Post Quantum Cybersecurity Standards Act
- Bill Number
- H.R. 3259
- Origin Chamber
- House
- Congress
- 119th Congress, Session 1
- Policy Area
- Science, Technology, Communications
- Status
- Introduced
- Latest Action
- 2025-06-11: Ordered to be Reported by the Yeas and Nays: 35 - 0.
- Last Updated
- 2026-05-19T17:20:33Z
AI-Generated Summary
Purpose of the Legislation
The Post Quantum Cybersecurity Standards Act (H.R. 3259) aims to update existing laws to speed up the use of "post-quantum cryptography" (advanced encryption methods resistant to attacks from quantum computers or traditional computers) across the U.S. economy. It promotes voluntary adoption of these standards to protect against future cyber threats and boosts research in U.S. cryptography.
Key Provisions
- Amendments to Definitions in the National Quantum Initiative Act (NQIA):
- Adds "critical infrastructure" (essential systems like power grids or financial networks, as defined in existing law).
- Defines "post-quantum cryptography" as encryption not vulnerable to quantum or classical computer attacks.
- Adds "sector risk management agency" (federal agencies overseeing specific industries' security, per the Homeland Security Act).
- NIST's Role in Deployment (New Subsection in NQIA):
- The Director of the National Institute of Standards and Technology (NIST) must work with the Department of Homeland Security (DHS) Secretary and relevant agencies to encourage voluntary use of post-quantum standards.
- Activities include sharing public guidance and resources, offering technical help to high-risk groups (e.g., critical or digital infrastructure providers), and other support as needed.
- Grant Program for High-Risk Entities:
- After NIST releases post-quantum standards, it can create a program to award grants for technical assistance.
- Grants help entities at risk of quantum-based attacks adopt standards and fix related weaknesses, covering reasonable costs up to a NIST-set limit.
- NIST will issue guidance on eligibility, applications, grant sizes, and durations, and consult with the Cybersecurity and Infrastructure Security Agency (CISA), other agencies, and private sector groups (including nonprofits).
- Amendment to the Cyber Security Research and Development Act (CSRDA):
- Expands National Science Foundation (NSF) research priorities to explicitly include post-quantum cryptography, alongside other cybersecurity topics.
Significant Changes to Existing Law
- To the NQIA: Introduces new definitions and a dedicated subsection on post-quantum deployment, shifting NIST's focus from general quantum initiatives to actionable cybersecurity promotion and support. This builds on NIST's existing role in setting standards but adds voluntary adoption tools like grants.
- To the CSRDA: Broadens NSF's research mandate by inserting post-quantum cryptography into funded areas, ensuring federal support for this emerging field without creating new programs.
Potential Impacts
- On Government Agencies: NIST, NSF, DHS (via CISA), and sector-specific agencies will need to collaborate more closely, potentially increasing workloads for guidance development, consultations, and grant management. This could enhance federal coordination on quantum threats.
- On Citizens and Businesses: High-risk entities (e.g., utilities, banks, tech firms) gain access to free or subsidized help to upgrade security, reducing vulnerability to future quantum attacks that could disrupt services or steal data. Everyday citizens may indirectly benefit from safer critical infrastructure, like secure online banking or power systems.
- On International Relations: By strengthening U.S. cryptography standards and research, the law could position the U.S. as a leader in global quantum security, potentially influencing international standards and alliances against cyber threats from quantum advancements abroad (e.g., in China or Russia). No direct international mandates are included.
Main Stakeholders Affected
- Federal Agencies: NIST (leads deployment and grants), NSF (expanded research), DHS/CISA (consultation and risk assessment), and sector risk management agencies (e.g., those for energy or finance).
- Private Sector: Critical infrastructure owners, digital service providers, and nonprofits at high quantum risk, who can receive technical aid and grants.
- Researchers and Academia: Benefit from NSF's broadened funding for post-quantum studies.
- General Economy: Businesses and consumers relying on secure digital systems, as widespread adoption could prevent economic losses from cyber breaches.
Notable Legal, Constitutional, or Political Implications
- Legal: The bill emphasizes voluntary adoption, avoiding mandates that could face legal challenges under federalism (states' rights) or property rights. Grants are contingent on appropriations, tying implementation to congressional funding without guaranteed enforcement.
- Constitutional: Aligns with Congress's commerce clause authority to regulate interstate economic security, including cybersecurity. No apparent conflicts with free speech or privacy, as it focuses on technical standards rather than content surveillance.
- Political: Bipartisan introduction (by Reps. Stevens and Tenney) signals broad support for quantum readiness amid rising geopolitical cyber concerns. It could spur debates on federal spending priorities versus private innovation, but remains neutral on controversial issues like export controls on quantum tech.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Rep. Stevens, Haley M. [D-MI-11]
Cosponsors (3)
Rep. Tenney, Claudia [R-NY-24], Rep. Fitzpatrick, Brian K. [R-PA-1], Rep. Nunn, Zachary [R-IA-3]
Recent Actions
- 2025-06-11: Ordered to be Reported by the Yeas and Nays: 35 - 0.
- 2025-06-11: Committee Consideration and Mark-up Session Held
- 2025-05-07: Referred to the House Committee on Science, Space, and Technology.
- 2025-05-07: Introduced in House
- 2025-05-07: Introduced in House
Bill Versions
- Post Quantum Cybersecurity Standards Act — issued 2025-05-07 — PDF (6 pages)