On June 6, 2025, President Trump signed an executive order aimed at strengthening the nation’s cybersecurity efforts by amending Executive Orders 14144 (issued by the Biden administration in January 2025) and 13694 (issued by the Obama administration in April 2015). The White House also published a Fact Sheet that summarizes the provisions in the executive order and provides a rationale for certain policy changes and initiatives.
The Order identifies the People’s Republic of China as posing the most active and persistent cyber threat to the U.S. Government, private sector, and critical infrastructure networks, while also acknowledging the threats posed by Russia, Iran, and North Korea. In order to combat these threats, the Order introduces several new initiatives, including a mandate for the Secretary of Commerce, acting through the Director of NIST, to update the Secure Software Development Framework (“SSDF”) and develop guidance on the implementation of secure software development, security and operations practices as well as the deployment of patches and updates. In addition, the Order continues to prioritize the federal government’s transition to post-quantum cryptography (“PQC”) in line with a 2022 National Security Memorandum aimed at mitigating risks to vulnerable cryptographic systems, and continues to promote the secure use of Artificial Intelligence (“AI”).
Other updates include changes to the application of cyber-related sanctions to focus solely on foreign malicious actors – a change aimed at “preventing the use of sanctions against domestic political opponents and clarifying that sanctions do not apply to election-related activities.”