The 2020 election intensified public scrutiny of how U.S. elections are administered.  In response, a wide range of groups launched their own investigations of local election practices, many concluding that core administrative controls and voting procedures often fail miserably to meet stated standards and expectations.

Advertisement

In March 2025, President Trump issued Executive Order (E.O.) 14248, “Preserving and Protecting the Integrity of American Elections,” a directive that addresses voters’ concerns about election integrity and steers national election administration in a more standardized direction through the U.S. Election Assistance Commission (EAC).

A few months later, the EAC’s Office of Inspector General (OIG) published its FY2026 “management challenges” report, warning that the EAC may be facing sharp resource reductions, grant oversight challenges, and internal control weaknesses.

Advertisement

At the same time, the EAC has circulated draft Voluntary Voting System Guidelines (VVSG) 2.1 — technical standards that, though “voluntary” for states under federal law, function as the de facto baseline in many jurisdictions.  VVSG 2.1 proposes changes that directly intersect with the E.O.’s priorities, especially around paper records, machine-readable codes, security, auditability, and interoperability.

These three tracks — (1) the E.O.’s attempted policy direction, (2) the OIG’s recognition of EAC shortcomings, and (3) VVSG 2.1’s technical tightening — could meaningfully reshape election security, integrity, and accountability.  However, even as pressure for reform grows, Trump’s election agenda has caused what some would argue to be undue friction and legal uncertainty.  Multiple federal courts have already enjoined or otherwise limited significant portions of the E.O.

Advertisement

President Trump’s Election E.O.

E.O. 14248 is explicit about using the EAC’s standards-and-certification ecosystem to drive election integrity objectives nationwide.  The Congressional Research Service (CRS) summarizes two key directives aimed at voting system standards and certification:

Amend VVSG 2.0 to establish integrity-protective standards, including systems that (a) “provide a voter-verifiable paper record” and (b) “not use a ballot in which a vote is contained within a barcode or quick-response [QR] code in the vote counting process except where necessary to accommodate individuals with disabilities.”

Within 180 days, “review and, if appropriate, re-certify voting systems” under those new standards and “rescind all previous certifications” based on prior standards.

The E.O. also attempts to create financial leverage.  CRS notes a related provision directing DHS/FEMA to “heavily prioritize” compliance with VVSG 2.0 (now underway to become VVSG 2.1) and completion of testing through accredited voting system test labs when evaluating certain homeland security grant funding for election offices.

Advertisement

If Trump’s policies were to take root, states would likely revisit certification processes, database access, voting system requirements, voter ID, and mail-in ballot requirements.  His policy directs the EAC to amend VVSG 2.0 to strengthen voting system standards, including the use of paper records and limits on barcode/QR code use except for accessibility needs.  Another major change would be the requirement of documentary proof of U.S. citizenship on the federal voter registration form.

Some perceive these policy changes as a heavy lift, since election administration is largely the domain of the states, with federal overlap in the form of HAVA mandates for voting system standards and voter access.

Advertisement

The EAC OIG FY2026 “Management Challenges” Report

The OIG warns that the administration is expanding the EAC’s workload — including full responsibility for Vote.gov — while the FY2026 budget request cuts the agency to $15.75 million and projects staffing to fall to 60 from 83, potentially weakening the expertise needed for timely certification and oversight.

Notably, the OIG flags significant accountability issues regarding formula grants.  Grants are non-expiring and distributed as advances, so there is little accountability.  Recipients are not required to demonstrate capacity to meet performance standards or comply with requirements before receiving funding.

Advertisement

In addition, large sums often sit with grantees for long periods. The report cites that as of March 2024, 37% of Election Security grant funds (nearly $396 million) were reported as unspent.  And turnover in election offices means non-expiring grants outlive the tenure of the staff who originally administered them.

Combined with staff turnover and limited federal monitoring capacity, this structure increases the risk of weak documentation, slow corrective action, and delayed audit resolution.

The OIG also found that the EAC has historically prioritized programs “often at the expense of compliance and operational infrastructure,” all of which contributes to ongoing internal-control weaknesses.  The report notes that the EAC suffers from outdated or incomplete written policies and procedures with problems documented in audits “dating back to 2006.”

The report cites 21 open recommendations related to internal controls stemming from audits of financial statements, I.T. security, internal procurements, and travel administration, while emphasizing that there is a lack of institutional discipline evidenced by persistent weaknesses in financial data completeness and accuracy.

VVSG 2.1 Draft

The Voluntary Voting System Guidelines (VVSG) provide a national baseline of technical and security standards for voting equipment (e.g., scanners and BMDs), outlining what secure, reliable, accessible, and auditable systems should look like.

While VVSG 2.1 is still in draft form, there are some significant proposed changes.  The draft was reviewed several times in 2025, with the latest working session occurring on September 17, 2025.

Unfortunately, recent elections have shown that VVSG, or at least the implementation of its standards, is inconsistent and arguably substandard.  One of the issues is that VVSG standards and certification are not universally implemented or mandatory unless a state has made it so through its own laws or regulations.

There are several significant proposed changes for VVSG 2.1:

Proposed ban on encoding voters’ cast selections in barcodes/QR codes.  Here, voters must be able to read and confirm their cast vote.  This impacts BMD summary architectures where tabulation relies on scanning a barcode or QR rather than voter-verifiable marks.  The human-readable record becomes the authoritative evidence for tabulation and audits.

Stronger ballot ID linkage.  A unique identifier must appear on the paper ballot and be captured in the CVR at creation, enabling ballot-level audits without tying the ID to voter identity.

Tighter rules to protect the ballot’s selection area.  It must be clearly defined, and any IDs or system printing must not encroach on it, improving auditability and minimizing ambiguity.

Other requirements require more transparency, making log/CVR analysis more accessible to outsiders.  Reduction of “black box” features.

Tighter wireless networking restrictions.  VVSG 2.0 already restricts wireless connectivity by requiring the disabling of devices.  VVSG 2.1 draft language prohibits embedded wireless hardware, emphasizing that voting equipment should not be capable of establishing wireless connections.

VVSG conformance is not just about what a product can do in the lab; it also greatly depends on the way it is deployed and configured in the field.  Some jurisdictions have been found operationalizing workflows that blur security and accountability boundaries.

Axios reported on the realities of election machine vulnerabilities in its 2018 article, “There’s more than one way to hack an election”:

Many parts of election systems are at risk of being exposed to the internet, and thereby potentially being inappropriately accessed or meddled with, ––because of human error or bad security protocols.

Here are some of the main points of risk: registration interfaces, voter registration databases, electronic pollbooks, printed poll books, voting machines, electronic vote tabulation, optical scan vote tabulation, and election management systems.

Whatever one’s view of the way our elections are conducted, real-world examples of system vulnerabilities and unlawful or fraudulent conduct underscore the need for sustained scrutiny and responsible stewardship — particularly where jurisdictions fall short on rigorous network isolation, disciplined configuration management, strict chain-of-custody controls, and transparent audit-ready procedures.