Sponsors (2)
The bill accelerates and standardizes migration to post‑quantum cryptography—improving security, interoperability, and authoritative guidance—but does so at material near‑term cost, with risks of rushed guidance, uneven adoption, and reduced future flexibility that will disproportionately burden some agencies, contractors, and smaller firms.
Federal agencies and covered critical‑infrastructure entities (and their contractors) get a coordinated strategy, deadlines, and pilot support to upgrade to post‑quantum cryptography—producing concrete near‑term upgrades (one high‑impact system within 18 months) and improved long‑term data security.
Private‑sector organizations (vendors, contractors, financial firms, and small businesses) gain standardized, NIST‑published procurement and selection criteria and authoritative guidance, reducing vendor confusion, procurement risk, and uneven technical interpretations.
Industry adoption is smoothed by federal technical support—test beds, interoperability frameworks, and administrative help—lowering technical barriers and accelerating real‑world deployment of post‑quantum solutions.
Agencies, contractors, critical infrastructure operators, and private firms will face significant compliance and upgrade costs (implementation, audits, procurement changes) that will largely be borne by those entities and ultimately taxpayers.
Narrow, technically prescriptive definitions and tight alignment to specific NIST/FIPS approaches risk locking agencies into particular standards, reducing flexibility to adopt future crypto advances and potentially forcing costly rework.
Fast deadlines for guidance (180 days) and voluntary pilots create implementation risks—rushed or high‑level guidance and uneven adoption could leave some high‑risk systems unprotected and produce short‑term uncertainty for implementers.
Based on analysis of 4 sections of legislative text.
Directs NIST and OSTP to produce guidance and a national strategy for upgrading federal and critical‑infrastructure systems to post‑quantum cryptography and creates a voluntary OSTP pilot with reporting requirements.
Introduced December 2, 2025 by Gary C. Peters · Last progress December 2, 2025
Requires NIST and OSTP to lead a coordinated push to move Federal and critical‑infrastructure information systems to post‑quantum cryptography. NIST must publish guidance within 180 days to help agencies and private sector operators upgrade and procure quantum‑resistant solutions; OSTP must produce a National Quantum Cybersecurity Upgrade Strategy and run a voluntary pilot within 360 days that gives planning and technical support and requires participating entities to upgrade at least one high‑impact system within 18 months of program start, with regular reporting to Congress.