AI Incident Reporting Act Targets Frontier Models

AI incident reporting for frontier model failures and security risks. (Image credit: AI-generated image)

AI Incident Reporting Act Would Require Frontier AI Developers To Report Critical Incidents

Clayton Rifkind June 29, 2026

The proposal from Rep. Nathaniel Moran would give covered model developers seven days to report serious AI incidents to the Commerce Department.

Rep. Nathaniel Moran (R-Texas) introduced the AI Incident Reporting Act, a bill that would require developers of the most advanced AI models to report dangerous capabilities, security breaches, and safety incidents to the Department of Commerce.

The bill would apply to “covered model developers,” a category Commerce would define through capability thresholds for AI models that could pose significant risks to national security or public safety. Developers covered would have seven days to report critical incidents.

The legislation would require reporting when an AI model exhibits signs of rogue behavior, including evading human oversight or undermining human control.

It would also require reporting for several other categories of high-risk activity, including:

Unauthorized access to, theft of, or attempted theft of model weights (the numerical parameters learned during training that determine how an AI model processes inputs and generates outputs)
AI capabilities that could enable cyber attacks against critical infrastructure or widely used systems
Evidence that a model can accelerate or automate the development of more advanced AI systems
Capabilities that could enable the development or use of chemical, biological, radiological, nuclear, or explosive weapons
Serious near misses where harm was avoided because of outside circumstances, not the developer’s safeguards

For incidents that present an imminent or ongoing risk of serious harm, Commerce would have to notify congressional leaders and relevant committee chairs within 48 hours.

Commerce would have to issue reporting guidelines within 180 days after enactment. The bill also directs the department to create a secure reporting mechanism for AI companies.

“AI is a powerful engine of innovation, and I want to see it flourish, but not without accountability and not without human oversight,” Moran said in the press release. “The rule of law should apply to this new frontier.”

The bill also includes protections for sensitive information submitted to the government. Reports would be exempt from public disclosure, would not waive trade secret or attorney-client protections, and generally could not be used by federal, state, or local governments to regulate or bring enforcement actions against the developer.

Commerce could act based on reports to address risks to national security or public safety. The bill would also allow Commerce to share information with other agencies, including intelligence and law enforcement agencies, as appropriate.

The bill does not yet appear to have cleared committee.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.