The National Quantum Cybersecurity Migration Strategy Act of 2025.
- Bill Number
- S. 2558
- Origin Chamber
- Senate
- Congress
- 119th Congress, Session 1
- Policy Area
- Science, Technology, Communications
- Status
- Introduced
- Latest Action
- 2025-07-30: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- Last Updated
- 2025-09-18T20:15:41Z
AI-Generated Summary
Purpose This legislation directs federal efforts to prepare agencies for transitioning to post-quantum cryptography, which protects data from attacks by quantum computers that could break current encryption methods. It aims to create a coordinated national strategy for this migration while assessing risks and costs.
Key Provisions
- Requires the Subcommittee on the Economic and Security Implications of Quantum Information Science (established under the National Quantum Initiative Act) to develop a National Quantum Cybersecurity Migration Strategy within 180 days, in coordination with the National Institute of Standards and Technology and consultation with the Quantum Economic Development Consortium.
- The strategy must include: a definition of a cryptographically relevant quantum computer; standards for identifying such computers; agency-specific urgency assessments based on critical functions and risks; performance measures across four migration stages (preparation, baseline data inventory, planning/execution with protections for data at rest and in motion, and monitoring/evaluation); and a plan for high-risk entities, including critical infrastructure providers.
- Establishes a post-quantum pilot program requiring each sector risk management agency to upgrade at least one high-impact system to post-quantum cryptography by January 1, 2027.
- Directs the Administrator of the Office of Electronic Government to survey agencies on migration costs (personnel, equipment, time), verify estimates, identify needed funding/resources, and advise on encouraging private-sector adoption.
- Mandates a joint report to Congress within one year on migration assessments, the pilot program, and costs.
- Requires annual assessments by the Comptroller General of the United States on agency progress using the defined performance measures.
Significant Changes to Existing Law This bill introduces new mandatory requirements for quantum cybersecurity planning that build upon the National Quantum Initiative Act (15 U.S.C. 8814a) by expanding the subcommittee’s duties. It does not repeal or amend prior statutes but adds specific timelines, pilot obligations, and reporting mechanisms focused on post-quantum cryptography migration.
Potential Impacts
- Government agencies: Federal agencies must conduct risk assessments, inventory data, upgrade systems, and allocate resources for migration, potentially increasing short-term costs and administrative workload.
- Critical infrastructure: Entities designated as high-risk, including providers of critical infrastructure, face evaluation and potential upgrades.
- Citizens: Indirect benefits through strengthened protection of sensitive federal data; no direct effects on individual rights or daily activities are specified.
- International relations: No explicit provisions address foreign policy, though improved U.S. cryptographic standards could influence global cybersecurity norms.
Main Stakeholders Affected
- Federal agencies and their heads.
- Sector risk management agencies.
- The Subcommittee on the Economic and Security Implications of Quantum Information Science.
- National Institute of Standards and Technology.
- Office of Electronic Government and Office of Management and Budget.
- Comptroller General of the United States.
- Providers of critical infrastructure and private-sector entities encouraged to adopt post-quantum cryptography.
Notable Legal, Constitutional, or Political Implications The bill focuses on executive branch coordination and information security without raising apparent constitutional concerns, as it operates within existing federal authority over government systems. It reflects bipartisan support for proactive national security measures against emerging quantum threats, with oversight through congressional reporting and independent audits.
This summary was generated by AI and may contain inaccuracies. Refer to the official source document for the authoritative text.
Sponsor
Cosponsors (1)
Recent Actions
- 2025-07-30: Read twice and referred to the Committee on Homeland Security and Governmental Affairs.
- 2025-07-30: Introduced in Senate
Bill Versions
- The National Quantum Cybersecurity Migration Strategy Act of 2025. — issued 2025-07-30 — PDF (7 pages)