US President Donald Trump issued an executive order on Friday that revokes multiple cybersecurity measures established by his predecessor, Joe Biden. This decision represents a significant shift in the federal government’s approach to software security and AI in the context of cybersecurity.
The White House stated that the Biden Administration had attempted to introduce complex issues into cybersecurity policy shortly before Trump took office for his second term. The newly enacted executive order eliminates initiatives from Biden’s directive dated January 15, which mandated software vendors to comply with updated federal security standards. These initiatives aimed to enhance the security of software systems, prioritise research on AI for cybersecurity applications, and facilitate encryption technologies to withstand future quantum computing threats.
“President Trump has made it clear that this Administration will do what it takes to make America cyber secure—including focusing relentlessly on technical and organisational professionalism to improve the security and resilience of the nation’s information systems and networks,” stated the White House.
The order specifically revokes requirements that federal contractors submit secure software development attestations along with supporting technical documentation. It also cancels mandates for the Cybersecurity and Infrastructure Security Agency (CISA) to verify these attestations and for the Office of the National Cyber Director (ONCD) to publish assessment results. Previously, companies that failed these assessments could have faced legal action from the Department of Justice.
In addition to altering contractor requirements, Trump’s executive order terminates several initiatives related to AI. One such initiative sought to evaluate AI’s potential to enhance cybersecurity measures within critical infrastructure sectors, including energy. Other directives aimed at prioritising research on secure AI system design and deploying advanced AI models for cyber defence at the Pentagon have also been eliminated.
Trump’s order further withdraws provisions requiring federal agencies to adopt phishing-resistant authentication technologies and guidelines from NIST on minimum cybersecurity practices based on global standards. Additionally, the order rescinds a previous directive mandating strong email encryption protocols and guidance for addressing risks linked to IT vendor concentration.
Retaining certain key cybersecurity measures amidst policy overhaul
While Trump’s executive order makes considerable revisions, it preserves one significant initiative from Biden’s era, which is a Federal Communications Commission (FCC) project that certifies technology products undergoing security testing by accredited labs. This requirement mandates that companies selling Internet-of-Things devices to the federal government comply with security standards by January 2027.
Despite these extensive changes, Trump has clarified certain sanctions authorities connected to cyberattacks on the US, limiting them to foreign individuals only. The White House indicated this modification aims to avoid potential misuse of these powers against domestic political adversaries.
Read more: Trump administration to overhaul Biden-era AI chip export controls
