House Bill Introduced to Shield the U.S. From Cybersecurity Risks Posed by Quantum Computing

Congress members have proposed legislation that would introduce new measures to enhance the United States’ cybersecurity resilience in the face of advancing quantum computing capabilities.

On August 8, 2025, a bipartisan group of members of the House of Representatives introduced the “Quantum Encryption Readiness and Resilience Act.” This bill builds on the 2022 Quantum Computing Cybersecurity Preparedness Act, which required the National Cyber Director and the Director of the Cybersecurity and Infrastructure Security Agency to develop guidance designed to safeguard against cybersecurity threats posed by quantum computing’s potential to decrypt sensitive information. If enacted, the Quantum Encryption Readiness and Resilience Act would require the Subcommittee on the Economic and Security Implications of Quantum Information Science (“Quantum Subcommittee”) to conduct assessments of the readiness of the United States’ private and public sectors to mitigate the cybersecurity and national security risks posed by quantum computers. The Quantum Encryption Readiness and Resilience Act is therefore intended to motivate private sector entities that rely on cryptography to move toward adopting post-quantum cryptography measures like those detailed in the Quantum Computing Cybersecurity Preparedness Act. 

Quantum Computing and its Potential Benefits and Risks

Quantum computing is a nascent means of advanced processing that uses quantum physics to allow individuals to solve new complex problems and perform functions in a fraction of the time that it would take “classical computers” to do the same. Unlike “classical computers,” which use bits (i.e., ones and zeros) to log and process information, quantum computers use quantum bits, or “qubits.” This difference is what empowers quantum computers to solve complex problems rapidly, as qubits operate in a way that allows quantum computers to consider alternative possibilities in parallel. 

Quantum computing’s advanced processing power offers potential benefits, including the development of new medicines, machine learning breakthroughs, and detailed financial or meteorological forecasting. Congress acknowledged these potential benefits in 2018 by passing the National Quantum Initiative Act, which authorized millions of dollars in federal funding for quantum computing research, and in 2022 through the CHIPS and Science Act, which established measures to “facilitate the advancement of distributed quantum computing systems[.]”

However, in January 2025, the Government Accountability Office published an announcement warning that experts believe that “a quantum computer capable of breaking cryptography may be just 10 to 20 years away,” a sentiment echoed by the National Institute of Standards and Technology, which stated that experts’ estimates as to the time frame for the emergence of a quantum computer “powerful enough to threaten current encryption methods . . . range from a few years to a few decades.” These statements from the federal government express the view that the cybersecurity risks posed by quantum computing are pressing concerns, and the proposed Quantum Encryption Readiness and Resilience Act reflects this sentiment through its express purpose of mitigating “cybersecurity and national security risks” posed by quantum computing.

Proposals in the Bill

The Quantum Encryption Readiness and Resilience Act includes three proposals to address the cybersecurity and national security risks posed by quantum computers:

1. Development of guidelines for identifying “cryptographically-relevant quantum computers” - The bill defines “cryptographically-relevant quantum computers” as “quantum computer[s] with the ability to compromise a cryptographic system that a classical computer is unable to compromise.” If the Quantum Encryption Readiness and Resilience Act is enacted, the Quantum Subcommittee would be required to develop guidelines to determine whether a quantum computer is a cryptographically-relevant quantum computer.
2. Assessment of the United States’ quantum computing capabilities - The bill would also require the Quantum Subcommittee to conduct an assessment within a year of the passage of the bill into law that (1) evaluates the “capabilities and progress of the United States, relative to other countries” to develop “a cryptographically-relevant quantum computer;” (2) reviews the capabilities of the United States relative to other countries to adopt “security and preparedness measures, including post-quantum cryptography;” and (3) identifies the economic sectors most vulnerable to quantum computing risks. This assessment would need to include an examination of the progress made by the United States’ public and private sectors in adopting post-quantum cryptography measures, detailed in guidance to the Quantum Computing Cybersecurity Preparedness Act. The Quantum Encryption Readiness and Resilience Act would require the report to be shared with the Committee on Commerce, Science, and Transportation of the Senate; the Committee on Energy and Natural Resources of the Senate; and the Committee on Science, Space, and Technology of the House of Representatives. After the initial report, the Quantum Subcommittee would be required to draft subsequent reports annually for four years and share these reports with the same congressional committees listed above.
3. Development of a plan to mitigate the cybersecurity and national security risks posed by quantum computers - The bill would also require the Quantum Subcommittee to use its assessments to develop a plan to safeguard against cybersecurity and national security hazards posed by quantum computing. The bill states that this plan must promote enhanced information sharing between the federal government and the private sector and identify measures that the public and private sectors should adopt.

The bill has been referred to the House Committee on Science, Space, and Technology.