Sponsors (2)
The bill increases election cybersecurity and public confidence through standardized independent testing and coordinated vulnerability disclosure, but does so at the cost of new compliance expenses, possible deployment delays, and some operational and political risks if disclosures or federal standards are not managed carefully.
Voters and election systems will be more secure because certified voting devices must undergo independent penetration testing and coordinated vulnerability disclosure, reducing the risk of successful tampering or large-scale cyber incidents.
State and local election officials gain clearer, standardized testing and accreditation processes and independent testers, which strengthens trust in election technology and provides a consistent path for security assurance.
Jurisdictions may face fewer emergency responses and post-incident costs over time because proactive testing and disclosure can identify and fix vulnerabilities earlier.
State and local election offices — and ultimately taxpayers — may incur new or higher compliance costs to pay for penetration testing, remediation, recertification, or hosting independent testing.
If vulnerability disclosures are mishandled or fixes lag after publication, coordinated disclosure could temporarily increase risk to election systems and voters.
Tighter accreditation and testing requirements could create delays in equipment deployment or recertification where accredited labs or testers are limited, disrupting election logistics.
Based on analysis of 3 sections of legislative text.
Requires EAC to add penetration testing to voting-system certification, directs NIST to recommend accredited penetration testers, and establishes an independent testing and coordinated vulnerability disclosure program.
Introduced November 25, 2025 by David G. Valadao · Last progress November 25, 2025
Requires the U.S. Election Assistance Commission (EAC) to add penetration testing to the testing, certification, decertification, and recertification of voting system hardware and software, with implementation steps to occur within 180 days of enactment. Directs the NIST Director to recommend entities for accreditation to perform penetration testing and sets EAC voting and accreditation requirements focused on penetration-testing competence. Also creates an independent security testing and coordinated cybersecurity vulnerability disclosure program for election systems and updates the Help America Vote Act table of contents.