President Donald Trump on Friday signed a sweeping executive order that eliminates a wide range of cybersecurity protections and initiatives established under his Democratic predecessor, including major policies meant to bolster the U.S. government’s defenses against artificial intelligence-driven threats and prepare for quantum-era encryption risks.
In a statement accompanying the directive, the White House accused the Biden administration of slipping in “problematic and distracting issues” just days before leaving office. Trump’s new order cancels or rewrites many of those last-minute rules—most of which had roots in a years-long effort by the Biden White House to use federal power to push software vendors, research agencies, and defense institutions toward more robust cyber hygiene.
“President Trump has made it clear that this Administration will do what it takes to make America cyber secure,” the White House said. “That includes focusing relentlessly on technical and organizational professionalism… not bureaucratic checklists and impractical requirements.”
Register for Tekedia Mini-MBA edition 17 (June 9 – Sept 6, 2025) today for early bird discounts. Do annual for access to Blucera.com.
Tekedia AI in Business Masterclass opens registrations.
Join Tekedia Capital Syndicate and co-invest in great global startups.
Register to become a better CEO or Director with Tekedia CEO & Director Program.
But the move is not well welcomed by many, including business leaders who warn that the United States may now be left more vulnerable than ever at a time when cyber threats are evolving rapidly, and adversaries are racing ahead in artificial intelligence.
AI Safety Gutted
Among the most controversial reversals in the executive order is Trump’s decision to cancel nearly all of Biden’s artificial intelligence cybersecurity directives. Biden’s order, signed just five days before leaving office on January 15, instructed key government agencies—including the Pentagon and Department of Energy—to prioritize the use of advanced AI systems for threat detection, network defense, and vulnerability analysis. It also committed federal research funds to projects focused on secure AI development, including safe coding and the prevention of adversarial attacks on machine learning systems.
All those provisions have now been axed.
Many believe that the rollback not only eliminates protections that could have helped the U.S. stay ahead of increasingly sophisticated AI-powered cyberattacks but also sends a message that AI safety is no longer a national security priority.
Others warn that the canceled programs could have provided vital insights into how AI can defend critical infrastructure, particularly in the energy and defense sectors, which face growing threats from state-backed hackers in China, Russia, and North Korea.
Quantum Cryptography Plans Rolled Back
Trump’s order also dismantles much of the federal government’s transition strategy for post-quantum cryptography (PQC)—encryption that can withstand the power of quantum computers. While the Biden administration had instructed federal agencies to adopt quantum-resistant encryption “as soon as practicable” and pushed vendors to integrate these standards, Trump’s order strips away those requirements.
In place of action, the new policy only asks the Cybersecurity and Infrastructure Security Agency (CISA) to maintain a list of product categories where quantum-secure technology is available—without any mandate for agencies or companies to adopt them.
The administration also canceled directives instructing the State and Commerce departments to promote U.S. post-quantum encryption standards abroad—seen by many as an attempt to preserve global leadership in emerging technologies.
Software Vendor Compliance Scrapped
Trump’s order also eliminates the Biden-era requirement that software vendors doing business with the federal government must submit “secure software development attestations,” backed by technical documentation to verify that their code meets modern security standards. Under Biden’s framework, these attestations would have been reviewed by CISA and the Office of the National Cyber Director, with failed claims potentially referred to the Justice Department.
Trump’s administration dismissed these as burdensome and bureaucratic, claiming they prioritized “compliance checklists over genuine security investments.” The White House said the new approach would reduce red tape while still encouraging best practices, though critics say that’s unlikely.
Though NIST’s collaborative work with industry on updating the Secure Software Development Framework (SSDF) remains intact, the Trump order severs any direct link between those updates and requirements for federal software vendors.
Email Encryption, Identity Protections Also Dropped
The order also eliminates numerous other provisions from Biden’s January directive. Gone are the requirements for agencies to adopt phishing-resistant multi-factor authentication, implement strong email encryption, and secure internet routing. Also discarded is a directive for agencies to explore digital identity documents to reduce fraud in public benefit programs—a project Trump called “inappropriate.”
The Office of Management and Budget’s mandate to review risks associated with IT vendor concentration—a lesson from high-profile breaches like SolarWinds—was also dropped, raising concern among lawmakers and watchdogs who had championed those reforms.
Trump even revised an Obama-era sanctions authority, narrowing it so that the Treasury Department can only target foreigners who carry out cyberattacks on U.S. systems. The White House claimed this would prevent the “misuse of cyber sanctions powers against domestic political opponents,” language that critics say politicizes a critical national security tool.
One Initiative Survives
One of the only Biden-era programs left untouched is a Federal Communications Commission effort modeled after the Energy Star certification system. The initiative applies security labels to consumer tech products tested in federally approved labs, and beginning in 2027, will be mandatory for vendors selling internet-of-things devices to the federal government.
Across the cybersecurity community, the reaction to Trump’s sweeping rollback has been one of growing concern.
While Trump’s administration insists the focus is now on “real security” and efficiency, experts fear the abrupt elimination of AI and quantum preparedness policies may cost the U.S. dearly in the years ahead.