On June 22, 2026, the White House signed an executive order titled “Ushering in the Next Frontier of Quantum Innovation,” establishing quantum information science and technology (QIST) as a national priority and directing a coordinated, whole-of-government effort to accelerate American leadership in the field. It was signed the same day as a companion order, “Securing the Nation Against Advanced Cryptographic Attacks,” which mandates the federal migration to post-quantum cryptography. Together the two orders represent the two halves of a single national posture: build the quantum future faster than adversaries, and harden the nation’s encryption before that future arrives.

This article focuses on the innovation order — what it directs, which agencies it tasks, and why a compliance and risk audience should pay attention to what reads, on its surface, like an industrial-strategy document. The short answer: the order’s deadlines, supply-chain mandates, counterintelligence provisions, and its explicit one-year assessment of commercial quantum progress are the leading indicators that will drive the cryptographic compliance obligations every regulated organization is about to face.

What the Order Directs

The order frames QIST as critical to American innovation, economic growth, and national security, invokes the 2018 National Quantum Initiative Act, and calls for “a cohesive, whole-of-government approach.” Its operative sections set a sequence of concrete taskings and deadlines.

An updated National Quantum Strategy (Section 3). The order directs the Assistant to the President for Science and Technology to update the National Quantum Strategy within 180 days, coordinating across the Departments of Commerce, Energy, and War, the Director of National Intelligence, and the National Science Foundation. Agencies must report on their alignment with the updated strategy within 30 days of its issuance.

Quantum computing for science (Section 4). It establishes the Quantum Computer for Application Development and Discovery Science (QC-ADDS) effort to build large-scale quantum computers for scientific discovery, to be deployed at Department of Energy facilities. Technical specifications are due within 90 days.

Quantum sensors and networks (Section 5). The Secretary of War must identify three next-generation quantum sensor projects within 60 days, with a fielding target of September 30, 2028.

Supply chain (Section 6). Commerce is directed to develop supply-chain analysis plans, and multiple agencies are to partner with the private sector on quantum-enabling component technologies.

Technology protection (Section 7). The order coordinates security controls across QIST activities and expands the Quantum Information Science and Technology Counterintelligence Protection Team (QCPT) — a recognition that quantum capability is a target for adversary acquisition and espionage.

Workforce (Section 8). The Office of Personnel Management must develop a government-wide quantum recruitment and retention strategy within 90 days, with the Labor Department prioritizing QIST workforce training within 120 days.

International engagement (Section 9). The State and Commerce Departments are to align international efforts so that American companies can access strategic markets while adversaries are prevented from acquiring critical quantum technologies.

The order names a broad agency roster — DOE, Commerce, War, NSF, DNI, NASA, NSA, FBI, and OPM — and notably does not attach specific dollar figures, relying instead on programs such as QC-ADDS, potential advance market commitments, and prize challenges to mobilize private-sector development.

The Provision Compliance Teams Should Circle

Buried among the industrial-policy directives is the sentence that matters most for risk planning: the order tasks the Director of National Intelligence and the Secretary of War with identifying, within one year, the national-security implications of the “increasing scale and performance of commercial quantum computers,” and it explicitly references the implications for post-quantum cryptography migration.

This is the government formally acknowledging, at the level of a presidential directive, that the timeline to a cryptographically relevant quantum computer is no longer a comfortably distant abstraction. The same dynamic drove CISA’s compressed Q-Day mandate, where breakthroughs in algorithmic efficiency slashed the estimated qubit requirements for breaking widely used encryption. When the innovation order and the cryptographic-attacks order are read together, the message is unambiguous: the United States is accelerating quantum capability and treating the cryptographic threat as near-term enough to mandate a migration with hard deadlines.

Why an “Innovation” Order Is a Compliance Signal

It is tempting to file an order about building quantum computers under “industrial policy, not my department.” That would be a mistake for three reasons.

First, the supply-chain and counterintelligence provisions reach private industry. The expansion of the QCPT and the supply-chain analysis taskings signal heightened scrutiny of who builds, sources, and has access to quantum-enabling technologies. Companies in or adjacent to the quantum supply chain — components, materials, software, cloud quantum services — should expect more export-control attention, more counterintelligence engagement, and more pressure to secure their own supply chains against adversary acquisition. This is continuous with the broader supply-chain counterintelligence posture we have covered across the national-security space.

Second, the order accelerates the very capability that breaks today’s encryption. Every advance toward a large-scale quantum computer shortens the runway for “harvest now, decrypt later” adversaries who are collecting encrypted data today to decrypt once the hardware exists. A government program explicitly aimed at scaling quantum computing is, simultaneously, a program that shortens the safe lifetime of every piece of data protected by classical public-key cryptography. The privacy implications of that shift are ones we examined years ago in the impact of quantum computing on data privacy, and they are now policy.

Third, the one-year assessment will shape the obligations that follow. The DNI/War assessment of commercial quantum progress is the kind of finding that drives the next round of regulatory deadlines. Organizations that wait for those obligations to be finalized before acting will be starting their migration from behind.

What to Do Now

The innovation order does not impose direct compliance duties on most private organizations, but it tells you what is coming. Prudent steps:

  1. Read it alongside the cryptographic-attacks order. The mandatory PQC migration deadlines for federal systems and contractors are in the companion order; this one tells you why those deadlines exist and why they are unlikely to slip. If you are a federal contractor, the migration timeline is your timeline.

  2. Inventory your cryptography now. The single most valuable preparatory step — common to both orders and to CISA’s existing guidance — is a cryptographic bill of materials: knowing where and how your systems use public-key cryptography. You cannot migrate what you have not inventoried.

  3. Assess your quantum supply-chain exposure. If your business touches quantum-enabling technologies, expect intensified export-control and counterintelligence scrutiny. Review your sourcing, your access controls, and your foreign-ownership exposure.

  4. Treat “harvest now, decrypt later” as a present risk. For any long-lived sensitive data — health records, state secrets, financial data, anything with a confidentiality lifetime measured in years — the threat is not future. Data exfiltrated today under classical encryption may be readable later. Prioritize PQC for your longest-lived secrets first.

  5. Watch the 180-day and one-year milestones. The updated National Quantum Strategy and the DNI/War assessment are the documents that will translate this order’s ambitions into specific obligations. Calendar them.

Conclusion

“Ushering in the Next Frontier of Quantum Innovation” is, on its face, a strategy to win the quantum race. Read with its companion cryptographic-attacks order, it is also the clearest signal yet that the U.S. government considers the quantum threat to encryption a near-term, actionable risk — urgent enough to accelerate the offense and mandate the defense on the same day. For compliance and security leaders, the order is less a document to comply with than a forecast to plan against. The organizations that start their cryptographic inventory and migration now, rather than waiting for the obligations to harden, will be the ones ready when Q-Day stops being a countdown and becomes a date.

This article is provided for informational purposes only and does not constitute legal advice.