President Donald Trump signed an executive order Friday overturning several major cybersecurity policies enacted by former Presidents Joe Biden and Barack Obama. According to a fact sheet distributed by the Trump White House, Biden’s Executive Order 14144—signed just days before the conclusion of his presidency—inappropriately introduced what the administration calls “problematic and distracting issues” into federal cybersecurity strategy.
Notably, Biden’s order previously directed government agencies to consider allowing digital forms of identity for accessing public benefit programs. Trump’s administration reversed this measure, arguing such digital identity initiatives posed the risk of enabling unauthorized immigrants to improperly receive public assistance. However, critics such as Mark Montgomery, senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies, questioned the wisdom of revoking this program, asserting that the Trump administration was placing concerns over immigration ahead of legitimate cybersecurity advancements.
In addition, Trump’s latest executive order eliminated previously mandated Biden-era requirements involving artificial intelligence. Those now-repealed measures included directives to test AI for safeguarding energy infrastructure, funding federal initiatives exploring artificial intelligence security, and instructing the Pentagon to incorporate AI technologies into its cybersecurity operations. According to the administration, removing these directives represents a shift in focus away from what it characterized as “censorship,” echoing earlier criticisms from some of Trump’s allies in the tech industry regarding alleged misuse of AI to suppress certain perspectives.
Furthermore, the Trump administration dismantled mandates associated with quantum-resistant encryption, removing previous instructions that agencies must implement such encryption standards swiftly. It also scrapped rules obligating federal contractors to verify the security of their software offerings, a process the administration labeled both burdensome and ineffective at genuinely improving cybersecurity.
Significantly, President Trump’s order also significantly curtails a major cybersecurity policy initiated under former President Obama, specifically regarding sanctions for cyberspace attacks directed against the United States. Under the revised order, such sanctions are now exclusively applicable to foreign malicious actors, with the White House asserting this protects against potential misuse targeting domestic political opponents and clarifies that election-related activities will not trigger these sanctions.
