HR-4609-117
Placed on the Union Calendar, Calendar No. 177.
Sponsored by Haley Stevens (D-MI)
What it does
This bill would reauthorize the National Institute of Standards and Technology (NIST) through fiscal year 2026 and fund a wide range of research and standards programs. It would direct NIST to develop standards and guidelines in areas including cybersecurity, artificial intelligence, biometric identification (such as facial recognition), digital identity management, greenhouse gas measurement, and international technical standards. It would also create a five-year pilot grant program to help small businesses and academic institutions participate in international standards-setting organizations.
Who benefits
Federal agencies that rely on NIST standards for cybersecurity and technology procurement; private-sector companies that use NIST cybersecurity frameworks; small businesses and universities that would receive grants to participate in international standards bodies; researchers and engineers working in biotechnology, biomanufacturing, and advanced communications; technology companies developing AI and biometric products that benefit from clear federal guidelines; state and local governments that adopt NIST cybersecurity frameworks; and open-source software developers whose products would receive vulnerability assessments.
Who is hurt
Technology companies — particularly those developing facial recognition and biometric systems — that may face new performance standards and compliance costs; private-sector firms that currently set industry standards without federal involvement and may see their influence reduced; companies whose open-source software products are publicly flagged for security vulnerabilities; and taxpayers who would fund the expanded NIST programs and the new grant pilot program. Foreign competitors in standards bodies may face increased U.S. participation that shifts standards in directions favorable to American industry.
Supporters argue
Supporters argue that the United States faces growing threats in cybersecurity, artificial intelligence, and biometric technology that require a strong federal standards body to protect both government systems and the broader economy. They contend that NIST's voluntary, consensus-based approach has a proven track record — its Cybersecurity Framework is widely adopted across critical industries — and that expanding this model to emerging areas like AI and biometrics would provide clear, reliable guidance without heavy-handed regulation. They also argue that funding small businesses and universities to participate in international standards bodies levels the playing field against well-resourced foreign competitors, ensuring that global technology standards reflect American values and interests rather than those of rival nations.
Opponents argue
Opponents argue that expanding NIST's mandate across so many technology domains risks creating a sprawling federal bureaucracy that duplicates work already done by private industry and international standards organizations. They contend that even voluntary federal standards tend to become de facto mandates when government contractors and regulated industries feel pressure to comply, effectively imposing costs on businesses without full congressional scrutiny. Critics also raise concerns that performance standards for biometric and facial recognition systems could entrench particular technologies or methodologies, slowing innovation and disadvantaging companies whose products do not align with NIST's preferred benchmarks. Finally, they argue that the five-year grant pilot program may favor academic institutions over industry practitioners who have deeper real-world expertise in standards development.
Constitutional context
The bill rests primarily on Congress's Commerce Clause authority (Art. I, §8) to regulate interstate and foreign commerce, and on its Spending Clause authority to fund research and grant programs. Biometric identification and digital identity programs implicate the Fourth Amendment's protection against unreasonable searches, as interpreted in Riley v. California (2014) — which required warrants for cell phone searches — and Carpenter v. United States (2018) — which extended warrant requirements to digital location data. First Amendment considerations arise around facial recognition used in public spaces, as flagged in Moody v. NetChoice (2024) regarding government involvement in digital information systems. The bill does not directly regulate private conduct but sets standards that could inform future regulatory or law enforcement use of biometric data.
Checks and balances
The bill expands executive branch authority by directing NIST — an agency within the Department of Commerce — to develop new standards, guidelines, and research programs across multiple technology domains. Congress retains oversight through the reauthorization mechanism (funding expires after FY2026) and through required reporting and coordination provisions. Following the Supreme Court's decision in Loper Bright Enterprises v. Raimondo (2024), which ended Chevron deference, courts — not NIST — would independently interpret the agency's statutory authority if its standards or guidelines are legally challenged, representing a check on executive agency discretion.
Historical precedent
The original NIST Authorization Act of 1988 and subsequent reauthorizations established the agency's role in setting voluntary technology standards. The Cybersecurity Enhancement Act of 2014 similarly expanded NIST's mandate into cybersecurity standards, providing a direct legislative predecessor to this bill's cybersecurity and AI provisions.