US President Donald Trump has issued an executive order that prevents domestic cyber attackers from being sanctioned, aiming to stop existing cyber security legislation from being used as a political weapon against rivals.
Specifically, Trump has revised the wording in Executive Order 13694 to apply only to “foreign persons,” thereby narrowing the scope of sanctions for cyber-enabled malicious activities. He says this is to prevent “misuse against domestic political opponents” and to clarify “that sanctions do not apply to election-related activities.”
The president has also significantly amended Executive Order 14144, which was signed by former President Joe Biden, to modernise US cyber security. It now explicitly names China as the most persistent cyber threat, followed by Russia, Iran, and North Korea.
SEE: Trump Rescinds Biden’s AI Diffusion Rule, Huawei Chip Exports Crackdown Remains
A mandate to provide individuals interacting with government services with digital IDs, aimed at preventing identity theft, has been removed. The president believes that they could facilitate fraud, as the IDs would be given to illegal immigrants.
Wording has also been added that requires “relevant agencies” to secure border gateway infrastructure, the routing system that directs internet traffic, to prevent route hijacking.
Trump refers to existing AI safety policies as ‘censorship’
Alongside the executive order, the White House released a fact sheet that takes a direct swing at the US’s last two Democratic presidents, Barack Obama and Joe Biden, who signed Executive Orders 14144 and 13694. In it, Trump accuses Biden of “sneak(ing) problematic and distracting issues into cybersecurity policy,” which he is now removing.
One of the changes to Executive Order 14144 requires federal agencies to manage artificial intelligence (AI)-related vulnerabilities and track incidents. Trump says this provides an alternative to “censorship” as a way of dealing with AI threats and represents one of multiple ways he has “taken action to remove barriers to AI innovation.”
He has taken issue with how many AI safety measures adopted by tech companies restrict the technology’s capabilities to avoid harmful outputs. When he took office for the second time, Trump reversed Biden’s initiative to provide guidelines for safe generative AI, implying they could introduce “ideological bias or engineered social agendas.”
He also cut the Cybersecurity and Infrastructure Security Agency’s budget by $10 million and fired personnel, with his administration describing the agency’s work countering misinformation as the “censorship industrial complex.” The White House’s 2026 budget proposal would result in a $491 million loss for CISA if approved.
Last month, the US House passed a budget bill that includes a measure to bar US states and localities from regulating AI for the next 10 years, arguing that regulation should be at the national level. The new executive order supports this idea, saying that previous legislation was “micromanaging technical cybersecurity decisions better handled at the department and agency level.”
Nevertheless, critics say this will leave bad tech “unaccountable to lawmakers and the public.”
Trump’s camp has also been outspoken about its disdain for much existing government-level AI regulation, arguing that it hampers tech companies’ innovation and risks stifling the US’s economic growth. In a speech at February’s Paris AI Action Summit, US Vice President JD Vance said Europe should “foster the creation of AI technology rather than strangle it,” referring to the region’s pioneering AI Act and other legislation.
Other changes to Biden’s cyber security order
In effect, Trump has given Executive Order 14144 a full makeover. His other amendments include:
- Preparing for quantum computers capable of breaking modern encryption methods.
- Directing the National Institute of Standards and Technology (NIST) to improve software supply chain security within the US.
- Requiring federal agencies to manage AI-related vulnerabilities, track incidents, and share datasets with academic researchers.
- Mandating updates to federal tech security policy, including a requirement that smart devices used by the government carry the US Cyber Trust Mark by 2027.
When it comes to protection against quantum computers, Homeland Security must publish a list of common product categories that support quantum-resistant encryption by December, while the National Security Agency must issue rules that ensure all federal systems use Transport Layer Security version 1.3 or better by Jan. 2, 2030.
To shore up software supply chains, by August, the Commerce Department needs to establish a new public-private consortium that can issue guidance on secure software development. NIST also must update its guidance on how systems manage security patches and its Secure Software Development Framework. Trump said the previous processes were “unproven and burdensome” and “prioritized compliance checklists.”
As part of the updates to federal tech security policy, a program must be launched to develop policies in a way that computers can interpret and act on automatically, leveraging a “rules-as-code” approach.
