Sponsors (2)
The bill accelerates and standardizes the U.S. shift to post‑quantum cryptography—improving protection and accountability for critical systems—while imposing near‑term costs, potential legal rigidity, administrative ambiguity, and privacy/ regulatory concerns.
Utilities, financial institutions, hospitals, and other critical infrastructure operators are required to upgrade at least one high‑impact system to post‑quantum cryptography by Jan 1, 2027, accelerating practical defenses for systems that protect public services and national security.
Federal agencies and taxpayers will get a coordinated National Quantum Cybersecurity Migration Strategy within 180 days plus OMB/GAO reporting and a required cost survey, creating clear standards, timelines, accountability, and better budget planning for migration.
Federal agencies and contractors (and the sector risk management agencies) receive statutory, uniform definitions for cryptography, quantum, post‑quantum, critical infrastructure, and sector risk management agencies, reducing ambiguity in procurement and compliance.
Utilities, financial institutions, hospitals, federal agencies and taxpayers will face transitional compliance and modernization costs — and a risk of unfunded mandates — to implement post‑quantum upgrades.
Locking statutory definitions to specific NIST/FIPS versions risks creating legal and procedural rigidity if standards evolve, requiring future legislative changes to remain aligned with best practices.
Short timelines (180 days for a strategy; a 2027 upgrade requirement) may strain agency IT capacity and staff, diverting resources from other priorities and slowing effective implementation.
Based on analysis of 3 sections of legislative text.
Mandates a federal strategy, a post‑quantum pilot, agency cost surveys, and reports to move federal high‑impact systems to post‑quantum cryptography.
Introduced July 30, 2025 by Gary C. Peters · Last progress July 30, 2025
Requires a federal subcommittee to produce a National Quantum Cybersecurity Migration Strategy within 180 days and to run a post-quantum cryptography pilot that has each sector risk management agency upgrade at least one high‑impact system by January 1, 2027. Directs OMB and the Office of Electronic Government to survey agency migration costs, identify funding needs and private‑sector incentives, and deliver a joint report to Congress; GAO will assess progress annually against the strategy's performance measures.