Streamlining Federal Cybersecurity Regulations Act of 2025
Sponsored By: Senator Gary Peters
Introduced
Summary
This bill would create a federal Harmonization Committee to harmonize federal cybersecurity requirements across agencies and sectors. It would build a common baseline of rules while allowing tailored, performance‑based standards for sector risks and testing those ideas in voluntary pilots.
Your PRIA Score
Personalized for You
How does this bill affect your finances?
Sign up for a PRIA Policy Scan to see your personalized alignment score for this bill and every other piece of legislation we track. We analyze your financial profile against policy provisions to show you exactly what matters to your wallet.
Bill Overview
Analyzed Economic Effects
4 provisions identified: 2 benefits, 0 costs, 2 mixed.
New federal cybersecurity harmonization committee
This bill would direct the National Cyber Director to set up and chair an interagency Harmonization Committee. The Committee would list its members publicly and get administrative support from the National Cyber Director. Not later than 1 year after enactment, the Committee would develop and publish a regulatory framework with a common baseline of cybersecurity requirements, reciprocity rules, and draft regulatory language. The Committee could give technical help to states, tribes, local governments, and to foreign governments only with the Secretary of State's concurrence and coordination with NIST.
Office of Management and Budget guidance
This bill would require the Office of Management and Budget to issue coordination guidance within 180 days of enactment. After the initial pilots end and the pilot report is submitted, OMB would issue further guidance within 1 year to update regulatory review, provide draft regulatory language, and give an implementation template. Agencies would need to report to appropriate congressional committees on how they implement that guidance.
Voluntary cybersecurity pilot programs
This bill would require the Committee to run voluntary pilot programs after the framework is published. Each pilot would use 3 to 6 cybersecurity requirements and include 3 to 5 agencies, with at least one requirement from each agency. Agencies and regulated entities would join voluntarily and agencies could, with entity consent, issue waivers or alternative procedures for participants. Each pilot would end 7 years after it begins, and the Committee must report within 1 year of each pilot and report to Congress annually until the pilot ends.
Consultation rules and agency limits
This bill would require agencies to consult the Harmonization Committee before issuing or changing cybersecurity rules, except in exigent circumstances. After consultation, the Committee would give an advisory report on how well a proposal fits the framework. The bill would also say it does not give agencies any new authorities or change existing authorities, except limited exceptions needed to run the pilots.
Free Policy Watch
You just read the policy. Now see what it costs you.
Pick a topic. PRIA runs your household against live legislation and sends you a free personalized readout.
Pick a topic to get started
Sponsors & CoSponsors
Sponsor
Gary Peters
MI • D
Cosponsors
Sen. Lankford, James [R-OK]
OK • R
Sponsored 5/22/2025
Roll Call Votes
No roll call votes available for this bill.
View on Congress.govTake It Personal
Get Your Personalized Policy View
Take the PRIA Score to see how policy affects your household, then upgrade to PRIA Full Coverage for year-round monitoring.
Already have an account? Sign in