Trump administration scraps key Biden cybersecurity initiatives
President Donald Trump signed a new executive order on Friday that reverses major cybersecurity policies set by the Biden administration just months earlier.
The move kills Biden’s requirements for software vendors to prove compliance with federal security standards. It ends efforts to boost AI research for cyber defense and halts the acceleration of quantum-resistant encryption rollout.
The White House slammed Biden’s cybersecurity rules as “problematic and distracting,” accusing them of prioritizing compliance checklists over real security improvements.
“Just days before President Trump took office, the Biden Administration attempted to sneak problematic and distracting issues into cybersecurity policy,” the White House said in a fact sheet.
“President Trump has made it clear that this Administration will do what it takes to make America cyber secure,
including focusing relentlessly on technical and organizational professionalism to improve the security and resilience of the nation’s information systems and networks.”
The Biden administration had used federal procurement power to push software vendors toward stronger security. That included mandates for “secure software development attestations” with technical evidence, plus verification and enforcement by the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD).
All of that is now axed. Trump’s order keeps a softer collaboration with industry through NIST’s Software Development Framework but strips out federal requirements tied to it.
Trump also pulls the plug on Biden’s AI initiatives aimed at using artificial intelligence to defend critical infrastructure. This includes scrapping Pentagon mandates to deploy advanced AI models for cyber defense.
Quantum cryptography efforts took a hit, too. Biden’s push for agencies and vendors to adopt post-quantum encryption “as soon as practicable” is gone. Only a CISA list tracking products with quantum-resistant features remains.
Additional Biden mandates on phishing-resistant authentication, internet routing security standards, strong email encryption, and digital identities were dropped, labeled “inappropriate” by Trump’s administration.
One program survived: The Biden-era FCC project requiring companies selling IoT devices to the federal government to pass security testing by January 2027 remains intact.
Trump also narrowed cyber sanctions, allowing Treasury to target only foreign actors to avoid misuse against domestic political opponents.
The cybersecurity policy landscape just flipped hard with this order, unraveling months of Biden’s groundwork. The full implications for software security, AI defense, and quantum encryption are only starting to unfold.