The National Quantum Cybersecurity Migration Strategy Act of 2025.

This bill pushes the federal government to get ready for a future where powerful quantum computers could break today’s codes. It orders a national plan to move federal systems to “post‑quantum” security. Within 180 days, a federal subcommittee must define what counts as a risky quantum computer, set standards for when it becomes dangerous, rank which agencies need to move fastest, and lay out clear steps and measures for the switch, from prep and data inventory to rollout and monitoring . It also calls for watching high‑risk targets, including parts of critical infrastructure, that could face quantum‑enabled hacks .

A pilot program will require each sector risk management agency to upgrade at least one high‑impact system to post‑quantum protections by January 1, 2027 . The Office of Electronic Government must survey agencies on costs, check that estimates are realistic, identify needed funding, and suggest ways to encourage private companies to adopt post‑quantum security as well . A report to Congress is due within a year, and the Government Accountability Office will review agency progress every year after the strategy is set .

• Who is affected: Federal agencies first; sector risk management agencies must run pilots; critical infrastructure providers are monitored as high‑risk .
• What changes: A government‑wide strategy, standards for when quantum poses real danger, step‑by‑step migration goals, a pilot upgrade, cost and funding review, and ongoing progress checks .
• When: Strategy and pilot setup within 180 days; at least one high‑impact system upgraded by January 1, 2027; first report in 1 year; annual progress assessments after the strategy is issued .