GENERAL ASSEMBLY OF NORTH CAROLINA
SESSION 2025
S D
SENATE BILL DRS45291-LRa-130A
Short Title: Cybersecurity and Quantum Resilience Study. (Public)
Sponsors: Senators Theodros, Salvador, and Chaudhuri (Primary Sponsors).
Referred to:
*DRS45291 -LRa-130A*
A BILL TO BE ENTITLED 1
AN ACT ESTABLISHING THE NORTH CAROLINA CYBERSECURITY AND QUANTUM 2
RESILIENCE STUDY COMMISSION AND APPROPRIATING FUNDS FOR THAT 3
PURPOSE. 4
The General Assembly of North Carolina enacts: 5
SECTION 1.(a) This act shall be known and may be cited as the North Carolina 6
Cybersecurity and Quantum Resilience Study Act. 7
SECTION 1.(b) The North Carolina Cybersecurity and Quantum Resilience Study 8
Commission (Commission) is established to investigate the potential impacts of emerging 9
quantum computing technologies on the security of State systems, legacy encryption methods, 10
and critical infrastructure—including the Internet of Things (IoT) and smart city initiatives. The 11
Commission shall review vulnerabilities and provide recommendations on necessary future 12
measures to enhance the state's cybersecurity posture. To help guide the Commission work, the 13
General Assembly finds that: 14
(1) Advances in quantum computing pose potential risks to traditional encryption 15
methods, such as Rivest–Shamir–Adleman (RSA) and Elliptic Curve 16
Cryptography (CC), that many State and local systems rely on. 17
(2) Emerging technologies and IoT integrations, common in smart city initiatives, 18
could be at risk if quantum computing breakthroughs compromise existing 19
security protocols. 20
(3) North Carolina is home to a robust academic and technological ecosystem 21
which can contribute significantly to understanding and mitigating these risks. 22
(4) A proactive study is necessary to understand the scope of these vulnerabilities 23
and to inform potential legislative or administrative actions in the future. 24
SECTION 1.(c) The Commission shall be composed of twenty-one (21) members, 25
with seven members appointed by the Governor, seven members appointed by the President Pro 26
Tempore of the Senate, and seven members appointed by the Speaker of the House of 27
Representatives, as follows: 28
(1) Five representatives from cabinet agencies appointed by the Governor. 29
(2) Three cybersecurity experts from both the public and private sectors appointed 30
by the President Pro Tempore. 31
(3) Two academic experts in quantum computing and cybersecurity from North 32
Carolina institutions appointed by the President Pro Tempore 33
(4) Three industry representatives involved in IoT, smart infrastructure, and 34
cryptographic technologies appointed by the Speaker. 35
FILED SENATE
Mar 25, 2025
S.B. 562
PRINCIPAL CLERK General Assembly Of North Carolina Session 2025
Page 2 DRS45291-LRa-130A
(5) Two public policy experts with experience in technology and cybersecurity 1
appointed by the Speaker. 2
(6) Six members of the general public knowledgeable about State government or 3
information technology. 4
SECTION 1.(d) The Commission is charged with the following duties: 5
(1) Conducting a comprehensive review of state IT systems and critical 6
infrastructure to identify vulnerabilities associated with legacy encryption 7
methods. 8
(2) Evaluating the potential impact of quantum computing on these systems. 9
(3) Analyzing current and emerging quantum-resistant cryptographic standards. 10
(4) Assessing risks in IoT and smart city implementations. 11
(5) Providing a roadmap and recommendations for necessary legislative, 12
regulatory, or administrative measures to bolster cybersecurity against future 13
quantum threats. 14
SECTION 1.(e) The Commission's tasks and deliverables include: 15
(1) Risk assessment to identify and document systems and sectors most 16
vulnerable to quantum-related cyber threats and evaluate the state's current 17
cybersecurity measures and determine gaps in protection. 18
(2) Research collaboration to engage with local universities and industry experts 19
to gather insights on quantum-resistant cryptographic techniques. 20
(3) Develop a recommendation roadmap to propose a timeline for transitioning to 21
quantum-safe encryption methods where needed and outline potential policies 22
or incentives for upgrading critical infrastructure security. 23
SECTION 1.(f) The Commission shall submit a comprehensive report with findings, 24
a detailed risk assessment, and recommended actions to the General Assembly by July 1, 2026. 25
SECTION 2.(a) Effective July 1, 2025, there is appropriated from the General Fund 26
to the General Assembly the sum of two hundred fifty thousand dollars ($250,000) to fund the 27
work of the Commission, including research initiatives, public hearings, stakeholder meetings, 28
and report development. The Commission may explore potential partnerships or federal grant 29
opportunities to supplement research and study efforts. 30
SECTION 2.(b) The Commission shall be convened within 30 days of this act's 31
enactment. The Commission members shall elect a chair and vice-chair. Members of the 32
Commission shall receive reimbursement as provided by Chapter 138 of the General Statutes. 33
SECTION 2.(c) Sensitive information received by the Commission shall remain 34
confidential and does not constitute a public record as defined by G.S. 132-1. For the purposes 35
of this subsection, the chair and vice-chair of the Commission may designate jointly information 36
as sensitive after balancing the need for public access against security concerns and 37
confidentiality requirements. 38
SECTION 2.(d) The Joint Legislative Committee on Information Technology shall 39
monitor the commission's progress. The Commission's report and recommendations will be 40
reviewed by the General Assembly to determine any further legislative or administrative actions 41
necessary during the 2026 Regular Session of the 2025 General Assembly, with provisions for 42
subsequent studies or actions as needed. 43
SECTION 3. Except as otherwise provided, this act is effective when it becomes 44
law. 45