[Blog] The 2030 PQC Deadline Is Real: How the New Federal Mandate Rewrites the PQC Playbook – and Why Lattice Is Ready

On June 22, 2026, President Trump signed Executive Order (EO) 14409, Securing the Nation Against Advanced Cryptographic Attacks, a significant policy milestone that accelerates the U.S. government's timeline for adopting post-quantum cryptography (PQC).

In this blog, we explore what the order requires, why its deadlines are more demanding than many organizations may realize, and how Lattice’s award-winning industry-first PQC-ready MachXO5^™-NX TDQ FPGA family is designed to help customers navigate this transition.

The EO sets clear mandates for Federal High Value Assets (HVAs) and high impact systems:

• Key establishment using ML-KEM must be complete by December 31, 2030.
• Digital signatures using ML-DSA must be complete by December 31, 2031.

For many organizations, this represents a 4-5 year compression of migration timelines that were previously understood to extend well into the next decade. It is also important to note that EO 14409 does not alter the CNSA 2.0 timelines already in place for certain sectors, some of which carry stricter requirements than the new EO.

The Mandate Most Aren't Ready For
One aspect of the EO worth examining closely is its explicit mandate of ML-KEM alongside ML-DSA. While much of the industry conversation around PQC has focused on digital signature authentication via ML-DSA, ML-KEM governs key encapsulation: the mechanism by which two systems securely establish a shared encryption key before any session can begin. Key establishment touches every encrypted session, every secure handshake, every authenticated channel across an infrastructure – it is not a discrete, addable function like signature verification.

Most organizations have been roadmapping toward digital signatures first because it is the more tractable problem, whereas encryption key establishment is a more pervasive and technically complex transition that touches every encrypted channel across an infrastructure. Understanding the distinction between the two, and planning for both is central to meeting the EO requirements on time.

What makes the 2030 ML-KEM deadline distinctly challenging is the mandate for key establishment a full year earlier than signatures. This is a deliberate forcing function to make vendors prioritize this more complex challenge. Software-only approaches will struggle to meet the performance, latency, and side-channel resistance requirements of production infrastructure at this scale, making purpose-built hardware the most practical path to compliance.

Why "Harvest Now, Decrypt Later" Makes 2030 Feel Even Closer
The EO warns explicitly of adversaries engaged in "collect now, decrypt later" attacks, intercepting encrypted data today with the intention of breaking it once a cryptographically relevant quantum computer exists. This threat is not theoretical. Nation-state actors have been vacuuming up encrypted Federal traffic for years. Any sensitive data that must remain confidential beyond the mid-2030s is already at risk, meaning the practical urgency for HVAs exceeds even the official deadline.

This creates two parallel imperatives. The first is regulatory: agencies must demonstrate a certified migration plan within 90 days and execution by the mandated dates, or face procurement and contracting consequences under a proposed FAR rule amendment that will require contractor compliance by 2030. The second is operational: the data being protected today needs quantum-resistant key establishment now, because it will still be sensitive when quantum computers arrive.

For critical infrastructure operators, defense contractors, and federal technology suppliers, the message is identical: start the transition immediately and start it with hardware that supports both ML-KEM and ML-DSA.

Lattice MachXO5-NX TDQ: Built for Exactly This Moment
Purpose-built hardware is the practical path, and Lattice MachXO5^™-NX TDQ is the only FPGA in the industry that ships with both problems already solved.

Lattice MachXO5^™-NX TDQ is the industry's first secure control FPGA family with full CNSA 2.0-compliant post-quantum cryptography, purpose-built to address both the encryption key establishment and digital signature requirements now mandated by EO 14409. Launched in October 2025, it is already being deployed by Lattice customers across a variety of markets and applications to meet CNSA 2.0 timelines that predate the EO, making it a proven solution regardless of which compliance deadline your organization is working toward.

Built on the award-winning Lattice Nexus^™ platform and supported by the latest release of Lattice Radiant^™ design software, MachXO5-NX TDQ is not a roadmap item or prototype. It is a qualified, deployable solution that can be adopted into designs today.

MachXO5-NX TDQ delivers:

• Complete CNSA 2.0 and NIST-approved PQC algorithm support. ML-KEM, ML-DSA, LMS, XMSS, AES256-GCM, SHA2, SHA3, and SHAKE, covering both the 2030 key establishment and 2031 digital signature mandates in a single device, with full classical hybrid support for the transition period.
• Patent-pending crypto-agility with in-field algorithm update capability and anti-rollback version protection, helping hardware remain aligned with evolving NIST standards and ongoing FIPS compliance requirements.
• Hardware Root of Trust with DICE, SPDM, and Lattice SupplyGuard^™ for end-to-end attestation and secure lifecycle management across the supply chain.
• Side Channel Attack (SCA) resiliency and CAVP-compliant algorithms, meeting the security assurance bar required for Federal and defense deployments.
• Flexible deployment across compute, communications, industrial, automotive, and AI-optimized datacenter applications, with secure boot, key management, and authenticated/encrypted bitstream protection.
• Industry-recognized innovation leadership supported by an exceptional awards record that reflects the product’s technical leadership and relevance to the urgent PQC threat landscape.

How to Meet EO 14409 Deadlines Today
Shipping today, Lattice MachXO5-NX TDQ gives teams a qualified, industry-recognized solution that checks the critical boxes for EO 14409 readiness: ML-KEM, ML-DSA, hardware Root of Trust, crypto-agility, CAVP-compliant algorithms, and a field-proven deployment ecosystem spanning compute, communications, industrial, and defense applications.

Download the MachXO5-NX TDQ white paper to learn more about the solution, visit the Lattice Security Solution webpage to explore Lattice’s broader security portfolio, or contact our team today to map your PQC migration plan and meet your 2030 deadline with confidence.