Trump discontinues Biden's software security, artificial intelligence, and post-quantum encryption initiatives in a fresh executive order.
President Trump's Executive Order Alters Cybersecurity Regulations
President Donald Trump signed an executive order (EO) in June 2025 that brings significant changes to the U.S. cybersecurity regulatory framework, modifying and superseding portions of President Biden’s January 2021 executive order on cybersecurity.
One of the key differences is the focus on significant foreign cyber threats, with Trump’s EO explicitly identifying China, Russia, Iran, and North Korea as the most active and persistent cyber threats to U.S. interests. The EO limits cyber sanctions to foreign threat actors only, representing a more targeted approach to threat identification compared to Biden’s broader cybersecurity posture.
The Trump administration also emphasizes secure software development with industry collaboration. The EO directs the Secretary of Commerce and NIST to establish a consortium including industry partners at the National Cybersecurity Center of Excellence. This consortium is tasked with developing updated guidance on secure software development aligned with NIST’s Special Publication 800-218 (Secure Software Development Framework). Notably, the EO eliminates the previous requirement for CISA attestations on software security, which were emphasized in Biden’s EO.
Trump’s EO also integrates an AI-centric cybersecurity approach, focusing on “secure-by-design” AI for safety-critical and homeland security applications. This strategy builds on but shifts focus somewhat from Biden’s AI policies, emphasizing American leadership and resilience in AI technology paired with specific cybersecurity measures.
However, Trump’s EO rolled back some provisions focused on identity verification and certain cybersecurity requirements that were part of Biden’s and Obama’s initiatives. This move has drawn criticism from cybersecurity advocacy groups who argue that it weakens protections against fraud and cyberattacks.
In contrast, Biden’s January 2021 executive order focused on improving software supply chain security with mandatory developer bump-ups in standards, including vulnerability detection and incident response. It also established a cybersecurity safety review board and mandated CISA attestations for software security. The order aimed to boost government-wide cybersecurity standards with tighter controls and collaboration across agencies to improve resilience against ransomware and cyber intrusions.
Critics of Trump’s changes suggest that some rollbacks may weaken protections, while supporters argue that the changes reflect a more targeted and industry-driven approach to cybersecurity. The impact of these changes on U.S. cybersecurity remains to be seen.
[1] Source: CyberScoop, 2025 [3] Source: MIT Technology Review, 2025 [5] Source: The Hill, 2025
- Critics of President Trump's Executive Order claim that the rollbacks on identity verification and certain cybersecurity requirements could potentially weaken protections against phishing and other cyberattacks.
- In contrast to previous administrations, Trump's EO emphasizes secure software development with industry collaboration, creating a consortium for updated guidance on secure software development using encryption and addressing vulnerabilities.
- Politics surrounding the cybersecurity landscape was shifting with Trump's focus on foreign cyber threats from nations such as China, Russia, Iran, and North Korea, leading to more targeted sanctions against these foreign threat actors.
- The revised regulations in Trump's Executive Order calls for an AI-centric cybersecurity approach, integrating "secure-by-design" AI for safety-critical and homeland security applications, aiming to ensure technological advancements maintain cybersecurity compliance.
