Post-Quantum Cryptography: What Executive Order 14409 Changes for Europe

For years, the quantum threat to cryptography lived in the conditional tense. It was coming, eventually, on a timeline nobody could pin down. On 22 June 2026, The U.S White House signed Executive Order 14409, "Securing the Nation Against Advanced Cryptographic Attacks," and with it the United States stopped describing post-quantum migration as a good idea and started describing it as a date.

Two dates, in fact. Federal agencies must move their most sensitive systems to post-quantum cryptography for key establishment by 31 December 2030, and for digital signatures by 31 December 2031. What makes the order matter outside Washington is a quieter clause buried in the section on procurement: the same deadline will bind the government's contractors, and the text is explicit that this includes companies that are not American. A rule written for federal systems becomes, through the plumbing of public purchasing, a rule for any European firm that sells into that supply chain.

Why a date, and why now

The threat the order responds to has a name that sounds almost casual: "harvest now, decrypt later." An adversary records encrypted traffic today, stores it, and waits. When a sufficiently powerful quantum computer arrives, the stored data unlocks. Anything with a long shelf life, medical records, state secrets, financial positions, intellectual property, is already exposed to a machine that does not yet exist, because the interception is happening in the present.

How close is that machine? Closer than the field thought eighteen months ago. The Global Risk Institute, which has polled cryptographers annually for seven years, reported in its 2026 survey that experts now put the probability of a cryptographically relevant quantum computer arriving within ten years at somewhere between 28 and 49 percent, the highest figure in the survey's history. Germany's Federal Office for Information Security, the BSI, cut its own working estimate in 2025 from roughly twenty years to between ten and fifteen. The trend in the numbers is the argument for the deadline. Each year the horizon moves toward us rather than away.

The standards needed to respond are already finished. In August 2024, after an eight-year international competition, the US National Institute of Standards and Technology published three post-quantum algorithms as federal standards: ML-KEM for key exchange, and ML-DSA and SLH-DSA for digital signatures. The science settled first. The order is what turns settled science into a schedule.

What the order actually does

Underneath the two headline dates sits a sequence of smaller ones, and the cadence tells you how seriously it is meant. Within 30 days, every agency must name a migration lead. Within 90 days, the Office of Management and Budget issues guidance forcing agencies to inventory their systems and submit a plan. Within 180 days, NIST begins migrating a slice of its own infrastructure, a pilot it must finish by the end of 2027. The order asks the government to do the thing it is asking, and to start almost immediately.

It also addresses a piece of infrastructure most people outside the field have never heard of. Within 270 days, CISA and NIST must define the minimum contents of a cryptographic bill of materials, or CBOM: a machine-readable manifest of every algorithm and key an organization runs, designed so the inventory can be assessed automatically rather than by hand. The idea is not new. It has lived inside the CycloneDX specification since 2024. What changed is its status. A convention used by tooling has been written into a presidential order.

The line between advice and obligation

Most of what the order contains was already true. The harvest-now threat, the central role of the 2024 standards, the gravitational pull of 2030 as the year everything points toward: all of it appeared in earlier American guidance, in National Security Memorandum 10 from 2022 and the memoranda that followed. Three things, though, are genuinely new, and they are the three worth watching.

The first is legal standing. Guidance asks. An executive order wired into federal acquisition rules requires. For anyone tracking this file, the centre of gravity has shifted from recommendation to obligation across the civilian government.

The second is reach. By putting the 2030 deadline into the rules that govern who may sell to the federal government, the order steps outside the government. It becomes a condition of doing business, and the condition does not stop at the border.

The third is the elevation of the CBOM from a useful habit into a regulatory reference point, which quietly tells the entire vendor market that an inventory you cannot read automatically will soon not count as an inventory at all.

One detail deserves care, because it is easy to misread. The 2030 and 2031 dates govern civilian high-value systems. They do not align exactly with the 2030 horizon the NSA set for national security systems under CNSA 2.0, nor with the draft NIST timeline that would retire vulnerable algorithms after 2030 and forbid them outright after 2035. The American landscape now holds more than one clock. Reading the wrong one is a planning error.

Europe was already walking toward 2030

Seen from Paris or Frankfurt, the striking thing about the American deadline is how familiar it looks. Europe had drawn the same horizon first, for its own reasons.

DORA, binding on the European financial sector since January 2025, already requires firms to hold an encryption policy, keep a cryptographic inventory, and retain the ability to change algorithms quickly. NIS2, through implementing regulation (EU) 2024/2690, requires critical entities to ground their cryptography in the state of the art and to build in what the texts call crypto-agility. The roadmap published by the European Commission and member states sets the same milestones the Americans later chose: national strategies in place, high-risk and critical systems migrated by 2030, the long tail of remaining systems by 2035 where feasible. France's ANSSI and Germany's BSI, in a joint position backed by 21 member states, urge protection of the most sensitive use cases by 2030 at the latest.

So the order does not set Europe's pace. It confirms it. When two of the world's largest regulatory blocs arrive at the same year from different starting points, the convergence is itself a kind of evidence: the date is not a policy preference, it is what the threat allows.

The gap between knowing and doing

Here the numbers turn uncomfortable, and they are worth stating plainly because they describe where most organizations actually are.

Awareness is not the problem. In ISACA's 2025 global poll of more than 2,600 professionals, 62 percent said they were worried that quantum computing would break today's encryption, and 56 percent named harvest-now-decrypt-later specifically as a concern. Action is the problem. In the same poll, only 5 percent said their organization had a defined quantum strategy, and 41 percent said they had no plan to address quantum computing at all. A DigiCert study the same year found a similar shape: 69 percent of organizations recognized the risk, while just 5 percent had deployed any quantum-safe encryption, and 46 percent believed a meaningful portion of their encrypted data was already exposed. In Germany, a BSI and KPMG survey put the share of organizations with a formal migration plan at under 5 percent.

The recurring number is five percent. Roughly one organization in twenty has begun, while two in three know they should. That gap is the real subject of every deadline now being written, on both sides of the Atlantic.

Why the work starts with a map

The gap exists for a reason that is easy to underestimate. You cannot migrate cryptography you cannot see, and most organizations cannot see theirs. Certificates and keys accumulate over decades across servers, applications, network appliances, cloud key stores and devices, issued by different authorities, recorded nowhere central. The first task in any migration is not cryptographic at all. It is cartographic. Build the map, then you can prioritize; prioritize, then you can replace.

This is the work Evertrust's Certificate Lifecycle Manager (CLM) was built to do. It discovers certificates across an estate whether they were issued through its own protocol modules, found by scanning the network, or imported from stores and third-party scanners such as nmap, Qualys CertView, Nessus Tenable, AWS ACM, Azure Key Vault and F5, including the certificates that no network scan can reach. That complete picture is what a CBOM is made from.

From the map follows the ability to act. Evertrust CLM already issues the post-quantum algorithms at the centre of the transition, ML-DSA and SLH-DSA, alongside hybrid certificates that carry a classical and a quantum-safe signature together. Its grading engine, shipped with rules drawn from NIST, ANSSI and the CA/Browser Forum, scores every certificate against policy and flags the ones that fall short, including a rule that requires any certificate valid beyond 1 January 2035 to be hybrid. When the moment comes to swap thousands of certificates, automated enrollment and renewal over ACME, EST and SCEP do it without the manual, service-interrupting work that makes organizations put migration off. Because Evertrust CLM sits above the issuing infrastructure rather than replacing it, none of this requires tearing out the PKI an organization already trusts.

Evertrust is a European company. Data stays resident in the EU, support is based in France, and the platform holds ISO 27001:2022 and ANSSI CSPN certification. For an organization whose migration has to answer to DORA, to NIS2, and now to a US procurement clause at once, those facts belong in the same sentence as the technical ones.

The thing about quiet deadlines

Executive Order 14409 will not feel urgent to most people who read about it. It contains no breach, no incident, no machine switched on. It is a document about dates. That is precisely why it is worth taking seriously. The quantum threat has always suffered from feeling like tomorrow's problem, and the surveys show what that feeling produces: near-universal awareness sitting next to five-percent action.

The order's real contribution is to convert a vague tomorrow into a specific one, and to attach that specific date to the contracts companies depend on. The organizations that come through the transition in good order will be the ones that treated the deadline as the inventory it implies, and started drawing the map while there was still time to read it. That work does not begin in 2030. It begins with knowing what you have.