On December 21, 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act (H.R. 7535, Public Law 117-260) into law. The legislation passed the House 420-3 and cleared the Senate by unanimous consent.
The act required OMB to issue guidance within 180 days directing each federal agency to establish and maintain a prioritized inventory of information technology systems vulnerable to quantum decryption. Within one year of NIST issuing post-quantum cryptography standards, OMB must issue guidance requiring agencies to develop migration plans. Annual reporting to Congress on migration progress is mandated for five years following publication of the NIST standards. National Security Systems were exempted from the act’s requirements.