(a) 1 Not later than 180 days after the date of the enactment of this Act, the Under Secretary of Commerce for Standards and Technology shall carry out research to facilitate the development and standardization of means to provide authenticity and provenance information for content generated by human authors and artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2).

(b) 1 For methodologies and applications related to content provenance and authenticity deemed by the Under Secretary to be at a readiness level sufficient for standardization, the Under Secretary shall provide technical review and assistance to such other Federal agencies and nongovernmental standards organizations as the Under Secretary considers appropriate.

(c) 1 The Under Secretary shall carry out a pilot program to assess the feasibility and advisability of using available technologies and creating open standards to facilitate the creation and verification of content governance information for digital content. The pilot program required by paragraph (1) shall be carried out at not more than 2 Federal agencies the Under Secretary shall select for purposes of the pilot program.

(d) 1 Not later than 1 year after the date of the enactment of this Act, the Under Secretary shall submit to the Committee on Commerce, Science, and Transportation of the Senate and the Committee on Science, Space, and Technology of the House of Representatives a report outlining the progress of standardization initiatives relating to requirements under this section, as well as recommendations for legislative or administrative action to encourage or require the widespread adoption of such initiatives in the United States.

Section 22A(b)(1) of the National Institute of Standards and Technology Act (15 U.S.C. 278h–1(b)(1)) is amended— (1) by redesignating subparagraph (I) as subparagraph (K); (2) on subparagraph (H), by striking ''; and'' and inserting a semicolon; and (3) by inserting after subparagraph (H) the following: ''(I) best practices for detecting outputs generated by artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2), including content such as text, audio, images, and videos; ''(J) methods to detect and understand anomalous behavior of artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) and safeguards to mitigate potentially adversarial or compromising anomalous behavior; and''.

Not later than 1 year after the date of enactment of this Act, the Comptroller General of the United States shall— (1) conduct a review of statutory, regulatory, and other policy barriers to the use of artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) to improve the functionality of the Federal Government; and (2) identify best practices for the adoption and use of artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) by the Federal Government.

In this title: (1) APPROPRIATE CONGRESSIONAL COMMITTEES.—The term ''appropriate congressional committees'' means— (A) the Committee on Energy and Natural Resources and the Committee on Commerce, Science, and Transportation of the Senate; (B) the Committee on Energy and Commerce of the House of Representatives; and (C) each congressional committee with jurisdiction over an applicable covered agencyCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3). (2) ARTIFICIAL INTELLIGENCE SYSTEMArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2).—The term ''artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2)'' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs. (3) COVERED AGENCYCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3).—the term ''covered agencyCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3)'' means an agency for which the Under Secretary develops an NIST recommendationNIST recommendationThe term 'NIST recommendation' means a sector-specific recommendation developed under section 22B(b)(1) of the National Institute of Standards and Technology Act, as added by section 204 of this Act.Sec. 201(11). (4) COVERED INTERNET PLATFORMCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4).— (A) IN GENERAL.—The term ''covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4)''— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. (B) EXCLUSIONS.—The term ''covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4)'' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit. (5) CRITICAL-IMPACT AI ORGANIZATIONCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5).—The term ''critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5)'' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6). (6) CRITICAL-IMPACT ARTIFICIAL INTELLIGENCE SYSTEMCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6).—... (7) DEPLOYERDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7).—... (8) DEVELOPERDeveloperThe term 'developer' means an entity that— (A) designs, codes, produces, or owns an artificial intelligence system for internal use or for use by a third party as a baseline model; and (B) does not act as a deployer of the artificial intelligence system described in subparagraph (A).Sec. 201(8).—... (9) GENERATIVE ARTIFICIAL INTELLIGENCE SYSTEMGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9).—... (10) HIGH-IMPACT ARTIFICIAL INTELLIGENCE SYSTEMHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10).—... (11) NIST RECOMMENDATIONNIST recommendationThe term 'NIST recommendation' means a sector-specific recommendation developed under section 22B(b)(1) of the National Institute of Standards and Technology Act, as added by section 204 of this Act.Sec. 201(11).—... (12) SECRETARY.—... (13) SIGNIFICANT RISKSignificant riskThe term 'significant risk' means a combination of severe, high-intensity, high-probability, and long-duration risk of harm to individuals.Sec. 201(13).—... (14) TEVVTEVVThe term 'TEVV' means the testing, evaluation, validation, and verification of any artificial intelligence system that includes— (A) open, transparent, testable, and verifiable specifications that characterize realistic operational performance, such as precision and accuracy for relevant tasks; (B) testing methodologies and metrics that enable the evaluation of system trustworthiness, including robustness and resilience; (C) data quality standards for training and testing datasets; (D) requirements for system validation and integration into production environments, automated testing, and compliance with existing legal and regulatory specifications; (E) methods and tools for— (i) the monitoring of system behavior; (ii) the tracking of incidents or errors reported and their management; and (iii) the detection of emergent properties and related impacts; and (F) and processes for redress and response.Sec. 201(14).—... (15) UNDER SECRETARY.—...

(a)(1)–(2) 2 IN GENERAL.—Subject to paragraph (2), it shall be unlawful for a person to operate a covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) that uses a generative artificial intelligence systemGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9). (2) DISCLOSURE OF USE OF GENERATIVE ARTIFICIAL INTELLIGENCE SYSTEMSGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9).— (A) IN GENERAL.—A person may operate a covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) that uses a generative artificial intelligence systemGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9) if the person provides notice to each user of the covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) that the covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) uses a generative artificial intelligence systemGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9) to generate content the user sees. (B) REQUIREMENTS.—A person providing the notice described in subparagraph (A) to a user— (i) subject to clause (ii), shall provide the notice in a clear and conspicuous manner on the covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) before the user interacts with content produced by a generative artificial intelligence systemGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9); and (ii) may provide an option for the user to choose to see the notice described in clause (i) only upon the first interaction of the user with content produced by a generative artificial intelligence systemGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9).

(b)–(c) ENFORCEMENT ACTION.—Upon learning that a covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) does not comply with the requirements under this section, the Secretary— (1) shall immediately— (A) notify the covered internet platform of the finding; and (B) order the covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) to take remedial action to address the noncompliance of the generative artificial intelligence systemGenerative artificial intelligence systemThe term 'generative artificial intelligence system' means an artificial intelligence system that generates novel data or content in a written, audio, or visual format.Sec. 201(9) operated by the covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4); and (2) may, as determined appropriate or necessary by the Secretary, take enforcement action under section 208 if the covered internet platformCovered internet platformThe term 'covered internet platform'— (i) means any public-facing website, consumer-facing internet application, or mobile application available to consumers in the United States; and (ii) includes a social network site, video sharing service, search engine, and content aggregation service. The term 'covered internet platform' does not include a platform that— (i) is wholly owned, controlled, and operated by a person that— (I) during the most recent 180-day period, did not employ more than 500 employees; (II) during the most recent 3-year period, averaged less than $50,000,000 in annual gross receipts; and (III) on an annual basis, collects or processes the personal data of less than 1,000,000 individuals; or (ii) is operated for the sole purpose of conducting research that is not directly or indirectly made for profit.Sec. 201(4) does not take sufficient action to remedy the noncompliance within 15 days of the notification under paragraph (1)(A). (c) EFFECTIVE DATE.—This section shall take effect on the date that is 180 days after the date of enactment of this Act.

(a)(1)–(2) 3 IN GENERAL.—Each deployer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) shall— (A) before deploying the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10), and annually thereafter, submit to the Secretary a report describing the design and safety plans for the artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2); and (B) submit to the Secretary an updated report on the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) if the deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) makes a material change to— (i) the purpose for which the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) is used; or (ii) the type of data the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) processes or uses for training purposes. (2) CONTENTS.—Each transparency report submitted under paragraph (1) shall include, with respect to the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10)— (A) the purpose; (B) the intended use cases; (C) deployment context; (D) benefits; (E) a description of data that the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10), once deployed, processes as inputs; (F) if available— (i) a list of data categories and formats the deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) used to retrain or continue training the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10); (ii) metrics for evaluating the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) performance and known limitations; and (iii) transparency measures, including information identifying to individuals when a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) is in use; (G) processes and testing performed before each deployment to ensure the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) is safe, reliable, and effective; (H) if applicable, an identification of any third-party artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) or datasets the deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) relies on to train or operate the high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10); and (I) post-deployment monitoring and user safeguards, including a description of the oversight process in place to address issues as issues arise.

(b) 4 DEVELOPERDeveloperThe term 'developer' means an entity that— (A) designs, codes, produces, or owns an artificial intelligence system for internal use or for use by a third party as a baseline model; and (B) does not act as a deployer of the artificial intelligence system described in subparagraph (A).Sec. 201(8) OBLIGATIONS.—The developer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) shall be subject to the same obligations as a developer of a critical impact artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) under section 206(c).

(c) 3 CONSIDERATIONS.—In carrying out subsections (a) and (b), a deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) or developer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) shall consider the best practices outlined in the most recent version of the risk management framework developed pursuant to section 22A(c) of the National Institute of Standards and Technology Act (15 U.S.C. 278h–1(c)).

(d)–(f) NONCOMPLIANCE AND ENFORCEMENT ACTION.—Upon learning that a deployer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) is not in compliance with the requirements under this section with respect to a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10), the Secretary— (1) shall immediately— (A) notify the deployer of the finding; and (B) order the deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) to immediately submit to the Secretary the report required under subsection (a)(1); and (2) if the deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) fails to submit the report by the date that is 15 days after the date of the notification under paragraph (1)(A), may take enforcement action under section 208. (e) AVOIDANCE OF DUPLICATION.— (1) IN GENERAL.—Pursuant to the deconfliction of duplicative requirements under paragraph (2), the Secretary shall ensure that the requirements under this section are not unnecessarily burdensome or duplicative of requirements made or oversight conducted by a covered agencyCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3) regarding the non-Federal use of high-impact artificial intelligence systemsHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10). (f) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to require a deployer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) to disclose any information, including data or algorithms— (1) relating to a trade secret or other protected intellectual property right; (2) that is confidential business information; or (3) that is privileged.

Not later than 1 year after the date of the enactment of the Artificial Intelligence Research, Innovation, and Accountability Act of 2023, the Director shall— (1) develop sector-specific recommendations for individual Federal agencies to conduct oversight of the non-Federal, and, as appropriate, Federal use of high-impact artificial intelligence systemsHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) to improve the safe and responsible use of such systems; and (2) not less frequently than biennially, update the sector-specific recommendations to account for changes in technological capabilities or artificial intelligence use cases.

Not later than 1 year after the date of enactment of this Act, the Under Secretary shall submit to the Director, the head of each covered agencyCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3), and the appropriate congressional committees each NIST recommendationNIST recommendationThe term 'NIST recommendation' means a sector-specific recommendation developed under section 22B(b)(1) of the National Institute of Standards and Technology Act, as added by section 204 of this Act.Sec. 201(11). Not later than 90 days after the date on which the Under Secretary submits a NIST recommendationNIST recommendationThe term 'NIST recommendation' means a sector-specific recommendation developed under section 22B(b)(1) of the National Institute of Standards and Technology Act, as added by section 204 of this Act.Sec. 201(11) to the head of a covered agencyCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3) under paragraph (1), the head of the covered agencyCovered agencyThe term 'covered agency' means an agency for which the Under Secretary develops an NIST recommendation.Sec. 201(3) shall transmit to the Director a formal written response to the NIST recommendationNIST recommendationThe term 'NIST recommendation' means a sector-specific recommendation developed under section 22B(b)(1) of the National Institute of Standards and Technology Act, as added by section 204 of this Act.Sec. 201(11).

(a)(1)–(3) 5 IN GENERAL.—Each critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) shall perform a risk management assessment in accordance with this section. (2) ASSESSMENT.—Each critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) shall— (A) not later than 30 days before the date on which a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) is made publicly available by the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5), perform a risk management assessment; and (B) not less frequently than biennially during the period beginning on the date of enactment of this Act and ending on the date on which the applicable critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) is no longer being made publicly available by the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5), as applicable, conduct an updated risk management assessment that— (i) may find that no significant changes were made to the critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6); and (ii) provides, to the extent practicable, aggregate results of any significant deviation from expected performance detailed in the assessment performed under subparagraph (A) or the most recent assessment performed under this subparagraph. (3) REVIEW.— (A) IN GENERAL.—Not later than 90 days after the date of completion of a risk management assessment by a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) under this section, the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) shall submit to the Secretary a report— (i) outlining the assessment performed under this section; and (ii) that is in a consistent format, as determined by the Secretary.

(b) 5 ASSESSMENT SUBJECT AREAS.—Each assessment performed by a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) under subsection (a) shall describe the means by which the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) is addressing, through a documented TEVVTEVVThe term 'TEVV' means the testing, evaluation, validation, and verification of any artificial intelligence system that includes— (A) open, transparent, testable, and verifiable specifications that characterize realistic operational performance, such as precision and accuracy for relevant tasks; (B) testing methodologies and metrics that enable the evaluation of system trustworthiness, including robustness and resilience; (C) data quality standards for training and testing datasets; (D) requirements for system validation and integration into production environments, automated testing, and compliance with existing legal and regulatory specifications; (E) methods and tools for— (i) the monitoring of system behavior; (ii) the tracking of incidents or errors reported and their management; and (iii) the detection of emergent properties and related impacts; and (F) and processes for redress and response.Sec. 201(14) process, the following categories: (1) Policies, processes, procedures, and practices across the organization relating to transparent and effective mapping, measuring, and managing of artificial intelligence risks, including— (A) how the organization understands, manages, and documents legal and regulatory requirements involving artificial intelligence; (B) how the organization integrates characteristics of trustworthy artificial intelligence, which include valid, reliable, safe, secure, resilient, accountable, transparent, globally and locally explainable, interpretable, privacy-enhanced, and fair with harmful bias managed, into organizational policies, processes, procedures, and practices; (C) a methodology to determine the needed level of risk management activities based on the organization's risk tolerance; and (D) how the organization establishes risk management processes and outcomes through transparent policies, procedures, and other controls based on organizational risk priorities. (2) The structure, context, and capabilities of the critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) or critical-impact foundation model, including— (A) how the context was established and understood; (B) capabilities, targeted uses, goals, and expected costs and benefits; and (C) how risks and benefits are mapped for each system component. (3) A description of how the organization employs quantitative, qualitative, or mixed-method tools, techniques, and methodologies to analyze, assess, benchmark, and monitor artificial intelligence risk, including— (A) identification of appropriate methods and metrics; (B) how artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) are evaluated for trustworthy characteristics; (C) mechanisms for tracking artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) risks over time; and (D) processes for gathering and assessing feedback relating to the efficacy of measurement. (4) A description of allocation of risk resources to map and measure risks on a regular basis as described in paragraph (1), including— (A) how artificial intelligence risks based on assessments and other analytical outputs described in paragraphs (2) and (3) are prioritized, responded to, and managed; (B) how strategies to maximize artificial intelligence benefits and minimize negative impacts were planned, prepared, implemented, documented, and informed by input from relevant artificial intelligence deployersDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7); (C) management of artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) risks and benefits; and (D) regular monitoring of risk treatments, including response and recovery, and communication plans for the identified and measured artificial intelligence risks, as applicable.

(c) 6 DEVELOPERDeveloperThe term 'developer' means an entity that— (A) designs, codes, produces, or owns an artificial intelligence system for internal use or for use by a third party as a baseline model; and (B) does not act as a deployer of the artificial intelligence system described in subparagraph (A).Sec. 201(8) OBLIGATIONS.—The developer of a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) that agrees through a contract or license to provide technology or services to a deployer of the critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) shall provide to the deployer of the critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) the information reasonably necessary for the deployerDeployerThe term 'deployer'— (A) means an entity that uses or operates an artificial intelligence system for internal use or for use by third parties; and (B) does not include an entity that is solely an end user of a system.Sec. 201(7) to comply with the requirements under subsection (a), including— (1) an overview of the data used in training the baseline artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) provided by the developerDeveloperThe term 'developer' means an entity that— (A) designs, codes, produces, or owns an artificial intelligence system for internal use or for use by a third party as a baseline model; and (B) does not act as a deployer of the artificial intelligence system described in subparagraph (A).Sec. 201(8), including— (A) data size; (B) data sources; (C) copyrighted data; and (D) personal identifiable information; (2) documentation outlining the structure and context of the baseline artificial intelligence system of the developerDeveloperThe term 'developer' means an entity that— (A) designs, codes, produces, or owns an artificial intelligence system for internal use or for use by a third party as a baseline model; and (B) does not act as a deployer of the artificial intelligence system described in subparagraph (A).Sec. 201(8), including— (A) input modality; (B) output modality; (C) model size; and (D) model architecture; (3) known capabilities, limitations, and risks of the baseline artificial intelligence system of the developerDeveloperThe term 'developer' means an entity that— (A) designs, codes, produces, or owns an artificial intelligence system for internal use or for use by a third party as a baseline model; and (B) does not act as a deployer of the artificial intelligence system described in subparagraph (A).Sec. 201(8) at the time of the development of the artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2); and (4) documentation for downstream use, including— (A) a statement of intended purpose; (B) guidelines for the intended use of the artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2), including a list of permitted, restricted, and prohibited uses and users; and (C) a statement of the potential for deviation from the intended purpose of the baseline artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2).

(d)–(e) TERMINATION OF OBLIGATION TO DISCLOSE INFORMATION.— (1) IN GENERAL.—The obligation of a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) to provide information, upon request of the Secretary, relating to a specific assessment category under subsection (b) shall end on the date of issuance of a relevant standard applicable to the same category of a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) by— (A) the Secretary under section 207(c) with respect to a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6); (B) another department or agency of the Federal Government, as determined applicable by the Secretary; or (C) a non-governmental standards organization, as determined appropriate by the Secretary. (e) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to require a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5), or permit the Secretary, to disclose any information, including data or algorithms— (1) relating to a trade secret or other protected intellectual property right; (2) that is confidential business information; or (3) that is privileged.

(a)–(b) ESTABLISHMENT OF ARTIFICIAL INTELLIGENCE CERTIFICATION ADVISORY COMMITTEE.— (1) IN GENERAL.—Not later than 180 days after the date of enactment of this Act, the Secretary shall establish an advisory committee to provide advice and recommendations on TEVVTEVVThe term 'TEVV' means the testing, evaluation, validation, and verification of any artificial intelligence system that includes— (A) open, transparent, testable, and verifiable specifications that characterize realistic operational performance, such as precision and accuracy for relevant tasks; (B) testing methodologies and metrics that enable the evaluation of system trustworthiness, including robustness and resilience; (C) data quality standards for training and testing datasets; (D) requirements for system validation and integration into production environments, automated testing, and compliance with existing legal and regulatory specifications; (E) methods and tools for— (i) the monitoring of system behavior; (ii) the tracking of incidents or errors reported and their management; and (iii) the detection of emergent properties and related impacts; and (F) and processes for redress and response.Sec. 201(14) standards and the certification of critical-impact artificial intelligence systemsCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6). (b) ARTIFICIAL INTELLIGENCE CERTIFICATION PLAN.— (1) IN GENERAL.—Not later than 1 year after the date of enactment of this Act, the Secretary shall establish a 3-year implementation plan for the certification of critical-impact artificial intelligence systemsCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6).

(c) STANDARDS.— (1) STANDARDS.— (A) IN GENERAL.—The Secretary shall issue TEVVTEVVThe term 'TEVV' means the testing, evaluation, validation, and verification of any artificial intelligence system that includes— (A) open, transparent, testable, and verifiable specifications that characterize realistic operational performance, such as precision and accuracy for relevant tasks; (B) testing methodologies and metrics that enable the evaluation of system trustworthiness, including robustness and resilience; (C) data quality standards for training and testing datasets; (D) requirements for system validation and integration into production environments, automated testing, and compliance with existing legal and regulatory specifications; (E) methods and tools for— (i) the monitoring of system behavior; (ii) the tracking of incidents or errors reported and their management; and (iii) the detection of emergent properties and related impacts; and (F) and processes for redress and response.Sec. 201(14) standards for critical-impact artificial intelligence systemsCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6). (B) REQUIREMENTS.—Each standard issued under this subsection shall— (i) be practicable; (ii) meet the need for safe, secure, and transparent operations of critical-impact artificial intelligence systemsCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6); (iii) with respect to a relevant standard issued by a non-governmental standards organization that is already in place, align with and be interoperable with that standard; (iv) provide for a mechanism to, not less frequently than once every 2 years, solicit public comment and update the standard to reflect advancements in technology and system architecture; and (v) be stated in objective terms.

(e) 7 SELF-CERTIFICATION OF COMPLIANCE.— (1) IN GENERAL.—Subject to paragraph (2), with respect to each critical-impact artificial intelligence system of a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5), the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) shall certify to the Secretary that the critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) complies with applicable TEVVTEVVThe term 'TEVV' means the testing, evaluation, validation, and verification of any artificial intelligence system that includes— (A) open, transparent, testable, and verifiable specifications that characterize realistic operational performance, such as precision and accuracy for relevant tasks; (B) testing methodologies and metrics that enable the evaluation of system trustworthiness, including robustness and resilience; (C) data quality standards for training and testing datasets; (D) requirements for system validation and integration into production environments, automated testing, and compliance with existing legal and regulatory specifications; (E) methods and tools for— (i) the monitoring of system behavior; (ii) the tracking of incidents or errors reported and their management; and (iii) the detection of emergent properties and related impacts; and (F) and processes for redress and response.Sec. 201(14) standards issued under this section. (2) EXCEPTION.—A critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) may not issue a certificate under paragraph (1) if, in exercising reasonable care, the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) has constructive knowledge that the certificate is false or misleading in a material respect.

(f) 8 NONCOMPLIANCE FINDINGS AND ENFORCEMENT ACTION.— (1) FINDING OF NONCOMPLIANCE BY SECRETARY.—Upon learning that a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) deployed by a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) does not comply with the requirements under this section, the Secretary shall— (A) immediately— (i) notify the critical-impact AI organization of the finding; and (ii) order the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) to take remedial action to address the noncompliance of the artificial intelligence systemArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2); and (B) may, as determined appropriate or necessary by the Secretary, and if the Secretary determines that actions taken by a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) are insufficient to remedy the noncompliance of the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) with this section, take enforcement action under section 208. (2) ACTIONS BY CRITICAL-IMPACT AI ORGANIZATIONCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5).—If a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) finds that a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) deployed by the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) is noncompliant with an applicable TEVVTEVVThe term 'TEVV' means the testing, evaluation, validation, and verification of any artificial intelligence system that includes— (A) open, transparent, testable, and verifiable specifications that characterize realistic operational performance, such as precision and accuracy for relevant tasks; (B) testing methodologies and metrics that enable the evaluation of system trustworthiness, including robustness and resilience; (C) data quality standards for training and testing datasets; (D) requirements for system validation and integration into production environments, automated testing, and compliance with existing legal and regulatory specifications; (E) methods and tools for— (i) the monitoring of system behavior; (ii) the tracking of incidents or errors reported and their management; and (iii) the detection of emergent properties and related impacts; and (F) and processes for redress and response.Sec. 201(14) standard issued under this section or the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) is notified of noncompliance by the Secretary under paragraph (1)(A)(i), the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) shall— (A) without undue delay, notify the Secretary by certified mail or electronic mail of the noncompliance or receipt of the notification of noncompliance; (B) take remedial action to address the noncompliance; and (C) not later than 10 days after the date of the notification or receipt under subparagraph (A), submit to the Secretary a report containing information on— (i) the nature and discovery of the noncompliant aspect of the critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6); (ii) measures taken to remedy such noncompliance; and (iii) actions taken by the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) to address stakeholders affected by such noncompliance.

(a)–(f) IN GENERAL.—Upon discovering noncompliance with a provision of this Act by a deployer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) or a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) if the Secretary determines that actions taken by the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) are insufficient to remedy the noncompliance, the Secretary shall take an action described in this section. (b) CIVIL PENALTIES.— (1) IN GENERAL.—The Secretary may impose a penalty described in paragraph (2) on deployer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) or a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) for each violation by that entity of this Act or any regulation or order issued under this Act. (2) PENALTY DESCRIBED.—The penalty described in this paragraph is the greater of— (A) an amount not to exceed $300,000; or (B) an amount that is twice the value of the transaction that is the basis of the violation with respect to which the penalty is imposed. (c) VIOLATION WITH INTENT.— (1) IN GENERAL.—If the Secretary determines that a deployer of a high-impact artificial intelligence systemHigh-impact artificial intelligence systemThe term 'high-impact artificial intelligence system' means an artificial intelligence system— (A) deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) that is specifically developed with the intended purpose of making decisions that have a legal or similarly significant effect on the access of an individual to housing, employment, credit, education, healthcare, or insurance in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(10) or a critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) intentionally violates this Act or any regulation or order issued under this Act, the Secretary may prohibit the critical-impact AI organizationCritical-impact AI organizationThe term 'critical-impact AI organization' means a non-government organization that serves as the deployer of a critical-impact artificial intelligence system.Sec. 201(5) from deploying a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6). (2) IN ADDITION.—A prohibition imposed under paragraph (1) shall be in addition to any other civil penalties provided under this Act. (e) CIVIL ACTION.— (1) IN GENERAL.—Upon referral by the Secretary, the Attorney General may bring a civil action in a United States district court to— (A) enjoin a violation of section 207; or (B) collect a civil penalty upon a finding of noncompliance with this Act. (f) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to require a developer of a critical-impact artificial intelligence systemCritical-impact artificial intelligence systemThe term 'critical-impact artificial intelligence system' means an artificial intelligence system that— (A) is deployed for a purpose other than solely for use by the Department of Defense or an intelligence agency (as defined in section 3094(e) of the National Security Act of 1947 (50 U.S.C. 3094(3))); and (B) is used or intended to be used— (i) to make decisions that have a legal or similarly significant effect on— (I) the real-time or ex post facto collection of biometric data of natural persons by biometric identification systems without their consent; (II) the direct management and operation of critical infrastructure (as defined in section 1016(e) of the USA PATRIOT Act (42 U.S.C. 5195c(e))) and space-based infrastructure; or (III) criminal justice (as defined in section 901 of title I of the Omnibus Crime Control and Safe Streets Act of 1968 (34 U.S.C. 10251)); and (ii) in a manner that poses a significant risk to rights afforded under the Constitution of the United States or safety.Sec. 201(6) to disclose any information, including data or algorithms— (1) relating to a trade secret or other protected intellectual property right; (2) that is confidential business information; or (3) that is privileged.

Not later than 180 days after the date of enactment of this Act, the Secretary shall establish a working group relating to responsible education efforts for artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2). The working group established under this section shall— (A) identify recommended education and programs that may be voluntarily employed by industry to inform— (i) consumers and other stakeholders with respect to artificial intelligence systemsArtificial intelligence systemThe term 'artificial intelligence system' means an engineered system that— (A) generates outputs, such as content, predictions, recommendations, or decisions for a given set of human-defined objectives; and (B) is designed to operate with varying levels of adaptability and autonomy using machine and human-based inputs.Sec. 201(2) as those systems— (I) become available; or (II) are soon to be made widely available for public use or consumption; and (B) submit to Congress, and make available to the public, a report containing the findings and recommendations under subparagraph (A).