Explain The Law LogoExplain The Law Logo
Explain The Law
USA Federal Legislation Simplified

Quantum Computing Cybersecurity Preparedness Act

H.R. 7535
Dec 21, 2022
H.R. 7535
Dec 21, 2022

Summary

Requires government agencies to get ready for new security risks from quantum computers by updating their computer systems to use stronger protection.

What problem does this solve?

Future quantum computers could easily break the security used to protect government data today. This law makes federal agencies find their weak spots and plan to switch to new, quantum-proof security.

What does this law do?

Guidance for quantum-resistant technology
Requires the Office of Management and Budget (OMB) to create rules for government agencies to switch their computer systems to security that can resist quantum computer attacks.
Inventory of vulnerable systems
Mandates that every federal agency create and keep a list of all their computer technology that could be broken into by quantum computers.
Agency migration plans
Directs agencies to develop a plan to move their technology to post-quantum cryptography once the National Institute of Standards and Technology (NIST) releases new security standards.
Reports to Congress
Requires the OMB to report to Congress on the government's overall strategy, the estimated cost of the upgrades, and the progress agencies are making.
Excludes national security systems
Specifies that this law does not apply to national security systems, which are handled separately.

Who does this affect?

  • Federal government agencies
  • Government technology contractors
  • Cybersecurity professionals

What is the real world impact?

Protects national security data
Prevents foreign adversaries from stealing sensitive government information now and breaking its encryption later with a future quantum computer.
Creates a unified government strategy
Ensures all federal agencies follow a coordinated plan for upgrading their cybersecurity, avoiding a messy and inconsistent approach to a major technological shift.
Highlights significant future costs
Requires an estimate of the funding needed for this massive upgrade, which could be very expensive for taxpayers and require large government contracts with the tech industry.

When does this start?

This law sets several deadlines for federal agencies and offices, starting from its enactment on December 21, 2022.
Initial guidance issuance
Within 180 days of the law's passage, the OMB must issue guidance for agencies to begin inventorying their vulnerable systems.
Agency inventory report
Within 1 year of the law's passage, each agency must submit its first inventory of vulnerable technology.
Strategic report to Congress
Within 15 months of the law's passage, the OMB must send Congress a report detailing the government's strategy and estimated costs for the migration.
Migration plan guidance
Within 1 year after NIST issues new standards, the OMB must require agencies to create their plans for switching to the new security.