(1)–(12) The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall have the following functions, powers and duties: 1. Discretion to issue or refuse to issue any license provided for in this article in accordance with the relevant provisions for each license. 2. To revoke, cancel or suspend, after notice and an opportunity to be heard, except where immediate revocation, cancellation, or suspension is necessary to protect the public, any license issued under this article for a violation of this article or any regulation pursuant thereto. 3. To impose or recover a civil or criminal penalty, as otherwise authorized under this article, against any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) found to have violated any provision of this article, whether or not a license has been issued to such personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) pursuant to this article. 4. To promulgate rules and regulations in accordance with statutory grants of authority pursuant to this article. 5. To hold hearings, subpoena witnesses, compel their attendance, administer oaths, to examine any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) under oath and in connection therewith to require the production of any books, records, documents, source code or logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) relative to an inquiry pursuant to the provisions of this article. A subpoena issued pursuant to this subdivision shall be subject to the provisions of the criminal procedure law. 6. To appoint any necessary deputies, counsels, assistants, investigators, and other employees to carry out the provisions of this article within the limits provided by appropriation. Deputies, counsels and confidential secretaries to departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) members shall be in the exempt class of the civil service. The other assistants, investigators and employees of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) employed to carry out the provisions of this article shall all be in the competitive class of the civil service and shall be considered for purposes of article fourteen of the civil service law to be public employees of the state, and shall be assigned to the appropriate collective bargaining unit. Investigators so employed by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall be deemed to be peace officers only for the purposes of enforcing the provisions of this article or judgments or orders obtained for violation thereof, with all the powers set forth in section 2.20 of the criminal procedure law. 7. To prescribe forms of applications for licenses under this article and of all reports deemed necessary by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8). 8. To appoint such advisory groups and committees as deemed necessary to provide assistance to the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) to carry out the purposes and objectives of this article. 9. To enter into contracts, memoranda of understanding, and agreements as deemed appropriate to effectuate the policy and purpose of this article. 10. If public health, safety, or welfare imperatively requires emergency action, and incorporates a finding to that effect in an order, summary suspension of a license issued pursuant to this article may be ordered, effective on the date specified in such order or upon service of a certified copy of such order on the licensee, whichever shall be later, pending proceedings for revocation or other action. These proceedings shall be promptly instituted and determined. In addition, the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) may order the administrative seizure of services, issue a stop order, or take any other action necessary to effectuate and enforce the policies and purposes of this article. 11. To draft, provide for public comment on and issue declaratory rulings, guidance and industry advisories. 12. When an administrative decision is appealed to the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) by an applicant, registered organization, licensee or permittee, issue a final determination of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8).

(1)–(10) The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall have the following functions, powers and duties: 1. To exercise the powers and perform the duties in relation to the administration of the provisions of this article. 2. To keep records in such form as he or she may prescribe of all registrations and licenses issued and revoked within the state; such records shall be so kept as to provide ready information as to the identity of all licensees including the names of the officers and directors of corporate licensees. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may contract to furnish copies of the records of licenses issued within the state or any political subdivision thereof, for any license year or term of years not exceeding five years. 3. To prescribe forms of applications for licenses under this article and of all reports deemed necessary by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8). 4. To delegate the powers provided in this section to such other officers or employees as may be deemed appropriate by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). 5. To enter into contracts, memoranda of understanding and agreements to effectuate the policy and purpose of this article. 6. To advise and assist the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) in carrying out any of its functions, powers and duties. 7. To coordinate across state agencies and departmentsDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) in order to research and study artificial intelligence and the impact it may have on various industries and subject matters. 8. To issue guidance and industry advisories. 9. To create and maintain a publicly available directory of the names and locations of personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) licensed pursuant to this article. 10. To create a system whereby personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) licensed under this article can confirm the license of another personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) for the purposes of ensuring compliance with this article.

(1)–(2) There shall be an advisory councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9) for artificial intelligence. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall serve as chair of the councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9). The remainder of the councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9) shall be composed as follows: (a) two members of the artificial intelligence industry appointed by the governor; (b) one member of the artificial intelligence industry appointed by the temporary president of the senate; (c) one member of the artificial intelligence industry appointed by the speaker of the assembly; (d) the commissioner of environmental conservation; (e) the superintendent of financial services; (f) the commissioner of health; (g) the commissioner of labor; (h) the commissioner of transportation; (i) the commissioner of the division of human rights; (j) the superintendent of state police; (k) the attorney general; (l) the state comptroller; (m) the commissioner of the division of homeland security and emergency services; and (n) the director of the office of information technology services. 2. The members of the councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9) shall receive no compensation for their services, but shall be allowed their actual and necessary expenses incurred in the performance of their duties.

(1)–(3) The councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9) shall have the following functions, powers and duties: 1. To review and comment on all rules and regulations of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8); 2. To issue non-binding recommendations on whether to grant a license under this article, what changes need to be made by an applicant for a license in order to be granted a license, what changes need to be made in order for an operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) to publicly implement modifications, updates, upgrades, and rewrites to an operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s source code, and what changes need to be made to an operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s system in order to maintain such operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s license; and 3. To perform such other acts as may be assigned by the chairperson of the councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9) which are necessary or appropriate to carry out the functions of the councilCouncil"Council" shall mean the advisory council for artificial intelligence established pursuant to section four hundred four of this article.State Tech. Law § 401(9).

(1)–(5) 1. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall perform such acts, prescribe such forms and propose such rules, regulations and orders as it may deem necessary or proper to fully effectuate the provisions of this article. 2. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall, in consultation with the director, have the authority to promulgate any and all necessary rules and regulations governing the use, control, and prohibited activities of advanced artificial intelligence systemsAdvanced artificial intelligence system"Advanced artificial intelligence system" shall mean any digital application or software, whether or not integrated with physical hardware, that autonomously performs functions traditionally requiring human intelligence. This includes, but is not limited to the system: (a) Having the ability to learn from and adapt to new data or situations autonomously; or (b) Having the ability to perform functions that require cognitive processes such as understanding, learning, or decision-making for each specific task.State Tech. Law § 401(1) as well as, hearing procedures and additional causes for cancellation, suspension, revocation, and/or civil penalties against any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) licensed by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) and the circumstances, manner and process by which a licensee may apply to change or alter its application. 3. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall promulgate rules and regulations that are designed to: (a) prevent the creation and proliferation of advanced artificial intelligence systemsAdvanced artificial intelligence system"Advanced artificial intelligence system" shall mean any digital application or software, whether or not integrated with physical hardware, that autonomously performs functions traditionally requiring human intelligence. This includes, but is not limited to the system: (a) Having the ability to learn from and adapt to new data or situations autonomously; or (b) Having the ability to perform functions that require cognitive processes such as understanding, learning, or decision-making for each specific task.State Tech. Law § 401(1) that possess the ability to cause substantial harm to members of the public, society at large, or the environment without justification; (b) prevent the uncontainment of prohibited and high-risk advanced artificial intelligence systemsHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2); (c) prevent the use of prohibited and unlicensed high-risk advanced artificial intelligence systemsHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) from this state to other states and from other states into this state; (d) educate and inform the public about artificial intelligence and the benefits and risks it poses; (e) inform the public about the prohibition on unlicensed high-risk advanced artificial intelligence systemsHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) and prohibited advanced artificial intelligence systemsAdvanced artificial intelligence system"Advanced artificial intelligence system" shall mean any digital application or software, whether or not integrated with physical hardware, that autonomously performs functions traditionally requiring human intelligence. This includes, but is not limited to the system: (a) Having the ability to learn from and adapt to new data or situations autonomously; or (b) Having the ability to perform functions that require cognitive processes such as understanding, learning, or decision-making for each specific task.State Tech. Law § 401(1); and (f) establish application and licensing processes which ensure all material owners and interest holders are disclosed and that officials or other individuals with control over the approval of an application or license do not themselves have any interest in an application or license. 4. In adopting any emergency rule, the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall comply with the provisions of subdivision six of section two hundred two of the state administrative procedure act and subdivision three of section one hundred one-a of the executive law; provided, however, that notwithstanding the provisions of such laws: (a) Such emergency rule shall remain in effect for no longer than one hundred twenty days, unless within such time the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) complies with the provisions of such laws and adopts the rule as a permanent rule; (b) If, prior to the expiration of a rule adopted pursuant to this subdivision, the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) finds that the readoption of such rule on an emergency basis or the adoption of a substantially similar rule on an emergency basis is necessary for the preservation of the public health, safety or general welfare the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) may only readopt the rule on an emergency basis or adopt a substantially similar rule on an emergency basis if on or before the date of such action the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) has also submitted a notice of proposed rulemaking pursuant to subdivision six of section two hundred two of the state administrative procedure act and subdivision three of section one hundred one-a of the executive law. An emergency rule adopted pursuant to this paragraph may remain in effect for no longer than one hundred twenty days; (c) An emergency rule adopted pursuant to this subdivision or a substantially similar rule adopted on an emergency basis may remain in effect for no longer than one hundred twenty days, but upon the expiration of such one hundred twenty-day period no further readoptions or adoptions of substantially similar rules shall be permitted for a period of one hundred twenty days. Nothing in this subdivision shall preclude the adoption of such rule by submitting a notice of adoption pursuant to subdivision five of section two hundred two of the state administrative procedure act; and (d) Strict compliance with the provisions of this subdivision shall be required, and any emergency rule or substantially similar rule that does not so comply shall be void and of no legal effect. 5. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall have the authority to promulgate regulations governing the appropriate use and licensure of the development of high-risk advanced artificial intelligence systemsHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2).

(1)–(2) The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall establish a scale of application, licensing, and renewal fees, based upon the cost of enforcing this article, the size of the business being licensed, and the risk it poses as follows: 1. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall charge each licensee a licensure fee, and renewal fee, as applicable. The fees may vary depending upon the nature and scope of the different registration, licensure activities. 2. The total fees assessed pursuant to this article shall be set at an amount that shall generate sufficient total revenue to, at a minimum, fully cover the total costs of administering this article.

(1)–(8) 1. Any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) who violates, disobeys or disregards any term or provision of this article or of any lawful notice, order or regulation pursuant thereto for which a civil or criminal penalty is not otherwise expressly prescribed in this article by law, shall be liable to the people of the state for a civil penalty of not to exceed the amount gained from such violation, or the actual damages caused by such violation whichever is greater. In assessing the civil penalty under this subdivision, the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8), as may be applicable shall take into consideration the nature of such violation and shall assess a penalty that is proportionate to the violation. 2. The penalty provided for in subdivision one of this section shall be recovered by an action or proceeding in a court of competent jurisdiction brought by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8), as may be applicable, or by the attorney general at the request of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8). 3. Such civil penalty may be released or compromised by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8), as may be applicable, before the matter has been referred to the attorney general, and where such matter has been referred to the attorney general, any such penalty may be released or compromised and any action or proceeding commenced to recover the same may be settled and discontinued by the attorney general with the consent of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8). 4. It shall be the duty of the attorney general upon the request of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8), as may be applicable, to bring an action or proceeding against any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) who violates, disobeys or disregards any term or provision of this article or of any lawful notice, order or regulation pursuant thereto for any relief authorized under this article, including equitable and/or injunctive relief and the recovery of civil penalties; provided, however, that the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) or the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall furnish the attorney general with such material, evidentiary matter or proof as may be requested by the attorney general for the prosecution of such an action or proceeding. 5. Any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) who knowingly makes any incorrect statement of a material fact in any application, report or statement filed pursuant to this article, or who knowingly omits to state any material fact necessary to give the director any information lawfully required by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) or refuses to permit any lawful investigation or examination, shall be guilty of a misdemeanor and, upon conviction, shall be fined not more than five hundred dollars or imprisoned for not more than six months or both, in the discretion of the court. 6. No personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) shall make, directly or indirectly, orally or in writing, or by any method, practice or device, a representation that such entity is licensed under the law except that a licensee under this chapter may make a representation that the licensee is licensed as a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) under this article. 7. It is the purpose of this section to provide additional and cumulative remedies, and nothing herein contained shall abridge or alter rights of action or remedies now or hereafter existing, nor shall any provision of this section, nor any action done by virtue of this section, be construed as estopping the state, personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) or municipalities in the exercising of their respective rights. 8. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) shall forward any final findings of a violation under this article to any other statewide licensing agency where such findings were entered against a business holding any other such license, for any such other licensing agency to review the findings to determine if there has been a violation of any such license issued by such agency.

(1)–(8) 1. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8), or any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) designated by them for this purpose, may issue subpoenas and administer oaths in connection with any hearing or investigation under or pursuant to this article, and it shall be the duty of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) and any personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) designated by them for such purpose to issue subpoenas at the request of and upon behalf of the respondent. 2. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) and those designated by them shall not be bound by the laws of evidence in the conduct of hearing proceedings, but the determination shall be founded upon preponderance of evidence to sustain it. 3. Notice and right of hearing as provided in the state administrative procedure act shall be served at least fifteen days prior to the date of the hearing, provided that, whenever because of danger to the public health, safety or welfare it appears prejudicial to the interests of the people of the state to delay action for fifteen days or when necessary for the preservation of the public health, safety or general welfare, the office may serve the respondent with an order requiring certain action or the cessation of certain activities immediately or within a specified period of less than fifteen days. 4. Service of notice of hearing or order shall be made by personal service or by registered or certified mail. Where service, whether by personal service or by registered or certified mail, is made upon an incompetent individual, partnership, or corporation, it shall be made upon the personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) or personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) designated to receive personal service by article three of the civil practice law and rules. 5. At a hearing, that to the greatest extent practicable shall be reasonably near the respondent, the respondent may appear personally, shall have the right of counsel, and may cross-examine witnesses against him or her and produce evidence and witnesses on his or her behalf. 6. Following a hearing, the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) may make appropriate determinations and issue a final order in accordance therewith. The respondent shall have thirty days to submit a written appeal to the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8). If the respondent does not submit a written appeal within thirty days of the determination of the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) the order shall be final. 7. The departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) may adopt, amend and repeal administrative rules and regulations governing the procedures to be followed with respect to hearings, investigations, and other administrative enforcement actions taken pursuant to this article, including any such enforcement actions taken against personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) not licensed under this article. Such rules shall be consistent with the policy and purpose of this article and the effective and fair enforcement of its provisions. 8. The provisions of this section shall be applicable to all hearings held pursuant to this article, except where other provisions of this article applicable thereto are inconsistent therewith, in which event such other provisions shall apply.

(1) 1 Any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) who develops a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2), whether in whole or in part, in the state that is presently performing functions for its intended purpose or within its designated operational parameters, shall have the duty to disclose the existence and function of said system to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) by applying for a license as required under section four hundred eleven of this article or, where applicable, a supplemental license under section four hundred twelve of this article. This duty to disclose shall be triggered by the system's active deployment and usage in its intended context or field of operation and is applicable irrespective of the system's location of operation. This duty extends to any updates, modifications, upgrades, or expansions of the system's capabilities or intended uses.

(2) 2 Any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) developing a system as defined in paragraph (i) of subdivision two of section four hundred one of this article within the state shall disclose in writing to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) the development of such a system prior to active development of the system. Such writing shall set forth the names and addresses of all personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) involved in the development of such system, a description of the system, the systems functions and intended use cases, and measures that will be taken to ensure that any risks posed by the system are mitigated. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, upon receipt of such writing, require such personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) to cease development of such a system where, in the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s discretion, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) believes the system has a high likelihood of violating section four hundred twenty-nine or section four hundred thirty of this article.

(3)–(5) 3. The duties set forth in this section shall apply only to advanced artificial intelligence systemsAdvanced artificial intelligence system"Advanced artificial intelligence system" shall mean any digital application or software, whether or not integrated with physical hardware, that autonomously performs functions traditionally requiring human intelligence. This includes, but is not limited to the system: (a) Having the ability to learn from and adapt to new data or situations autonomously; or (b) Having the ability to perform functions that require cognitive processes such as understanding, learning, or decision-making for each specific task.State Tech. Law § 401(1) that more likely than not fall under the definition of high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) as defined in section four hundred one of this article. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall send notice to any system that is presently performing functions for its intended purpose or within its designated operational parameters which, in his or her discretion, may fall under the definition of high-risk advanced artificial intelligence systemsHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) but that has not registered with the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). In the notice, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may require the creators of the system to cease development and access by private individuals or the general public, pending review. Such notice shall be binding and have the effect of law. Determinations that a system is a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) shall be made in a hearing held pursuant to the provisions of section four hundred nine of this article. In such hearing, the administrator of such hearing shall accept comments from the public. Such hearing shall, to the extent practicable, not disclose any proprietary information concerning the advanced artificial intelligence systemAdvanced artificial intelligence system"Advanced artificial intelligence system" shall mean any digital application or software, whether or not integrated with physical hardware, that autonomously performs functions traditionally requiring human intelligence. This includes, but is not limited to the system: (a) Having the ability to learn from and adapt to new data or situations autonomously; or (b) Having the ability to perform functions that require cognitive processes such as understanding, learning, or decision-making for each specific task.State Tech. Law § 401(1) to the public. 4. A determination pursuant to a hearing held pursuant to section four hundred nine of this article shall be binding and final, provided however that the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, in his or her discretion, conduct further review after a determination has been made and may appeal such determination where appropriate based on information not available in such hearing. 5. Where a hearing concludes that a non-registered advanced artificial system is a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2), the creators of such a system shall cease development and public or private use until registration is completed. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may impose a monetary penalty for such failure and charge all costs of the proceeding to the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) determines that the creators of the system knew that the system would more likely than not be considered a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) and willfully failed to register, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, in his or her discretion, impose punitive fines and other penalties pursuant to the provisions of this article based on the level of risk that the high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) possesses, the widespread use of the system, the severity of the damage that the system caused, if any, and whether the system is uncontainedUncontained"Uncontained" shall mean that critical components of the source code of a high-risk advanced artificial intelligence system that, in substantially their original form, have been reproduced by an amount of individuals so numerous that it is deemed to be practically impossible to prohibit or control its usage using existing technology. The terms "contain" and "contained" shall not be construed as meaning the opposite of uncontained.State Tech. Law § 401(4). The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may also prohibit such personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) involved in the development of such a system from obtaining a license for their existing system or systems or in the future.

(1)–(4) 3 1. No personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) shall (a) develop, in whole or in part, a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) as defined in paragraph (i) of subdivision two of section four hundred one of this article or operate such a system that is presently performing functions for its intended purpose or within its designated operation parameters within the state where such system was developed outside of the state; or (b) operate a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) other than a system as defined in paragraph (i) of subdivision two of section four hundred one of this article that is presently performing functions for its intended purpose or within its designated operational parameters within the state without first obtaining a license. 2. An application for a license under this article shall be in writing, under oath and in the form prescribed by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). 3. At the time of filing an application for a license, the applicant shall pay to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) an application fee. Such application fee shall be prescribed pursuant to the rules and regulations of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). 4. A license granted pursuant to this article shall be valid unless revoked or suspended by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) or surrendered by the licensee.

(1)–(2) 4 1. Where a personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) other than a natural personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) is licensed under this article, such personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) shall apply for a supplemental license for each additional high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) such personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) develops after being licensed initially pursuant to section four hundred eleven of this article. 2. Notwithstanding any provision of law, rule or regulation to the contrary, a supplemental license shall be provided in the same manner as a license granted pursuant to the provisions of section four hundred eleven of this article and shall be subject to the same requirements, duties and prohibitions as provided for in this article.

(1)–(4) 5 1. An application for a license required under this article shall be in writing, under oath, and in the form prescribed by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7), and shall contain the following: (a) the exact name and address of the applicant, and if the applicant be a co-partnership or association, the names of the members thereof, and if a corporation the date and place of its incorporation; (b) the name and the business and residential address of each member of the ethics and risk management board, each principal, and officer of the applicant; and (c) the description of all known general use cases of the advanced artificial intelligence systemAdvanced artificial intelligence system"Advanced artificial intelligence system" shall mean any digital application or software, whether or not integrated with physical hardware, that autonomously performs functions traditionally requiring human intelligence. This includes, but is not limited to the system: (a) Having the ability to learn from and adapt to new data or situations autonomously; or (b) Having the ability to perform functions that require cognitive processes such as understanding, learning, or decision-making for each specific task.State Tech. Law § 401(1), including any purposes foreseen to be implemented by the applicant. A "use case" shall be defined as broad category of potential use. 2. After the filing of an application for a license accompanied by payment of the fees for license and investigation, it shall be substantively reviewed. After the application is deemed sufficient and complete, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall issue the license, or the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may refuse to issue the license if the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall find that the ethics, experience, character and general fitness of the applicant or any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) associated with the applicant are not such as to command the confidence of the community and to warrant the belief that the business will be conducted honestly, fairly and efficiently within the purposes and intent of this article. 3. If the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) refuses to issue a license, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall notify the applicant of the denial, return to the applicant the sum paid as a license fee, but retain the investigation fee to cover the costs of investigating the applicant. 4. Each license issued pursuant to this article shall remain in full force unless it is surrendered by the licensee, revoked or suspended.

(1)–(2) 6 1. Any license issued under this article shall state the name and address of the licensee, and if the licensee be a co-partnership or association, the names of the members thereof, and if a corporation the date and place of its incorporation. 2. Such license or licenses shall be kept conspicuously posted in the office of the licensee and, where such licensee has a public internet presence, on the website or mobile application of the licensee and shall not be transferable or assignable.

(1)–(5) 1. A license granted pursuant to this section may not be renewed, and may be revoked or suspended by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) upon a finding that: (a) the licensee has not complied with reporting requirements; (b) the licensee has violated any provision of this article; (c) the licensee knowingly allowed a non-certified third-party system to integrate with the licensee's system; (d) any fact or condition exists which, if it had existed at the time of the original application for such license, clearly would have warranted the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s refusal to issue such license; or (e) the licensee has failed to pay any sum of money lawfully demanded by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) or to comply with any demand, ruling or requirement of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). 2. Any licensee may surrender any license by delivering to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) written notice that the licensee thereby surrenders such license, but such surrender shall not affect such licensee's civil or criminal liability for acts committed prior to such surrender. 3. Every license issued hereunder shall remain in force and effect until the same shall have been surrendered, revoked or suspended in accordance with the provisions of this article, but the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall have authority to reinstate suspended licenses or to issue new licenses to a licensee whose license or licenses shall have been revoked if no fact or condition then exists which clearly would have warranted the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s refusal to issue such license. 4. Whenever the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall revoke or suspend a license issued pursuant to this article, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall forthwith execute a written order to that effect. 5. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, on good cause shown, or where there is a substantial risk of public harm or substantial risk of a system becoming uncontainedUncontained"Uncontained" shall mean that critical components of the source code of a high-risk advanced artificial intelligence system that, in substantially their original form, have been reproduced by an amount of individuals so numerous that it is deemed to be practically impossible to prohibit or control its usage using existing technology. The terms "contain" and "contained" shall not be construed as meaning the opposite of uncontained.State Tech. Law § 401(4), without notice and a hearing, suspend any license issued pursuant to this article for a period not exceeding thirty days, pending investigation.

(1)–(3) 7 1. Every operator of a licensed high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) or systems shall establish an ethics and risk management board composed of no less than five individuals who shall have the responsibility to assess the ethical implications of all possible use cases of the system, whether such use cases are intended or unintended, and whether likely or unlikely to be used, and the current operational outcomes of the system. Such operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5), other than an operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) who is a natural personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10), operating more than one high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) with a supplemental license shall not be required to have more than one ethics and risk management board for each system. 2. No member of an ethics and risk management board shall be a member, officer, or director within the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s entity. No member shall be required to be employed by the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5). 3. Such board shall adopt rules governing its decision-making processes, duties and responsibilities. Such rules shall not conflict with the provisions of this article.

(4)(a)–(h) 8 4. Annually, the ethics and risk management board of each operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall submit to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) a comprehensive report for each licensed high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) which consists of the following: (a) All possible use cases, whether intended or unintended, whether likely or unlikely. (b) A thorough risk assessment for each use case, considering and evaluating the potential for harm, irrespective of the probability of such risk materializing. This shall include, but not be limited to, the system's potential impact on privacy, security, fairness, economic implications, societal well-being, and safety of personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) and the environment. (c) A detailed evaluation of known use cases of the system by users, exploring whether certain applications ought to be constrained or banned due to ethical considerations. This shall include an assessment of the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s capacity to impose such constraints on use cases. (d) A mitigation plan for each identified risk, including preemptive measures, monitoring processes, and responsive actions. This shall also include a communication strategy to inform users and stakeholders about potential risks and steps taken to mitigate them. (e) A comprehensive review of any incidents or failures of the system in the past year, detailing the circumstances, impacts, measures taken to address the issue, and modifications made to prevent such incidents in the future. (f) Any existing attempts to educate users and, based on the existing use of the system by users, a detailed plan on how the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) intends to inform and instruct users on the safe and ethical use of the system, considering varying levels of digital literacy among users. (g) A disclosure of any conflicts of interest within the ethics board, which could potentially influence the board's decisions and recommendations. This shall include measures to manage and resolve such conflicts. (h) An update on the measures taken by the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) to ensure the system's adherence to existing laws, regulations, and ethical guidelines related to artificial intelligence.

(5) 5. In addition to any applicable civil penalties pursuant to section four hundred eight of this article, a member of an ethics and risk management board who makes a false statement, fails to disclose conflicts of interest or misrepresents the risks or severity of the risks posed by a system in the performance of his or her duties as a member of such board, shall be guilty of a misdemeanor and, upon conviction, shall be fined not more than five hundred dollars or imprisoned for not more than six months or both, in the discretion of the court.

(1)–(4) 9 1. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall conduct periodic evaluations of the source code and outcomes associated with each high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2). These examinations shall determine whether the system is in compliance with this article. The timing and frequency of these reviews shall be determined at the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s discretion, taking into account the potential risk posed by the system, the complexity of the system, the frequency of updates and upgrades, the complexity of such updates and upgrades, and any previous issues of non-compliance. 2. Upon completion of the review, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) is empowered to make binding recommendations to the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) to ensure the system's functionality and outcomes are aligned with the principles in the advanced artificial intelligence ethical code of conduct pursuant to section four hundred twenty-nine of this article, restrictions on prohibited artificial intelligence systems pursuant to section four hundred thirty of this article, and limitations and procedures for source code modifications, updates, upgrades, and rewrites pursuant to section four hundred nineteen of this article. 3. Following receipt of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s recommendations, the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall consult with the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) to determine the feasibility of implementing the recommendations and the time frame in which such recommendations can be implemented to ensure full compliance with the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s recommendations. The operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall provide a detailed plan outlining how the recommendations will be addressed, along with a timeline for their implementation. The detailed plan shall be binding on the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5); provided however that where an unexpected occurrence arises which causes changes to such plan, the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall be entitled to extend such timeline or alter such plans where such operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) notifies the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) in writing regarding the unexpected occurrence and, within such writing, sets forth amendments to the detailed plan and timeline. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall have thirty days to approve or reject such amendments. Where such amendments are rejected, the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall continue with their original plan and timeline. 4. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall monitor the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s compliance with such recommendations and may impose fines and other penalties pursuant to the provisions of this article for non-compliance that the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall deem just and proportionate to the violation.

(1)–(5) 10 1. No licensee or non-licensee who develops a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) shall willfully or negligently uncontain their source code except where authorized by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) in writing. 2. Any member, officer, director or employee of an entity who willfully violates subdivision one of this section shall be guilty of a class E felony. 3. Any member, officer, director or employee of an entity who negligently violates subdivision one of this section shall be guilty of a class A misdemeanor. 4. Where any member, officer, director or employee or an entity willfully or negligently uncontains a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) described in paragraph (f) of subdivision two of section four hundred one of this article or a prohibited high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) as described in section four hundred thirty of this article shall be guilty of a class C felony. 5. The provisions of this section shall not be construed as imposing liability on any member, officer, director or employee who had no explicit or implicit knowledge of the risk or circumstances that caused the uncontainment of the high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2).

(1)–(2) 11 1. Where a licensee intends to modify or upgrade the source code of his or her high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2), such licensee shall be required to inform the secretary of such modification or upgrade and shall be prohibited from implementing such modification or upgrade in an accessible version of the system without express consent of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) in writing. This section shall not apply to source code updates. 2. A licensee shall, in writing to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7), set forth the purpose of the modification or upgrade, the new functions added to the system or the functions modified, the reason for the modification or upgrade, and an assessment of new risks or risks that may be more probable as a result of the modification or upgrade. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall, upon receipt of notice, have thirty business days to provide the licensee with approval of the modification or upgrade. Where approval is not received within thirty business days, absent an extension in writing which shall not exceed thirty additional business days, the modification or upgrade shall be deemed approved. Nothing in this subdivision shall be construed as limiting the ability of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) to take any action he or she is authorized to take in relation to the approved modification or upgrade. Where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) rejects the modification or upgrade, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall set forth in writing the reasons for the rejection and steps that the licensee can take to receive approval. Where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) approves the modification or upgrade, the licensee may immediately implement such modification or upgrade in a publicly accessible version.

(3)–(5) 12 3. A licensee who rewrites the source code of its system shall comply with the same standards set forth in subdivisions one and two of this section provided however that the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall examine such source code in the same manner as a new application and shall provide a letter of approval or rejection upon completion of such review within one hundred eighty business days of receipt of such notices except where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) requires an extension of time, then an extension of no more than one hundred eighty days shall be authorized. Where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) rejects the rewrite, such letter of rejection shall state the reasons for the rejection and steps that the licensee can take to correct such rejection, if any. Where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) approves the modification or upgrade, the licensee may immediately implement such modification or upgrade in a publicly accessible version. 4. All modifications, upgrades, and rewrites shall be conducted in a pre-production environment, which shall mean any stage prior to the accessible version. 5. For purposes of this section: (a) "Modify" shall mean altering the source code of the system to alter the way by which the system, or any features within the system, makes decisions. (b) "Upgrade" shall mean altering the source code of the system which gives it new features or functions. (c) "Rewrite" shall mean a change in the source code to such a substantial degree that: (i) it effectively results in a new version of the system; or (ii) the change nullifies all or a substantial amount of the initial findings of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) in the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5)'s original application. (d) "Update" shall mean a change to the source code that includes minor enhancements, improvements, modifications, error corrections, cosmetic changes, or any other change intended to increase the functionality, compatibility, security or performance of the system. (e) "Accessible version" shall mean a version of the software that is available to the public or for private use or that is presently operating within its designated operational parameters.

(1)–(2) 13 1. A licensee shall have the duty to notify the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) and, if applicable, a relevant law enforcement agency or governmental entity where the licensee's system fails to operate as intended for any significant period of time. A period of time is deemed "significant" for purposes of this section where the period of time that the malfunction occurred had the capacity to or has harmed a personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) or personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10). 2. A licensee shall have the duty to notify a relevant law enforcement agency or governmental entity of a malfunction where designated by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) upon receipt of a license. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall issue such a requirement upon the licensee where such systems interact with law enforcement systems or the systems of a government agency, engage in law enforcement functions or the functions of a government agency, or where such systems operate, in whole or in part, or are, a weapon.

(1)–(2) 1. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, by regulation, designate unique requirements for systems which, in the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7)'s discretion, pose a risk to state or national security. Such systems shall be assessed on a case-by-case basis and shall not be liberally construed as including any system that, where used improperly, inherently possesses the ability to harm personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) or property. 2. A high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) shall be deemed to pose a risk to state or national security where the system's malfunctioning or misuse poses a high risk of: (a) disrupting critical infrastructure; (b) triggering or escalating existing conflicts; (c) undermining or impacting the democratic process; (d) causing unauthorized access to classified information as designated by a relevant governmental entity; (e) harming a significant portion of the population or a specific segment of the population; (f) negatively impacting financial markets or economic stability; (g) causing consequential or irreversible damage to the environment; or (h) causing significant harm to the social fabric.

(1)–(3) 14 1. Licensees shall be permitted to share information and source code with any third party, provided however, that where information is biometric informationBiometric informationFor purposes of this section, "biometric information" shall include a person's: (a) faceprint; (b) voiceprint; (c) fingerprint; (d) gaitprint; (e) irisprint; (f) psychological profile; or (g) any other data related to a person's body or mind that can be used to identify a person.State Tech. Law § 422(2) such party shall be jointly liable for any harm or violations under this article with the licensee. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, in his or her discretion, prohibit any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) from accessing the information or source code of a licensee provided however that the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall provide a written justification for such a prohibition. 2. For purposes of this section, "biometric informationBiometric informationFor purposes of this section, "biometric information" shall include a person's: (a) faceprint; (b) voiceprint; (c) fingerprint; (d) gaitprint; (e) irisprint; (f) psychological profile; or (g) any other data related to a person's body or mind that can be used to identify a person.State Tech. Law § 422(2)" shall include a personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10)'s: (a) faceprint; (b) voiceprint; (c) fingerprint; (d) gaitprint; (e) irisprint; (f) psychological profile; or (g) any other data related to a personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10)'s body or mind that can be used to identify a personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10). 3. This section shall only apply to the sharing of information received or generated by the licensee or source code created by the licensee and shall not apply to a third party integrating their systems with the licensee.

(1)–(2) 15 1. Non-licensee third-party systems may integrate with a licensee under the following conditions: (a) Where a third-party system assists in the proper functioning of the licensee or where such system provides additional services to the licensee's service-offerings, such a system shall not be required to obtain a license but shall be required to obtain a certificate of compliance in accordance with this section. (b) No third-party system may access the system of a licensee to provide itself with new high-risk advanced artificial intelligence capabilities without first obtaining a license. 2. Every third-party system which integrates with a licensee shall, prior to integration, apply for and receive a certificate of compliance. Such certificate shall be issued by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) and shall only be issued where such third-party system is assessed by the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) and the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) finds it conforms to the cybersecurity standards set by the office. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall set the rules and regulations regarding the application and requirements of receiving a certificate of compliance. This section shall not be construed as requiring any third-party system to receive more than one certificate of compliance.

16 Every time a licensee's system operates it shall automatically generate a logLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11). Standards related to the specific types of events that are required to be logged, the format in which logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) must be kept, the individuals or entities permitted to access logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) and the conditions governing such access, the encryption and cybersecurity protocols to be applied to logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11), the procedures for both the preservation and disposal of logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11), and any other actions pertinent to logLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) management shall conform to the standards set by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). Such logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) shall be preserved for a period of ten years from the date they are generated and shall be subject to inspection under section four hundred twenty-six of this article.

17 Every licensee shall have in place internal controls that, within a reasonable time following initiation, can safely and indefinitely cease the operation of the system or a major part of the system.

(1)–(4) 1. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall have the power to make such investigations as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall deem necessary to determine whether any operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) or any other personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) has violated any of the provisions of this article, or whether any licensee has conducted itself in such manner as would justify the revocation of its license, and to the extent necessary therefor, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may require the attendance of and examine any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) under oath, and shall have the power to compel the production of all relevant books, records, accounts, documents, source code, and logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11). 2. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall have the power to make such examinations of the books, records, accounts, documents, source code, and logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) used in the business of any licensee as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall deem necessary to determine whether any such licensee has violated any of the provisions of this article. 3. The expenses incurred in making any examination pursuant to this section shall be assessed against and paid by the licensee so examined, except that traveling and subsistence expenses so incurred shall be charged against and paid by licensees in such proportions as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall deem just and reasonable, and such proportionate charges shall be added to the assessment of the other expenses incurred upon each examination. Upon written notice by the secretary of the total amount of such assessment, the licensee shall become liable for and shall pay such assessment to the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). 4. All reports of examinations and investigations, and all correspondence and memoranda concerning or arising out of such examinations or investigations, including any duly authenticated copy or copies thereof in the possession of any licensee or the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8), shall be confidential communications, shall not be subject to subpoena and shall not be made public unless, in the judgment of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7), the ends of justice and the public advantage will be subserved by the publication thereof, in which event the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may publish or authorize the publication of a copy of any such report or other material referred to in this subdivision, or any part thereof, in such manner as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may deem proper.

(1) 18 Every operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall maintain such books, records, source code, and logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall require provided however that every operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall, at least, maintain a copy of all logsLog"Log", "logs" or "logging" shall mean a systematic, chronologically ordered record of events pertaining to a system's operations, activities, and transactions that is in compliance with the standards set by the secretary in accordance with section four hundred twenty-four of this article. In the context of logging, an event shall refer to any significant or notable occurrence, action, or anomaly within the system.State Tech. Law § 401(11) generated from the system as well as a backup of every version of the system which shall be stored in a safe manner as prescribed by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7).

(2) 19 By a date to be set by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7), each operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) shall annually file a report with the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) giving such information as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may require concerning the business and operations during the preceding calendar year of the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) within the state under the authority of this article. Such report shall be subscribed and affirmed as true by the operatorOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) under the penalties of perjury and be in the form prescribed by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). In addition to such annual reports, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may require of operatorsOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) such additional regular or special reports as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may deem necessary to the proper supervision of operatorsOperator"Operator" shall mean the person who distributes and has control over the development of a high-risk advanced artificial intelligence system. Where a high-risk advanced artificial intelligence system is publicly accessible code, the operator shall be deemed the platform or platforms which host the system.State Tech. Law § 401(5) under this article. Such additional reports shall be in the form prescribed by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) and shall be subscribed and affirmed as true under the penalties of perjury.

The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) is hereby authorized and empowered to make such rules and regulations, conduct hearings and make such specific rulings, orders, demands and findings as may be necessary for the proper conduct of the business authorized and licensed under and for the enforcement of this article.

20 The following ethical code of conduct shall be binding on all licensees and non-licensees who develop or operate a high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2): Respect: Artificial intelligence systems should respect human autonomy and not unduly influence or manipulate individuals' behavior or decisions. Equity: An artificial intelligence system should provide equitable outcomes, irrespective of any characteristics protected by law. They should not perpetuate existing biases, discrimination, or disparities. Accountability: PersonsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) that design, develop, deploy, or use artificial intelligence systems should be held accountable for the impacts and outcomes of these systems except where the law provides otherwise. Clear mechanisms for addressing harms and violations of law should be in place. Care: Artificial intelligence systems should not cause harm or adversely affect individuals, society, or the environment without legal justification. Trust: Artificial intelligence systems should respect individuals' privacy rights, and securely handle personal and sensitive data in accordance with applicable laws and regulations. Inclusivity: Artificial intelligence systems should be designed, developed, and used in ways that are inclusive, serving a diverse range of users and contexts. Oversight: There should always be meaningful human oversight of artificial intelligence systems to ensure ethical use and decision-making. Notice: The operations, decision-making processes, and use of artificial intelligence systems should, where feasible, be made known to personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) affected by them. Safety: Artificial intelligence systems should be robust, secure, and reliable. They should have mechanisms in place to prevent misuse or harmful outcomes.

(1)(a)–(e) 21 1. No personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) shall develop, in whole or in part, or operate an artificial intelligence system within the state where such a system performs any of the following, whether or not it is the system's main function: (a) the deployment of subliminal techniques that operate beyond an individual's conscious awareness, with the express purpose of materially distorting an individual's behavior in such a manner that leads to, or possesses a high likelihood of leading to, physical or psychological harm to that individual or another, or that leverages the vulnerabilities of a defined group of individuals to similar ends; (b) the infliction of physical or emotional harm upon individuals without any valid law enforcement or self-defense purpose or justification; (c) the prediction of an individual's future actions or behaviors, followed by subsequent reactions based on these predictions, carried out in such a way that, without legal justification, infringes upon or compromises the individual's liberty, emotional, psychological, or financial interests; (d) the unauthorized acquisition, retention, or dissemination of or access to sensitive personal information or non-public data in violation of applicable data privacy, security, and hacking laws; or (e) the implementation of any form of autonomous weapon system designed to inflict harm on personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10), property, or the environment that lack meaningful human supervision or control. "Meaningful human supervision or control" shall mean the ability to actively manage, intervene, or override the autonomous weapon system's functions.

(2)–(7) 2. Where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) discovers the development or operation of a prohibited artificial intelligence system, the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) may, in writing, demand that the personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) who is developing or operating such system cease development or operation of or access to such a system within a period of time as the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) deems necessary to prevent the system from widespread use or, if the system is operational or accessible to personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) for use, to ensure the system is properly terminated in such a way to minimize risks of harm to individuals, society, or the environment. A demand made pursuant to this section shall be finally and irrevocably binding on the personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) unless the personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) against whom the demand is made shall, within such period of time set by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7), after the giving of notice of such determination, petition the departmentDepartment"Department" shall mean the department of state.State Tech. Law § 401(8) for a hearing to determine the legal findings of the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7). The personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) developing or operating such a prohibited system shall, prior to petition, cease development, operation, and access to the system until and unless such determination is favorable to the personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10). Such determination may be appealed by any party as of right. 3. The secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) shall not grant a license pursuant to this article to any high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) described under this section except as described in subdivision seven of this section. 4. Any member, officer, director or employee of an operator of any entity who knowingly publicly or privately operates any system described in this section shall be guilty of a class D felony and shall incur a civil penalty of the amount earned from the creation of the prohibited system or the amount of damages caused by the system, whichever is greater. 5. This section shall not be construed as imposing liability on any member, officer, director or employee who had no explicit or implicit knowledge of the prohibited high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) provided however that where the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7) sends a demand to cease the development, operation, or access to such system all members, officers, and directors shall be rebuttably presumed to have knowledge of the prohibited high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2). 6. This section shall be construed as prohibiting the development of a prohibited high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) or making such a system accessible to personsPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) in the state of New York. 7. Notwithstanding subdivision one of this section, a personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) may develop a prohibited high-risk advanced artificial intelligence systemHigh-risk advanced artificial intelligence system"High-risk advanced artificial intelligence system" shall mean any advanced artificial intelligence system that possesses capabilities that can cause significant harm to the liberty, emotional, psychological, financial, physical, or privacy interests of an individual or groups of individuals, or which have significant implications on governance, infrastructure, or the environment. The director shall assess any such public or private system in determining whether such system requires registration. High-risk advanced artificial intelligence systems shall, at least, include systems that are designed to, whether directly or indirectly, on purpose or without purpose, do the following: (a) Cause material harm to persons, wildlife, or the environment; (b) Manage, control, or significantly influence healthcare or healthcare-related systems, including but not limited to, diagnosis, treatment plans, pharmaceutical recommendation, or storing of patient records; (c) Operate, control, or guide motor vehicles, aircraft, or any other forms of transport which, if it were to malfunction, has a high probability of posing a risk to human safety or environmental integrity; (d) Psychologically profile individuals for the purpose of targeted advertising, behavioral prediction, or the manipulation of user experiences and interactions in products or services; (e) Manage, control, or create critical infrastructure, including but not limited to the supply of water, electricity, gas, and heating, or construction; (f) Facilitate, control, or significantly impact financial systems, including but not limited to control of stock exchanges, stock trading, credit scoring, or other activities where inaccuracies or failures could lead to substantial economic harm for individuals or broader financial instability; (g) Assist, replace, or augment human decision-making in law enforcement, the judiciary, the executive, the legislature, or any government agency; (h) Enable advanced surveillance capabilities; (i) Involve the use or development of autonomous weapons systems that can cause harm, destruction, or engage in conflict without meaningful human intervention; and (j) Decode or interpret neural or cognitive activity.State Tech. Law § 401(2) where authorized by the secretarySecretary"Secretary" shall mean the secretary of state.State Tech. Law § 401(7), provided that such system is developed and used only by the state or with substantial, continuous oversight by the state and such system is authorized only after public hearing and comment in accordance with section four hundred nine of this article.

If any provision of this article or the application thereof to any personPerson"Person" shall mean any individual, group of individuals, partnership, corporation, association or any other entity.State Tech. Law § 401(10) or circumstances is held invalid, the invalidity thereof shall not affect other provisions or applications of the article which can be given effect without the invalid provision or application, and to this end the provisions of this article are severable.