S3312-119

In Committee

Quantum Readiness and Innovation Act of 2025

119th Congress Introduced Dec 2, 2025

Analysis under review: This bill has generated analysis that may be too generic or incomplete. Clause-level evidence remains available below.

Summary

What This Bill Does

The Quantum Readiness and Innovation Act of 2025 requires federal agencies to prepare for the threat of quantum computing to current encryption systems. It mandates the National Institute of Standards and Technology (NIST) to develop guidance for transitioning to "post-quantum cryptography" - encryption methods that cannot be broken by future quantum computers. The bill also requires the Office of Science and Technology Policy to create a national strategy and pilot program for federal agencies to begin upgrading their most sensitive systems.

Who Benefits and How

Post-quantum cryptography solution vendors and cybersecurity companies stand to gain significant new revenue opportunities as federal agencies and critical infrastructure operators are directed to purchase quantum-resistant technologies. IT consulting firms and federal contractors specializing in system modernization will see increased demand for their services. Members of the Quantum Economic Development Consortium get a formal advisory role and access to government test beds, positioning them to capture federal contracts. Quantum-resistant hardware manufacturers also benefit from mandates requiring the adoption of quantum-safe hardware.

Who Bears the Burden and How

NIST must develop comprehensive upgrade guidance within 180 days, adding to their workload. The Office of Science and Technology Policy must develop a full national strategy, establish a pilot program, and provide ongoing technical support to participating agencies within 360 days. Federal agencies with high-impact information systems face mandatory participation in planning and executing cryptographic upgrades. Critical infrastructure operators in sectors like energy, finance, and healthcare face new compliance expectations as NIST guidance becomes the de facto standard.

Key Provisions

  • Requires NIST to publish guidance within 180 days on upgrading to post-quantum cryptography, including procurement standards for commercial solutions
  • Mandates development of a National Quantum Cybersecurity Upgrade Strategy within 360 days, including a definition of what constitutes a "cryptographically relevant quantum computer"
  • Establishes a pilot program where federal agencies must upgrade at least one high-impact system to post-quantum cryptography within 18 months
  • Requires NIST to make upgrade guidance available to private sector entities and collaborate with industry on adoption assessments
  • Mandates reporting to Congress on pilot program progress and actions taken

Evidence Chain:

This summary is generated from the full bill text using AI analysis. Expand "Detailed Analysis" below for identified beneficiaries/burden bearers.

At a Glance

What This Bill Does

Requires federal agencies to develop guidance and strategies for transitioning information systems to post-quantum cryptography to protect against future quantum computing threats.

Who Benefits

  • Post-quantum cryptography solution vendors
  • Cybersecurity consulting firms
  • IT modernization contractors

Who Bears Costs

  • National Institute of Standards and Technology (new guidance mandates)
  • Office of Science and Technology Policy (strategy development, pilot program administration)
  • Federal agencies (system upgrades and compliance)

Key Policy Areas

Cybersecurity, Technology, Federal Government Operations, Critical Infrastructure

Primary Purpose

Requires federal agencies to develop guidance and strategies for transitioning information systems to post-quantum cryptography to protect against future quantum computing threats.

Policy Domains

Cybersecurity Technology Federal Government Operations Critical Infrastructure

Legislative Strategy

"Proactive preparation for quantum computing threats by establishing federal guidance, procurement standards, and a pilot program for transitioning to quantum-resistant cryptography before cryptographically relevant quantum computers exist."

Identified Gains

  • Post-quantum cryptography solution vendors
  • Cybersecurity consulting firms
  • IT modernization contractors
  • Quantum-resistant hardware manufacturers
  • Federal IT contractors

Identified Costs

  • National Institute of Standards and Technology (new guidance mandates)
  • Office of Science and Technology Policy (strategy development, pilot program administration)
  • Federal agencies (system upgrades and compliance)
  • Sector risk management agencies (pilot program participation)

Legislative Progress

In Committee
Introduced Committee Passed
Dec 2, 2025

Mr. Peters (for himself and Mrs. Blackburn) introduced the following …

Dec 2, 2025

Read twice and referred to the Committee on Commerce, Science, …

Dec 2, 2025

Introduced in Senate

Stakeholder Effects

cui bono?

How this legislation distributes effects. Mention counts reflect frequency, not effect magnitude.

Technology
4 mentions across 3 clauses
+4 positive

Post-quantum cryptography solution providers, Post-quantum cryptography solution vendors, Post-quantum cryptography vendors and solution providers

Government
4 mentions across 2 clauses
-4 negative

Federal agencies with high-impact information systems, National Institute of Standards and Technology, Office of Science and Technology Policy

Professional Services
2 mentions across 2 clauses
+2 positive

Federal IT modernization contractors, IT systems integrators and federal contractors

Critical Infrastructure
1 mention across 1 clause
?1 uncertain

Critical infrastructure operators (energy, finance, healthcare, etc.)

Manufacturing
1 mention across 1 clause
+1 positive

Quantum-resistant hardware manufacturers

3/4
sections analyzed
Full impact breakdown

Bill Structure & Actor Mappings

Who is "The Secretary" in each section?

Domains
Cybersecurity Technology Federal Government Operations
Actor Mappings
"qedc"
→ Quantum Economic Development Consortium
"the_director_nist"
→ Director of the National Institute of Standards and Technology
"the_director_ostp"
→ Director of the Office of Science and Technology Policy

Key Definitions

Terms defined in this bill

7 terms
"appropriate congressional committees" §2(a)

The Committee on Commerce, Science, and Transportation of the Senate; and the Committee on Energy and Commerce of the House of Representatives.

"classical computer and quantum computer" §2(b)

Have the meanings given in section 3 of the Quantum Computing Cybersecurity Preparedness Act (Public Law 117-260).

"critical infrastructure sectors" §2(c)

Critical infrastructure sectors defined in the National Security Memorandum on Critical Infrastructure Security and Resilience (NSM-22), dated April 30, 2024.

"high-impact system" §2(d)

A Federal information system that holds sensitive information, the loss of which would be categorized as high impact under Federal Information Processing Standards Publication 199.

"post-quantum cryptography" §2(e)

Cryptographic algorithms or methods assessed not to be specifically vulnerable to attack by either a quantum computer or classical computer, including NIST FIPS 203, 204, and 140-3 compliant methods operating within zero trust architecture.

"sector risk management agency" §2(f)

Has the meaning given in section 2200 of the Homeland Security Act of 2002 (6 U.S.C. 650).

"covered entity" §4(b)(5)

A sector risk management agency; a Federal agency; or a mission partner of a Federal agency.

We use a combination of our own taxonomy and classification in addition to large language models to assess meaning and potential beneficiaries. High confidence means strong textual evidence. Always verify with the original bill text.

Learn more about our methodology