On June 11, 2025, President Donald Trump signed Executive Order 14306, amending previous cybersecurity frameworks established by the Biden and Obama administrations.

The order identifies China as the primary cyber threat to the United States, while also acknowledging risks from Russia, Iran, and North Korea.

It upholds and enhances initiatives focused on secure software development and post-quantum cryptography to better address future cyber threats.

Notably, the new order eliminates mandatory software security attestations for federal contractors, reversing a requirement from Biden's earlier executive orders.

Furthermore, EO 14306 alters the scope of sanctions from Obama's EO 13694, limiting them to foreign entities, a change that has drawn criticism from industry experts.

This significant change restricts cyber sanctions authority to 'foreign persons,' thus limiting previous broader sanctions against domestic entities involved in cyber activities.

The Commerce Department is tasked with forming an industry consortium by August 1, 2025, to develop secure software guidance based on NIST frameworks.

The order is effective immediately, with a timeline extending to January 2030 for the full deployment of post-quantum cryptography across federal systems.

Agencies must support advanced encryption protocols by January 2030, with the Cybersecurity and Infrastructure Security Agency providing lists of quantum-resistant products by December 1, 2025.

Additionally, new provisions mandate the accessibility of cyber defense research datasets for academic researchers by November 1, 2025, and require the integration of AI software vulnerability management into security processes.

Dave Gerry, CEO of Bugcrowd, argues that this rollback sends the wrong message regarding cybersecurity risk management and highlights the need for accountability among both domestic and foreign actors.

Tim Mackey from Black Duck emphasizes that the modifications limit the impact of previous executive orders, anticipating more prescriptive guidance from NIST in 2025.