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Caleb Skeath Caleb Skeath

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of…

Caleb Skeath helps companies manage their most complex and high‑stakes cybersecurity and data security challenges, combining deep regulatory insight, technical fluency, and practical judgment informed by leading incident response matters.

Caleb Skeath advises in‑house legal and security teams on the full lifecycle of cybersecurity and privacy risk—from governance and preparedness through incident response, regulatory engagement, and follow‑on litigation. A Certified Information Systems Security Professional (CISSP), he is trusted by clients across highly regulated and technology‑driven sectors to provide clear, practical guidance at moments when legal judgment, technical understanding, and business realities must be aligned.

Caleb has deep experience leading and overseeing responses to complex cybersecurity incidents, including ransomware, data theft and extortion, business email compromise, advanced persistent threats and state-sponsored threat actors, insider threats, and inadvertent data loss. He regularly helps in‑house counsel structure and manage investigations under attorney‑client privilege; coordinate with internal IT, information security, and executive stakeholders; and engage with forensic firms, crisis communications providers, insurers, and law enforcement. A central focus of his practice is advising on notification obligations and strategy, including the application of U.S. federal and state data breach notification laws and requirements along with contractual notification obligations, and helping companies make defensible, risk‑informed decisions about timing, scope, and messaging.

In addition to his work responding to cybersecurity incidents, Caleb works closely with clients’ legal, technical, and compliance teams on cybersecurity governance, regulatory compliance, and pre‑incident planning. He has extensive experience drafting and reviewing cybersecurity policies, incident response plans, and vendor contract provisions; supervising cybersecurity assessments under privilege; and advising on training and tabletop exercises designed to prepare organizations for real‑world incidents. His work frequently involves translating evolving regulatory expectations into actionable guidance for in‑house counsel, including in highly-regulated sectors such as the financial sector (including compliance with NYDFS cybersecurity regulations, the Computer Security Incident Notification Rule, and GLBA guidelines and guidance) and the pharmaceutical and healthcare sector (including compliance with GxP standards, FDA medical device guidance, and HIPAA).

Caleb’s practice also addresses evolving and emerging areas of cybersecurity and data security law, including advising clients on compliance with the Department of Justice’s Data Security Program, CISA‑related security requirements for restricted transactions, and preparation for new regulatory regimes such as the CCPA cybersecurity audit requirements and federal incident reporting obligations. He regularly counsels clients on how artificial intelligence and connected devices intersect with cybersecurity, privacy, and consumer protection risk, and how to support innovation while managing regulatory exposure.

Caleb also has extensive experience helping clients navigate high-stakes cybersecurity-related inquiries from the Federal Trade Commission, state Attorneys General, and other sector-specific regulators, including incident-specific inquiries as well as broader inquiries related to an entity’s cybersecurity practices and the security of product or service offerings. For companies that have entered into cybersecurity-related settlement agreements with regulators, Caleb has helped guide them through compliance with settlement agreement obligations, including navigating required third-party assessments and strategically responding to cybersecurity incidents that can arise while a company is subject to a settlement agreement. Caleb also routinely works hand-in-hand with colleagues in Covington’s class action litigation, commercial litigation, and insurance recovery practices to prepare for and successfully navigate incident-related disputes that can devolve into litigation.

Photo of Robert Huffman Robert Huffman

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing…

Bob Huffman counsels government contractors on emerging technology issues, including artificial intelligence (AI), cybersecurity, and software supply chain security, that are currently affecting federal and state procurement. His areas of expertise include the Department of Defense (DOD) and other agency acquisition regulations governing information security and the reporting of cyber incidents, the Cybersecurity Maturity Model Certification (CMMC) program, the requirements for secure software development self-attestations and bills of materials (SBOMs) emanating from the May 2021 Executive Order on Cybersecurity, and the various requirements for responsible AI procurement, safety, and testing currently being implemented under President Trump’s AI Executive Order. 

Bob also represents contractors in False Claims Act (FCA) litigation and investigations involving cybersecurity and other technology compliance issues, as well more traditional government contracting costs, quality, and regulatory compliance issues. These investigations include significant parallel civil/criminal proceedings growing out of the Department of Justice’s Cyber Fraud Initiative. They also include investigations resulting from False Claims Act qui tam lawsuits and other enforcement proceedings. Bob has represented clients in over a dozen FCA qui tam suits.

Bob also regularly counsels clients on government contracting supply chain compliance issues, including those arising under the Buy American Act/Trade Agreements Act and Section 889 of the FY2019 National Defense Authorization Act. In addition, Bob advises government contractors on rules relating to IP, including government patent rights, technical data rights, rights in computer software, and the rules applicable to IP in the acquisition of commercial products, services, and software. He focuses this aspect of his practice on the overlap of these traditional government contracts IP rules with the IP issues associated with the acquisition of AI services and the data needed to train the large learning models on which those services are based. 

Bob is ranked by Chambers USA for his work in government contracts and he writes extensively in the areas of procurement-related AI, cybersecurity, software security, and supply chain regulation. He also teaches a course at Georgetown Law School that focuses on the technology, supply chain, and national security issues associated with energy and climate change.

Photo of Benjamin Sovocool Benjamin Sovocool

Ben Sovocool is an associate in the firm’s New York office and is a member of the Corporate Practice Group. He advises clients in a range of corporate matters, including debt finance transactions, mergers and acquisitions, and financial regulatory issues.

Photo of Emily Pehrsson Emily Pehrsson

Emily Pehrsson works across sectors to counsel national and multinational companies on data privacy and cybersecurity issues.

In particular, Emily’s practice includes partnering with clients on the development of new products and services, designing privacy governance programs, and developing privacy disclosures and settings.

Emily Pehrsson works across sectors to counsel national and multinational companies on data privacy and cybersecurity issues.

In particular, Emily’s practice includes partnering with clients on the development of new products and services, designing privacy governance programs, and developing privacy disclosures and settings. Emily also counsels clients on topics such as cyber incident response, compliance with state and federal privacy and cybersecurity regulations, and government investigations. She routinely advises on complex national security and financial privacy regulatory frameworks.

In addition to her regular practice, Emily maintains a pro bono practice counseling small and nonprofit clients on privacy and cybersecurity, supporting domestic violence survivors, and handling criminal matters.

Photo of Alexandra Bruer Alexandra Bruer

Alexandra Bruer is an associate in the firm’s Washington, DC office. She is a member of the Data Privacy and Cybersecurity and CFIUS Practice Groups.