Summary
The US post-quantum cryptography landscape in 2026 is stable and actionable. Three pillars still anchor federal direction: the Quantum Computing Cybersecurity Preparedness Act, NSM-10’s 2035 migration target, and NIST’s finalized PQC FIPS standards published in August 2024. The June 2025 executive order streamlined processes rather than rolling them back, dropping prescriptive procurement mandates while keeping the CISA product category list and a TLS 1.3 deadline of January 2, 2030.
For CISOs, the signal is clear. The regulatory floor has not moved, but the enforcement ceiling is lower, creating a window to get ahead. Keep a prioritized inventory of quantum-vulnerable systems as required under the Act, and be ready to prioritize migration within one year of NIST’s standards by August 2025. Align your roadmap to NSM-10’s 2035 target, vet suppliers against the CISA list, and plan for TLS 1.3 everywhere by 2030. Proactive teams gain resilience and credibility now, while laggards invite harvest-now-decrypt-later risk and future compliance crackdowns.
Read more
See the original article at: https://postquantum.com/quantum-policies/us-pqc-regulatory-framework-2026/