Sponsors (5)
The bill improves national preparedness for quantum computing risks by creating plans, sector prioritization, reporting, and standard definitions, but it incurs additional public and private costs and allows some classified reporting that limits transparency.
Federal agencies, private companies, and critical infrastructure sectors will receive a mitigation plan and guidelines to prepare for quantum threats, improving cybersecurity readiness.
Businesses and regulators in the most vulnerable economic sectors (e.g., financial institutions, utilities, hospitals) will be identified so they can prioritize protections and investment against quantum attacks.
Congress (and state/local governments) will receive timely classified or unclassified reports (initial within 1 year and annual updates for 4 years) to inform policy and funding decisions on quantum threat preparedness.
Small businesses and private-sector organizations will face compliance and implementation costs to adopt recommended mitigation measures, burdening firms with limited cybersecurity budgets.
Taxpayers and federal agencies may face increased federal spending or reallocation of agency resources to prepare for quantum threats, raising fiscal costs.
Taxpayers and private-sector stakeholders may see reduced transparency about specific vulnerabilities because required reporting can be classified, limiting public scrutiny.
Based on analysis of 2 sections of legislative text.
Requires a federal subcommittee to assess quantum threats to cryptography, identify vulnerable sectors, and deliver an initial report and annual mitigation progress reports.
Introduced August 8, 2025 by Suhas Subramanyam · Last progress August 8, 2025
Requires a federal subcommittee to evaluate U.S. and international abilities to build quantum computers that could break current cryptography, identify which economic sectors are most vulnerable, and produce a mitigation plan with guidelines and recommendations. The subcommittee must deliver an initial (classified or unclassified as appropriate) report within one year and then provide annual progress reports for four years.