Sponsors (5)
The bill strengthens national cybersecurity against future quantum threats by funding plans, assistance, and assessments, but does so at a cost to taxpayers and businesses and with risks of operational disruption and reduced public transparency.
Federal agencies and critical infrastructure operators will receive targeted mitigation plans and guidance to reduce quantum-threat risks, improving national cybersecurity readiness.
Private and public sector entities — especially small businesses, utilities, and financial firms — will get technical assistance, pilot programs, and cyber‑hygiene guidance to speed adoption of post‑quantum cryptography and lower implementation barriers.
Congress will receive classified and unclassified assessments and policy recommendations on quantum threats to better inform legislation and funding decisions.
Taxpayers, small businesses, and financial institutions may face increased federal spending and compliance costs to prepare for and implement mitigation plans.
Financial institutions and utilities designated as vulnerable could be pressured by timelines to hastily adopt new cryptography, risking operational disruption or interoperability issues.
Classified reporting to Congress may limit public transparency about threats and progress, making it harder for smaller firms and the public to assess risks and plan.
Based on analysis of 2 sections of legislative text.
Requires a federal subcommittee to assess risks from cryptographically-relevant quantum computers, deliver an initial mitigation plan within 1 year, and provide annual adoption progress reports for four years.
Introduced August 8, 2025 by Suhas Subramanyam · Last progress August 8, 2025
Requires a federal subcommittee to assess risks from so-called cryptographically-relevant quantum computers and to produce an initial assessment and mitigation plan within one year, followed by annual progress reports for four years. The subcommittee must evaluate U.S. development and adoption of mitigations (including post-quantum cryptography), identify vulnerable sectors, propose collaboration and support measures, and provide guidelines for determining when a quantum computer is cryptographically relevant.