The bill bolsters election cybersecurity through standardized, independent testing and faster vulnerability remediation, improving trust and resilience but imposing new costs and potential implementation strain on state and local election authorities.
State and local election systems will be subject to regular, independent penetration testing and coordinated vulnerability disclosure, enabling identification and remediation of security flaws before elections.
Voters and the public are likely to gain greater confidence in election integrity because stronger and more consistent security testing reduces the risk of successful manipulation or major technical failures.
State and local election administrators and vendors will operate under clearer, standardized testing and accreditation processes overseen by NIST and accredited entities, raising technical rigor and comparability of results.
State and local election offices and taxpayers will face added upfront and ongoing costs to implement testing, accreditation, and disclosure processes, which may strain tight election budgets or require additional federal/state spending.
The 180-day implementation deadline could force rushed procurement, accreditation, or rollout, increasing the risk of inconsistent testing quality or early gaps in coverage.
Stronger security protocols and compliance requirements will impose additional administrative and technical burdens on local election administrators and vendors, potentially increasing workload and complexity.
Based on analysis of 3 sections of legislative text.
Requires penetration testing in voting-system certification and creates an independent security testing and coordinated vulnerability disclosure program with EAC/NIST roles.
Official title: To amend the Help America Vote Act of 2002 to require the Election Assistance Commission to provide for the conduct of penetration testing as part of the testing and certification of voting systems and to provide for the establishment of an Independent Security Testing and Coordinated Vulnerability Disclosure Pilot Program for Election Systems.
Introduced November 25, 2025 by David G. Valadao · Last progress November 25, 2025
Requires routine, independent penetration testing of voting system hardware and software as part of certification, decertification, and recertification, directs the EAC to implement that requirement within 180 days, and creates an independent security testing and coordinated vulnerability disclosure program for election systems with NIST and EAC roles. Establishes an accreditation process for entities competent to perform penetration testing and integrates that authority into the Help America Vote Act framework.