The company noted that private industry would have input on the shaping of the performance standards, but that government agencies would have the final say. IBM claimed the standards would become "mandatory in practice."
The company also complained that the legislation unnecessarily slows down the sharing of cyber threat information and imposes too much bureaucracy on the process.
The authors of the legislation restricted the information-sharing language to appease privacy advocates, who had worried that the bill would give military spy agencies access to people's personal information.
IBM said it hopes "Congress can pass bipartisan, common-sense cybersecurity legislation" and applauded Senate Majority Leader Harry Reid (D-Nev.) for saying he would allow an open amendment process for the bill.
TechAmerica, an industry trade group that includes IBM, also criticized the bill during a conference call with reporters.
Trey Hodgkins, TechAmerica's vice president for public policy and advocacy, worried that a certain provision of the legislation would trigger mandatory standards for companies after one year.
Kevin Richards, vice president of federal government affairs for TechAmerica, said the bill "represents a clear step forward" but his group will continue to lobby senators to make the performance standards truly voluntary.
"It's been a very interesting week— and it'll be a very interesting week next week too," Richards said.
"They're trying to fit a whole NFL season into a two week effort."