President Donald Trump signed a sweeping executive order on Friday, formally dismantling key cybersecurity policies established by his predecessors, Barack Obama and Joe Biden. The move marks a significant shift in federal digital strategy, impacting everything from AI research to national sanction protocols.
Rolling Back Biden’s Digital Identity Mandates
The administration’s official fact sheet explicitly targets Executive Order 14144, signed by Biden during his final days in office. Trump’s team characterizes the previous mandate as an attempt to introduce “problematic and distracting issues” into federal cybersecurity policy.
Specifically, the new order strikes down a provision that encouraged agencies to accept digital identity documents for public benefit programs. The White House argues that the previous approach created risks of “widespread abuse by enabling illegal immigrants to improperly access public benefits.”
However, the policy pivot faces pushback from experts. Mark Montgomery, senior director at the Foundation for Defense of Democracies, noted to Politico that the administration is “prioritizing questionable immigration benefits over proven cybersecurity benefits.”
AI and Infrastructure Security Shifts
Trump’s directive strips away several requirements surrounding Artificial Intelligence, including mandates for testing AI defense mechanisms for energy infrastructure and research funding for AI security. It also rescinds orders for the Pentagon to leverage AI models specifically for cybersecurity operations.
The White House frames this reduction as a pivot “towards identifying and managing vulnerabilities, rather than censorship.” This narrative aligns with long-standing criticisms from Trump’s Silicon Valley allies regarding potential AI bias and restrictive content moderation.
Encryption and Software Standards
The executive order also eliminates directives requiring federal agencies to adopt quantum-resistant encryption “as soon as practicable.” Furthermore, it removes the burden on federal contractors to attest to the security of their software. The administration labeled these previous software accounting processes as “unproven and burdensome,” claiming they prioritized compliance checklists over genuine security investments.
Revision of Sanction Policies
The scope of the order extends back to the Obama administration, repealing policies related to sanctions for cyberattacks against the U.S. Under the new framework, sanctions are restricted exclusively to “foreign malicious actors.” The White House asserts this change is necessary to prevent “misuse against domestic political opponents” and to clarify that sanctions are not applicable to election-related activities.