A new cybersecurity executive order issued by President Trump in early June 2025 rescinds an entire section on digital identity and softens several detailed requirements set forth in former President Joe Biden’s last-minute EO on Strengthening and Promoting Innovation in the Nation’s Cybersecurity from January. Yet, the EO retains many of Biden’s directives for agencies and businesses that work with them. Since 2024, federal agencies have had to collect attestation forms from their software suppliers verifying that they comply with the Secure Software Development Framework. The imperative for SSDF compliance recordkeeping is unlikely to fade despite the EO’s rollback, Goodwin partner Kaitlin Betancourt told the Cybersecurity Law Report, noting that “other factors are at play...”. On the topic of post-quantum cryptography adoption, Kaitlin opined that [b]eing less prescriptive about “post-quantum cryptography makes sense because of the fast-evolving nature of the technology.” While discussing AI vulnerability management Kaitlin highlighted, “it is a very critical issue because it affects the supply chain.” The administration’s attention to AI vulnerabilities harmonizes with other regulators’ actions, like guidance from the New York Department of Financial Services, she added.