United States of America: Senate Amendment 3684 to National Defense Authorization Act for Fiscal Year 2026 entitled On Strategy for Federal Agency Migration to Post-Quantum Cryptography was introduced in Senate

On 2 August 2025, the Senate Amendment was 3684 was submitted to amend the Senate Bill 2296, the National Defense Authorization Act for Fiscal Year 2026, proposing the addition of Section 1067, entitled “Strategy for Federal Agency Migration to Post-Quantum Cryptography”, to subtitle F of title X of the bill authorising appropriations for fiscal year 2026 for military activities of the Department of Defense, military construction, and defence activities of the Department of Energy. The section defines terms including “cryptography” as per National Institute of Standards and Technology (NIST) Special Publications 1800-21B and 800-59, “classical computer”, “quantum computer”, “post-quantum cryptography”, “critical infrastructure” under 42 U.S.C. 5195c(e), “high-impact system” under Federal Information Processing Standards Publication 199, and “sector risk management agency” under 6 U.S.C. 650. It mandates that within 180 days of enactment, the Subcommittee on the Economic and Security Implications of Quantum Information Science, in coordination with NIST and in consultation with the Quantum Economic Development Consortium, develop a National Quantum Cybersecurity Migration Strategy covering definitions of cryptographically relevant quantum computers, recommended standards, urgency assessments per agency, performance measures for four migration stages, and monitoring plans for high-risk entities. It requires the establishment of a post-quantum pilot programme for each sector risk management agency to upgrade at least one high-impact system to post-quantum cryptography by 1 January 2027. It further directs the Administrator of the Office of Electronic Government to conduct a survey of migration costs, verify the data, identify necessary funding, and advise on private sector adoption. A joint report to Congress on the strategy, pilot programme, and cost survey is required within one year of enactment, with the Comptroller General mandated to submit annual performance-based assessments of agency migration progress thereafter.