President Donald Trump signed a new executive order on Friday that undoes a wide swath of cybersecurity policies championed by former President Joe Biden. The move alters the direction of federal cybersecurity efforts, reversing a series of initiatives meant to secure federal systems against modern digital threats—from artificial intelligence and software vulnerabilities to quantum computing.
According to a statement from the White House, the Biden administration had introduced “problematic and distracting issues” into cybersecurity policy during its final days, including a January 15 order aimed at modernizing digital defenses. Trump’s order abandons many of those efforts in favor of what the administration describes as a return to technical excellence and practical resilience.
Software Security Rules Rolled Back
At the heart of the changes is a rejection of Biden’s push to hold federal software vendors to stricter standards. The former administration’s plan required companies that sell software to the federal government to submit “secure software development attestations” — formal declarations that their products were built following security best practices — supported by detailed technical evidence.
These attestations were to be verified by the Cybersecurity and Infrastructure Security Agency (CISA), with oversight from the Office of the National Cyber Director (ONCD). Vendors found to be noncompliant could have faced referral to the Justice Department.
Trump’s executive order eliminates these rules, calling them “burdensome” and overly focused on paperwork rather than meaningful security improvements. The administration argues that the Biden approach amounted to little more than compliance box-checking that failed to improve actual security outcomes.
While Trump will allow the National Institute of Standards and Technology (NIST) to continue updating its Secure Software Development Framework, his order removes the requirement that these standards be incorporated into federal acquisition rules.
AI for Cyber Defense No Longer a Priority
Biden had also tasked federal agencies with aggressively exploring artificial intelligence for cybersecurity. His directive included pilot programs to deploy AI tools to protect energy infrastructure, mandates for the Department of Defense to use AI in cyber operations, and research funding for AI-safe development practices.
Trump’s order scraps these initiatives entirely, signaling a major pullback on the role of AI in federal cybersecurity. The administration did not clarify whether AI will play any future role in cyber policy, but its removal from the executive agenda suggests a clear shift toward more conventional, proven tools over emerging technologies.
Scaling Back Quantum Security Efforts
Quantum computing, long seen as a future threat to current encryption systems, was another area of focus under Biden. His administration instructed federal agencies to adopt post-quantum cryptography (PQC) as quickly as feasible and encouraged technology vendors to do the same.
Trump’s new order reverses course, eliminating those agency-level mandates. It retains only a minimal requirement for CISA to maintain a list of product categories where PQC-enabled tools are widely available. The new directive also cancels Biden’s instructions to the State and Commerce departments to advocate for PQC adoption internationally.
This shift suggests a slower, more cautious approach to quantum resilience—one that defers aggressive preparation in favor of market readiness.
A Sweep of Other Cyber Measures Eliminated
The executive order goes beyond high-tech areas, rolling back several additional cybersecurity requirements introduced under Biden:
- Federal agencies are no longer required to test phishing-resistant login technologies.
- NIST is relieved of its obligation to guide agencies on securing internet routing.
- Agencies are no longer directed to adopt robust email encryption standards.
- The Office of Management and Budget no longer needs to address the risk of overreliance on specific IT vendors.
Biden had also proposed an expansion of digital identity systems to combat fraud, especially in programs like public benefits distribution. Trump’s order erases those proposals entirely, calling them “inappropriate.”
Changes to Cyber Sanctions Policy
Another noteworthy change targets sanctions policy. Trump’s order tweaks a 2015 Obama-era authority that allowed the Treasury Department to penalize individuals for cyberattacks on the U.S. Under the revised language, sanctions may now only apply to foreign nationals.
The administration argues this change is meant to prevent the misuse of federal powers against American political figures. Critics, however, worry that the adjustment could hamper the government’s ability to respond to domestic cyber threats.
A Lone Biden Program Survives
While most Biden-era policies were dismantled, one initiative remains: the Federal Communications Commission’s (FCC) cybersecurity labeling program. Modeled after the Energy Star efficiency label, this program will certify internet-connected consumer products—especially Internet of Things (IoT) devices—based on whether they meet specific cybersecurity criteria verified by accredited labs.
Trump’s order preserves this program, including its deadline: by January 2027, any IoT product sold to the federal government must meet the certification standards. The move suggests Trump sees value in strengthening security in consumer tech used in government settings, even as he dismantles broader regulatory efforts.
