Quantum Readiness and Innovation Act of 2025
Sponsors
Legislative Progress
In CommitteeMr. Peters (for himself and Mrs. Blackburn) introduced the following …
Summary
What This Bill Does
The Quantum Readiness and Innovation Act of 2025 requires federal agencies to prepare for the threat of quantum computing to current encryption systems. It mandates the National Institute of Standards and Technology (NIST) to develop guidance for transitioning to "post-quantum cryptography" - encryption methods that cannot be broken by future quantum computers. The bill also requires the Office of Science and Technology Policy to create a national strategy and pilot program for federal agencies to begin upgrading their most sensitive systems.
Who Benefits and How
Post-quantum cryptography solution vendors and cybersecurity companies stand to gain significant new revenue opportunities as federal agencies and critical infrastructure operators are directed to purchase quantum-resistant technologies. IT consulting firms and federal contractors specializing in system modernization will see increased demand for their services. Members of the Quantum Economic Development Consortium get a formal advisory role and access to government test beds, positioning them to capture federal contracts. Quantum-resistant hardware manufacturers also benefit from mandates requiring the adoption of quantum-safe hardware.
Who Bears the Burden and How
NIST must develop comprehensive upgrade guidance within 180 days, adding to their workload. The Office of Science and Technology Policy must develop a full national strategy, establish a pilot program, and provide ongoing technical support to participating agencies within 360 days. Federal agencies with high-impact information systems face mandatory participation in planning and executing cryptographic upgrades. Critical infrastructure operators in sectors like energy, finance, and healthcare face new compliance expectations as NIST guidance becomes the de facto standard.
Key Provisions
- Requires NIST to publish guidance within 180 days on upgrading to post-quantum cryptography, including procurement standards for commercial solutions
- Mandates development of a National Quantum Cybersecurity Upgrade Strategy within 360 days, including a definition of what constitutes a "cryptographically relevant quantum computer"
- Establishes a pilot program where federal agencies must upgrade at least one high-impact system to post-quantum cryptography within 18 months
- Requires NIST to make upgrade guidance available to private sector entities and collaborate with industry on adoption assessments
- Mandates reporting to Congress on pilot program progress and actions taken
Evidence Chain:
This summary is derived from the structured analysis below. See "Detailed Analysis" for per-title beneficiaries/burden bearers with clause-level evidence links.
Primary Purpose
Requires federal agencies to develop guidance and strategies for transitioning information systems to post-quantum cryptography to protect against future quantum computing threats.
Policy Domains
Legislative Strategy
"Proactive preparation for quantum computing threats by establishing federal guidance, procurement standards, and a pilot program for transitioning to quantum-resistant cryptography before cryptographically relevant quantum computers exist."
Likely Beneficiaries
- Post-quantum cryptography solution vendors
- Cybersecurity consulting firms
- IT modernization contractors
- Quantum-resistant hardware manufacturers
- Federal IT contractors
Likely Burden Bearers
- National Institute of Standards and Technology (new guidance mandates)
- Office of Science and Technology Policy (strategy development, pilot program administration)
- Federal agencies (system upgrades and compliance)
- Sector risk management agencies (pilot program participation)
Bill Structure & Actor Mappings
Who is "The Secretary" in each section?
- "qedc"
- → Quantum Economic Development Consortium
- "the_director_nist"
- → Director of the National Institute of Standards and Technology
- "the_director_ostp"
- → Director of the Office of Science and Technology Policy
Key Definitions
Terms defined in this bill
The Committee on Commerce, Science, and Transportation of the Senate; and the Committee on Energy and Commerce of the House of Representatives.
Have the meanings given in section 3 of the Quantum Computing Cybersecurity Preparedness Act (Public Law 117-260).
Critical infrastructure sectors defined in the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22), dated April 30, 2024.
A Federal information system that holds sensitive information, the loss of which would be categorized as high impact under Federal Information Processing Standards Publication 199.
Cryptographic algorithms or methods assessed not to be specifically vulnerable to attack by either a quantum computer or classical computer, including NIST FIPS 203, 204, and 140-3 compliant methods operating within zero trust architecture.
Has the meaning given in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).
A sector risk management agency; a Federal agency; or a mission partner of a Federal agency.
We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.
Learn more about our methodology