[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9333 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 9333
To direct the Director of the National Institute of Standards and
Technology to develop a program for the voluntary reporting of
artificial intelligence flaws and the acceleration of detection and
monitoring of such flaws, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 18, 2026
Ms. Ross (for herself, Mr. Hurd of Colorado, and Mr. Beyer) introduced
the following bill; which was referred to the Committee on Science,
Space, and Technology
_______________________________________________________________________
A BILL
To direct the Director of the National Institute of Standards and
Technology to develop a program for the voluntary reporting of
artificial intelligence flaws and the acceleration of detection and
monitoring of such flaws, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``AI Flaw Reporting and Security
Enhancement Act''.
SEC. 2. SUPPORTING VOLUNTARY REPORTING OF ARTIFICIAL INTELLIGENCE
FLAWS.
(a) In General.--The Director of the National Institute of
Standards and Technology (NIST), in consultation with the Director of
the Cybersecurity and Infrastructure Security Agency of the Department
of Homeland Security, shall carry out a program to support the
voluntary reporting, collection, and tracking of artificial
intelligence flaws (in this section referred to as the ``program'').
(b) Activities.--In carrying out the program, the Director of the
NIST shall seek to convene appropriate representatives of industry,
academia, nonprofit organizations, standards development organizations,
civil society groups, and appropriate Federal departments and agencies
to carry out the following:
(1) Establish common definitions and characterizations for
relevant aspects relating to artificial intelligence flaws,
including consideration of the following:
(A) Definitions of the following terms, as such
terms relate to artificial intelligence:
(i) Vulnerabilities.
(ii) Failure modes.
(iii) Accidents.
(iv) Failures.
(v) Hazards.
(vi) Catastrophes.
(vii) Misuse.
(viii) Incidents.
(ix) Adverse events.
(B) Taxonomies to classify such artificial
intelligence flaws based on relevant characteristics,
impacts, or other appropriate criteria to enable the
management and prioritization of such flaws, including
the following:
(i) Artificial intelligence security-
related flaws.
(ii) Artificial intelligence safety-related
flaws.
(2) Support the development of technical standards and
guidance related to artificial intelligence flaws and processes
for managing such flaws.
(3) Support the development of methods, which may include
measures of severity or risk associated with artificial
intelligence flaws, to enable prioritization of remediation
activities of such flaws.
(4) Support the development of technical approaches which
accelerate detection and monitoring of artificial intelligence
flaws.
(5) Identify and provide guidelines, best practices,
methodologies, procedures, and processes for reporting,
collecting, and tracking artificial intelligence flaws across
different sectors and use cases.
(6) Support the development of standardized reporting and
documentation mechanisms, including automated mechanisms, that
would help provide information, including public information,
regarding artificial intelligence flaws.
(7) Support the development of norms for appropriate
disclosure and reporting of artificial intelligence flaws,
including when it is appropriate to publicly disclose such
flaws.
(c) Development of Infrastructure for the Measurement and
Monitoring of Artificial Intelligence Flaws.--
(1) In general.--In carrying out the program, the Director
of NIST shall, in consultation with representatives of
industry, academia, nonprofit organizations, standards
development organizations, civil society groups, appropriate
public sector entities, and appropriate Federal departments and
agencies, develop, or enter into cooperative agreements with
one or more eligible entity designated by the Director to
develop, infrastructure for the voluntary reporting,
collection, and tracking of artificial intelligence flaws. Such
infrastructure shall include a national database of artificial
intelligence flaws or the modification of an existing national
database to account for such flaws, as determined appropriate
by the Director. Such database may be maintained by NIST or one
or more eligible entities designated by the Director
(2) Considerations.--In carrying out this subsection, the
Director shall consider the following:
(A) Technical standards and best practices
regarding machine-readability.
(B) Interoperability of the infrastructure
described in paragraph (1) with relevant existing
standards, best practices, and systems.
(C) Future updates to the infrastructure described
in paragraph (1) that may include additional types of
information and taxonomies relevant to new stakeholders
and coordination mechanisms.
(D) Relevant policies, procedures, and norms
regarding dissemination of reported artificial
intelligence flaws and public disclosures.
(d) Report.--Not later than three years after the date of the
enactment of this Act, the Director of NIST shall submit to Congress a
report on the implementation of this section. Such report shall include
the following:
(1) Findings from the multi-stakeholder activities under
subsections (b) and (c).
(2) A description of the infrastructure developed pursuant
to subsection (c), including a description of the national
database referred to in such subsection.
(3) An assessment of and recommendations for establishing
reporting and collection mechanisms by which industry,
academia, nonprofit organizations, standards development
organizations, civil society groups, and appropriate public
sector entities may voluntarily share standardized information
regarding artificial intelligence flaws.
(e) Definitions.--In this section:
(1) Artificial intelligence.--The term ``artificial
intelligence'' has the meaning given such term in section 5002
of the National Artificial Intelligence Initiative Act of 2020
(15 U.S.C. 9401).
(2) Artificial intelligence flaw.--The term ``artificial
intelligence flaw'' means a set of conditions or behaviors that
allow the violation of an explicit or implicit policy related
to the safety, security, or other undesirable effects from use
of an artificial intelligence system, including artificial
intelligence vulnerabilities and artificial intelligence
incidents, and which is not dependent on the presence of
malicious intent or related harm.
(3) Artificial intelligence system.--The term ``artificial
intelligence system'' has the meaning given such term in
section 7223 of the Advancing American AI Act (40 U.S.C. 11301
note; as enacted as part of title LXXII of division G of the
James M. Inhofe National Defense Authorization Act for Fiscal
Year 2023; Public Law 117-263).
(4) Eligible entity.--The term ``eligible entity'' means an
institution of higher education (as such term is defined in
section 101(a) of the Higher Education Act of 1965 (20 U.S.C.
1001)), a research institution (as such term is defined in
section 9 of the Small Business Act (15 U.S.C. 638(e)(8)), or
consortia thereof.
<all>