President Donald Trump on Friday signed a new executive order aimed at strengthening the United States’ cybersecurity, with a focus on amending “problematic elements” of executive orders from the Biden and Obama administrations.
According to a fact sheet published by the White House, the new order aims to improve software development, border gateway (BGP) security, post-quantum cryptography implementation, AI security, IoT security, the use of encryption, and sanctions policies, as well as to prevent the abuse of digital identities.
Specifically, the new executive order (EO) targets EO 14144, which Biden signed in January 2025, just before Trump took office.
The order signed by Trump last week strikes out and replaces several subsections of EO 14144. One section that was completely removed covered the use of digital identities, encouraging the acceptance of digital identity documents to access public benefits programs that require identity verification.
“The Order strips away inappropriate measures outside of core cybersecurity focus, including removing a mandate for US government issued digital IDs for illegal aliens that would have facilitated entitlement fraud and other abuse,” the White House explained.
The Better Identity Coalition expressed its disappointment in the White House’s decision to repeal this section, which it said “had strong bipartisan support and was praised by cybersecurity and fraud experts”.
“The core of the identity section focused on having NIST create guidance that agencies at all levels of government could use to make digital identity tools more secure, as well as encouraging Federal agencies to start accepting these secure credentials as a way to help prevent fraud in public benefits programs,” the organization said. “Nothing in January’s EO included a mandate for the US government to issue digital IDs to anybody — immigrants or otherwise.”
An analysis by Emil Sayegh of Profit Growth Insights highlights the other changes introduced by the Trump EO to Biden’s January 2025 EO.
In terms of software security compliance, the Biden EO mandated attestations for federal contractors, which the new EO removes.
In the case of AI, Biden’s policy promoted AI defense collaboration and dataset sharing, while Trump’s EO “refocuses AI cybersecurity efforts towards identifying and managing vulnerabilities, rather than censorship”.
In the case of post-quantum cryptography (PQC), the Trump EO simplifies the roadmap, requiring a regularly updated list of product categories in which products that support PQC are widely available, and requiring federal agencies to support TLS 1.3 or later by 2030. Additional requirements have been removed, including ones related to collaboration with foreign governments and industry groups in key countries.
The new executive order also targets EO 13694, which Obama signed back in 2015 to enable authorities to sanction entities that conduct significant cyberattacks against the United States. Trump extended that order during his first term, and so did Biden.
The new order, however, changes the phrasing “any person” to “any foreign person”, with the Trump administration arguing that this “limits the application of cyber sanctions only to foreign malicious actors, preventing misuse against domestic political opponents and clarifying that sanctions do not apply to election-related activities”.
Related: Trump Signs Executive Order to Bolster Cybersecurity Workforce
Related: White House Issues Executive Order on International Data Protection
Related: Executive Order on Port Cybersecurity Points to IT/OT Threat Posed by Chinese Cranes
