Sponsors (2)
The bill accelerates nationwide adoption of post‑quantum cryptography through NIST‑aligned standards, pilots, and agency requirements—strengthening long‑term data security—but does so at near‑term cost and implementation risk that may disproportionately burden smaller or under‑resourced organizations and create uncertainty if timelines or standard references are too rigid.
Federal agencies, critical infrastructure, and private-sector organizations will be pushed to adopt vetted post‑quantum cryptography through required agency use, coordinated plans, and technical support, reducing the long‑term risk that sensitive federal and sector data can be decoded by future quantum attacks.
Agencies and covered entities get clearer standards and definitions (aligned to NIST) which reduces ambiguity about what counts as a 'high‑impact system' and how to prioritize and secure sensitive systems, improving federal cybersecurity governance and interoperability.
NIST technical assistance, testbeds, interoperability frameworks, and authoritative Special Publications give firms and agencies practical guidance and common specifications, lowering procurement uncertainty and smoothing interoperable deployments of post‑quantum solutions.
Taxpayers, agencies, contractors, and affected businesses will face meaningful near‑term costs to replace or upgrade cryptographic systems, meet FIPS/zero‑trust expectations, and run pilots and reporting activities.
Smaller organizations, rural providers, and less‑resourced public entities may get uneven support from voluntary coordination and pilots, leaving them behind in readiness and increasing concentration of advantages for larger, well‑connected firms.
Aggressive timelines (e.g., 180 days for guidance and 18 months for pilot upgrades) could produce incomplete or frequently revised guidance, creating implementation uncertainty and operational disruption for agencies and private implementers.
Based on analysis of 4 sections of legislative text.
Introduced December 2, 2025 by Gary C. Peters · Last progress December 2, 2025
Requires NIST and OSTP to lead U.S. planning and guidance for upgrading information systems to post‑quantum cryptography. NIST must issue technical guidance within 180 days; OSTP must produce a national upgrade strategy and launch a voluntary pilot program within 360 days to help federal and sector agencies upgrade at least one high‑impact system each, with reporting to Congress.