LegisTrack
Back to all bills
HR 3259119th CongressIntroduced

Post Quantum Cybersecurity Standards Act

Introduced: May 7, 2025
InfrastructureTechnology & Innovation
View on Congress.gov
Standard Summary
Comprehensive overview in 1-2 paragraphs

The Post Quantum Cybersecurity Standards Act would upgrade U.S. efforts to prepare for a future where quantum computers could threaten current cryptographic systems. It integrates post-quantum cryptography (PQC) into two key statutes: the National Quantum Initiative Act and the Cyber Security Research and Development Act. The bill directs the National Institute of Standards and Technology (NIST) to promote voluntary adoption and deployment of PQC standards across the economy, with guidance, technical assistance for high-risk organizations (notably critical infrastructure and digital infrastructure providers), and a grant program to help those entities remediate quantum-related vulnerabilities after PQC standards are issued. It also expands NSF-supported cryptography research to explicitly include PQC. In short, the bill aims to accelerate United States adoption of PQC to safeguard communications and data as quantum threats become real, while coordinating with Homeland Security and sector-specific agencies.

Key Points

  • 1Promotes voluntary deployment of post-quantum cryptography standards: NIST, in coordination with the Department of Homeland Security and sector risk management agencies, must disseminate guidance, provide practical assistance, and undertake other activities to encourage adoption across the economy.
  • 2Establishes a grant program for high-risk entities: After PQC standards are issued, NIST may create a program to identify and award grants to organizations at high risk of quantum attacks, to help them adopt PQC and remediate vulnerabilities, with funds governed by Director-set limits.
  • 3Guidance and administration framework: The bill would authorize development and updating of program guidance (eligibility, application requirements, grant amounts/durations, etc.) and requires cross-agency and private-sector consultation to share information about the program and PQC guidance.
  • 4Definitions added: It creates or clarifies key terms for implementation, including critical infrastructure, post-quantum cryptography, and sector risk management agency, to anchor deployment activities in existing federal infrastructure and risk-management structures.
  • 5NSF cryptography research broadened: The Cyber Security Research and Development Act would explicitly include post-quantum cryptography within its scope, expanding federal support for PQC research.

Impact Areas

Primary group/area affected: U.S. organizations involved in critical and digital infrastructure (government, utilities, communications, financial services, and other sectors identified as critical) will be the primary focus for deployment guidance and potential grant support to adopt PQC.Secondary group/area affected: Private sector entities broadly, researchers, and technology providers engaged in cryptography and cybersecurity, as well as sector-specific agencies and risk-management authorities collaborating with NIST and DHS.Additional impacts: Government-wide readiness for quantum-era threats, potential growth in PQC-related research and standards development, and increased coordination between NIST, DHS/CISA, NSF, and private sector partners to standardize and secure cryptographic deployments across the economy.
Generated by gpt-5-nano on Oct 7, 2025