Laws & Statutes NY NY-A-06453
A-06453
NY · State · USA
NY
USA
● Pending
Proposed Effective Date
2025-09-02
New York Assembly Bill 6453-A — Responsible AI Safety and Education (RAISE) Act
Imposes safety, transparency, and accountability obligations on 'large developers' of frontier AI models — defined as entities that have spent over $5 million in compute on at least one frontier model and over $100 million in aggregate compute costs, with accredited academic institutions exempt for academic research. Core obligations include implementing and publicly publishing a written safety and security protocol before deployment, retaining detailed testing records, conducting annual third-party compliance audits, reporting safety incidents to the Division of Homeland Security and Emergency Services within 72 hours, and prohibiting deployment if a frontier model poses unreasonable risk of critical harm. Establishes whistleblower protections for employees who report risks of critical harm. Enforcement is exclusively through the Attorney General, with civil penalties up to $10 million for first violations and $30 million for subsequent violations of the safety provisions.
Passage Likelihood
Medium
Chamber No passage
Committee No action
Majority party Yes
Bipartisan Yes
Prior session None
Legislative History
2025-03-05 committee referral referred to science and technology
2025-05-16 amend and recommit to science and technology amend and recommit to science and technology
2025-05-16 print number 6453a print number 6453a
2025-05-29 committee referral reported referred to codes
2025-06-09 amend and recommit to codes amend and recommit to codes
2025-06-09 print number 6453b print number 6453b
2025-06-11 reference changed to ways and means reference changed to ways and means
2025-06-12 committee referral reported referred to rules
2025-06-12 chamber passage ordered to third reading rules cal.656
2025-06-12 reported reported
2025-06-12 rules report cal.656 rules report cal.656
2025-06-12 substituted by s6953b substituted by s6953b
Mapped Requirements
S-03 Frontier Model Safety Obligations G-01 AI Governance Program & Documentation R-01 Incident Reporting G-03 Whistleblower & Anti-Retaliation Protections
Official Sources
Full Text
Entry Last Reviewed
2026-04-02
AI generated
Summary

Imposes safety, transparency, and accountability obligations on 'large developers' of frontier AI models — defined as entities that have spent over $5 million in compute on at least one frontier model and over $100 million in aggregate compute costs, with accredited academic institutions exempt for academic research. Core obligations include implementing and publicly publishing a written safety and security protocol before deployment, retaining detailed testing records, conducting annual third-party compliance audits, reporting safety incidents to the Division of Homeland Security and Emergency Services within 72 hours, and prohibiting deployment if a frontier model poses unreasonable risk of critical harm. Establishes whistleblower protections for employees who report risks of critical harm. Enforcement is exclusively through the Attorney General, with civil penalties up to $10 million for first violations and $30 million for subsequent violations of the safety provisions.

Enforcement & Penalties
Enforcement Authority
Attorney General enforcement only. The Attorney General may bring a civil action for violations of this article. The Division of Homeland Security and Emergency Services receives safety incident disclosures, safety and security protocols, and audit reports but is not granted independent enforcement authority. The Division must make critical safety incident disclosures available to the Attorney General upon request. No private right of action is created (employees may petition for injunctive relief only against retaliation under § 1422).
Penalties
For violations of § 1421 (transparency and safety requirements): civil penalty up to $10 million for a first violation and up to $30 million for subsequent violations. For violations of § 1422 (employee retaliation): civil penalty up to $10,000 per employee per violation, awarded to the harmed employee. Injunctive or declaratory relief available for violations of either section. Contract provisions that waive, preclude, burden enforcement of, or shift liability arising from violations are void as a matter of public policy. Courts may disregard corporate formalities and impose joint and several liability on affiliated entities that purposely structured corporate arrangements to avoid liability under this article. Employees harmed by retaliation may petition for temporary or preliminary injunctive relief.
Who Is Covered
"Large developer" means a person that has trained at least one frontier model, the compute cost of which exceeds five million dollars, and has spent over one hundred million dollars in compute costs in aggregate in training frontier models. Accredited colleges and universities shall not be considered large developers under this article to the extent that such colleges and universities are engaging in academic research. If a person subsequently transfers full intellectual property rights of the frontier model to another person (including the right to resell the model) and retains none of those rights for themself, then the receiving person shall be considered the large developer and shall be subject to the responsibilities and requirements of this article after such transfer.
"Person" means an individual, proprietorship, firm, partnership, joint venture, syndicate, business trust, company, corporation, limited liability company, association, committee, or any other nongovernmental organization or group of persons acting in concert.
What Is Covered
"Frontier model" means either of the following: (a) an artificial intelligence model trained using greater than 10^26 computational operations (e.g., integer or floating-point operations), the compute cost of which exceeds one hundred million dollars; or (b) an artificial intelligence model produced by applying knowledge distillation to a frontier model as defined in paragraph (a) of this subdivision.
Compliance Obligations 12 obligations · click obligation ID to open requirement page
S-03 Frontier Model Safety Obligations · S-03.5 · Developer · Frontier AI System
Gen. Bus. Law § 1421(1)(a)-(c)
Plain Language
Before deploying any frontier model, a large developer must implement a written safety and security protocol covering critical harm risk reduction, cybersecurity, testing procedures, misuse assessment, compliance requirements, and designation of responsible senior personnel. The developer must retain an unredacted copy for the deployment period plus five years, publicly publish an appropriately redacted version, transmit the redacted version to the Division of Homeland Security and Emergency Services, and grant the Division or Attorney General access to unredacted versions (with redactions only where required by federal law) upon request. Appropriate redactions are limited to public safety, trade secrets, legally required confidentiality, employee/customer privacy, and state/federally controlled information.
Statutory Text
Before deploying a frontier model, the large developer of such frontier model shall do all of the following: (a) Implement a written safety and security protocol; (b) Retain an unredacted copy of the safety and security protocol, including records and dates of any updates or revisions. Such unredacted copy of the safety and security protocol, including records and dates of any updates or revisions, shall be retained for as long as a frontier model is deployed plus five years; (c) (i) Conspicuously publish a copy of the safety and security protocol with appropriate redactions and transmit a copy of such redacted safety and security protocol to the division of homeland security and emergency services; (ii) Grant the division of homeland security and emergency services or the attorney general access to the safety and security protocol, with redactions only to the extent required by federal law, upon request;
S-03 Frontier Model Safety Obligations · S-03.1 · Developer · Frontier AI System
Gen. Bus. Law § 1421(1)(d)-(e)
Plain Language
Before deployment, the large developer must record and retain detailed information about all tests and test results used to assess the frontier model — with enough detail that a third party could replicate the testing procedure. Records must be retained for the deployment period plus five years. The developer must also implement appropriate safeguards to prevent unreasonable risk of critical harm, which encompasses CBRN weapon creation or autonomous AI conduct causing mass casualties or over $1 billion in damages. The intervening-actor carve-out means a developer is only liable for harm inflicted by a human if the developer's activities made that harm substantially easier or more likely.
Statutory Text
(d) Record, as and when reasonably possible, and retain for as long as the frontier model is deployed plus five years information on the specific tests and test results used in any assessment of the frontier model that provides sufficient detail for third parties to replicate the testing procedure; and (e) Implement appropriate safeguards to prevent unreasonable risk of critical harm.
S-03 Frontier Model Safety Obligations · S-03.3 · Developer · Frontier AI System
Gen. Bus. Law § 1421(2)
Plain Language
This is a deployment gate: a large developer is categorically prohibited from deploying a frontier model if deployment would create an unreasonable risk of critical harm. The standard is 'unreasonable risk,' not zero risk. The critical harm threshold is high — death or serious injury of 100+ people or $1 billion+ in damages through CBRN weapon use or autonomous criminal AI conduct. This prohibition operates independently of whether the developer has implemented a safety and security protocol.
Statutory Text
A large developer shall not deploy a frontier model if doing so would create an unreasonable risk of critical harm.
G-01 AI Governance Program & Documentation · G-01.2 · Developer · Frontier AI System
Gen. Bus. Law § 1421(3)
Plain Language
Large developers must conduct an annual review of their safety and security protocol, considering changes in frontier model capabilities and industry best practices. If modifications result from the review, the updated protocol must be published with appropriate redactions and transmitted to the Division of Homeland Security and Emergency Services in the same manner as the initial publication. This is an ongoing obligation — it is not satisfied by the initial pre-deployment implementation.
Statutory Text
A large developer shall conduct an annual review of any safety and security protocol required by this section to account for any changes to the capabilities of their frontier models and industry best practices and, if necessary, make modifications to such safety and security protocol. If any modifications are made, the large developer shall publish the safety and security protocol in the same manner as required pursuant to paragraph (c) of subdivision one of this section.
G-01 AI Governance Program & Documentation · G-01.5 · Developer · Frontier AI System
Gen. Bus. Law § 1421(4)(a)-(e)
Plain Language
Large developers must annually retain an independent third-party auditor to assess compliance with all requirements of § 1421. The auditor must have access to unredacted materials, and the audit report must include: a detailed compliance assessment, identified noncompliance instances with improvement recommendations, an assessment of internal controls and designated senior compliance personnel, and the lead auditor's certification. The developer must retain the unredacted report for deployment plus five years, publicly publish an appropriately redacted version, transmit the redacted version to the Division of Homeland Security and Emergency Services, and provide unredacted access to the Division or Attorney General upon request (federal-law redactions only). The 90-day grace period applies to entities that newly qualify as large developers after the act's effective date.
Statutory Text
(a) Beginning on the effective date of this article, or ninety days after a developer first qualifies as a large developer, whichever is later, a large developer shall annually retain a third party to perform an independent audit of compliance with the requirements of this section. Such third party shall conduct audits consistent with best practices. (b) The third party shall be granted access to unredacted materials as necessary to comply with the third party's obligations under this subdivision. (c) The third party shall produce a report including all of the following: (i) A detailed assessment of the large developer's steps to comply with the requirements of this section; (ii) If applicable, any identified instances of noncompliance with the requirements of this section, and any recommendations for how the developer can improve its policies and processes for ensuring compliance with the requirements of this section; (iii) A detailed assessment of the large developer's internal controls, including its designation and empowerment of senior personnel responsible for ensuring compliance by the large developer, its employees, and its contractors; and (iv) The signature of the lead auditor certifying the results of the audit. (d) The large developer shall retain an unredacted copy of the report for as long as a frontier model is deployed plus five years. (e) (i) The large developer shall conspicuously publish a copy of the third party's report with appropriate redactions and transmit a copy of such redacted report to the division of homeland security and emergency services. (ii) The large developer shall grant the division of homeland security and emergency services or the attorney general access to the third party's report, with redactions only to the extent required by federal law, upon request.
R-01 Incident Reporting · R-01.1 · Developer · Frontier AI System
Gen. Bus. Law § 1421(5)
Plain Language
Large developers must report each safety incident affecting a frontier model to the Division of Homeland Security and Emergency Services within 72 hours of learning of the incident or of learning facts establishing a reasonable belief that an incident has occurred. The report must include the incident date, the reasons it qualifies as a safety incident, and a plain-language description. Safety incidents include: autonomous model behavior beyond user requests, model weight theft or unauthorized access, critical failure of technical or administrative controls, and unauthorized model use — but only where the incident provides demonstrable evidence of increased critical harm risk. The 72-hour clock starts from actual knowledge or constructive knowledge.
Statutory Text
A large developer shall disclose each safety incident affecting the frontier model to the division of homeland security and emergency services within seventy-two hours of the large developer learning of the safety incident or within seventy-two hours of the large developer learning facts sufficient to establish a reasonable belief that a safety incident has occurred. Such disclosure shall include: (a) the date of the safety incident; (b) the reasons the incident qualifies as a safety incident as defined in subdivision thirteen of section fourteen hundred twenty of this article; and (c) a short and plain statement describing the safety incident.
Other · Developer · Frontier AI System
Gen. Bus. Law § 1421(6)
Plain Language
Large developers must not knowingly make false or materially misleading statements or omissions in any documents they produce under this article, including safety and security protocols, test records, and audit reports. This is a truthfulness backstop for all other documentary obligations rather than a standalone compliance requirement — it reinforces the integrity of the other § 1421 obligations but creates no independent compliance program of its own.
Statutory Text
A large developer shall not knowingly make false or materially misleading statements or omissions in or regarding documents produced pursuant to this section.
S-03 Frontier Model Safety Obligations · S-03.5 · Developer · Frontier AI System
Gen. Bus. Law § 1421(7)(a)-(b)
Plain Language
A person who is not yet a large developer but is about to begin training a model that, upon completion, would cause them to meet the large developer thresholds must implement a written safety and security protocol before training begins. This pre-qualification protocol need not include the detailed testing procedure description (§ 1420(12)(c)) or the misuse assessment details (§ 1420(12)(d)) required of full safety and security protocols. The person must transmit an appropriately redacted copy to the Division of Homeland Security and Emergency Services. Unlike large developers, this person need not publicly publish the protocol. The academic research exemption applies. This creates a pre-deployment early-warning obligation — entities cannot begin training a frontier-scale model without safety governance in place.
Statutory Text
Any person who is not a large developer, but who sets out to train a frontier model that if completed as planned would qualify such person as a large developer (i.e. at the end of the training, such person will have spent five million dollars in compute costs on one frontier model and one hundred million dollars in compute costs in aggregate in training frontier models, excluding accredited colleges and universities to the extent such colleges and universities are engaging in academic research) shall, before training such model: (a) Implement a written safety and security protocol, excluding the requirements described in paragraphs (c) and (d) of subdivision twelve of section fourteen hundred twenty of this article; and (b) Transmit a copy of an appropriately redacted safety and security protocol to the division of homeland security and emergency services.
G-03 Whistleblower & Anti-Retaliation Protections · G-03.3 · Developer · Frontier AI System
Gen. Bus. Law § 1422(1)-(2)
Plain Language
Large developers, their contractors, and subcontractors must not prevent or retaliate against employees who disclose or threaten to disclose information to the developer itself or to the Attorney General indicating that the developer's activities pose an unreasonable or substantial risk of critical harm. The protection applies even if the employer is in full compliance with applicable law — the standard is the employee's reasonable cause to believe a risk exists, not actual noncompliance. 'Employee' is defined broadly to include contractors, subcontractors, unpaid advisors involved in critical harm risk work, and corporate officers. Employees harmed by retaliation may petition a court for temporary or preliminary injunctive relief. Note that the Attorney General also has enforcement authority with penalties up to $10,000 per employee per violation.
Statutory Text
A large developer or a contractor or subcontractor of a large developer shall not prevent an employee from disclosing, or threatening to disclose, or retaliate against an employee for disclosing or threatening to disclose, information to the large developer or the attorney general, if the employee has reasonable cause to believe that the large developer's activities pose an unreasonable or substantial risk of critical harm, regardless of the employer's compliance with applicable law. 2. An employee harmed by a violation of this section may petition a court for appropriate temporary or preliminary injunctive relief.
G-03 Whistleblower & Anti-Retaliation Protections · G-03.4 · Developer · Frontier AI System
Gen. Bus. Law § 1422(3)
Plain Language
Large developers must provide written notice to all employees of their whistleblower protections, rights, and obligations under this article. The notice must be provided within 90 days of the act's effective date (or 90 days of becoming a large developer), at the start of each new employee's employment, and by conspicuous physical posting in well-lighted, easily accessible areas frequented by employees. The statute does not specifically address remote workers or electronic distribution, which may require supplemental compliance measures for distributed workforces.
Statutory Text
A large developer shall inform employees of their protections, rights and obligations under this article within ninety days of the effective date of this article or of becoming a large developer, whichever is later, upon commencement of employment, and by posting a notice thereof. Such notice shall be posted conspicuously in easily accessible and well-lighted places customarily frequented by employees.
Other · Frontier AI System
Gen. Bus. Law § 1423(2)(a)-(b)
Plain Language
Contract provisions that seek to waive, shift, or burden enforcement of liability under this article — including through terms of service or contracts of adhesion — are void as a matter of public policy. This means large developers cannot shift RAISE Act liability to downstream users or third parties through contract terms. Additionally, courts may pierce the corporate veil and impose joint and several liability on affiliated entities if they purposely structured corporate arrangements to avoid liability and the structure would frustrate recovery. These provisions are enforcement mechanisms that ensure the article's penalties and injunctive relief cannot be avoided through contractual or corporate structuring — they do not create independent compliance obligations.
Statutory Text
(a) A provision within a contract or agreement that seeks to waive, preclude, or burden the enforcement of a liability arising from a violation of this article, or to shift that liability to any person or entity in exchange for their use or access of, or right to use or access, a large developer's products or services, including by means of a contract of adhesion, is void as a matter of public policy. (b) A court shall disregard corporate formalities and impose joint and several liability on affiliated entities for purposes of effectuating the intent of this section to the maximum extent allowed by law if the court concludes that both of the following are true: (i) The affiliated entities, in the development of the corporate structure among the affiliated entities, took steps to purposely and unreasonably limit or avoid liability; and (ii) As the result of the steps described in subparagraph (i) of this paragraph, the corporate structure of the large developer or affiliated entities would frustrate recovery of penalties, damages, or injunctive relief under this section.
Other · Frontier AI System
Gen. Bus. Law § 1423(3)
Plain Language
The Division of Homeland Security and Emergency Services must share safety incident disclosures it receives from large developers with the Attorney General upon request. This is a government-to-government coordination provision that ensures the AG has access to incident data for enforcement purposes. It imposes no new obligation on large developers — their reporting obligation is under § 1421(5).
Statutory Text
The division of homeland security and emergency services shall make any critical safety incident disclosure available to the attorney general upon request.