AI Incidents

The proposal from Rep. Nathaniel Moran would give covered model developers seven days to report serious AI incidents to the Commerce Department.

Rep. Nathaniel Moran (R-Texas) introduced the AI Incident Reporting Act, a bill that would require developers of the most advanced AI models to report dangerous capabilities, security breaches, and safety incidents to the Department of Commerce.

The bill would apply to “covered model developers,” a category Commerce would define through capability thresholds for AI models that could pose significant risks to national security or public safety. Developers covered would have seven days to report critical incidents.

The legislation would require reporting when an AI model exhibits signs of rogue behavior, including evading human oversight or undermining human control.

It would also require reporting for several other categories of high-risk activity, including:

• Unauthorized access to, theft of, or attempted theft of model weights (the numerical parameters learned during training that determine how an AI model processes inputs and generates outputs)
• AI capabilities that could enable cyber attacks against critical infrastructure or widely used systems
• Evidence that a model can accelerate or automate the development of more advanced AI systems
• Capabilities that could enable the development or use of chemical, biological, radiological, nuclear, or explosive weapons
• Serious near misses where harm was avoided because of outside circumstances, not the developer’s safeguards

For incidents that present an imminent or ongoing risk of serious harm, Commerce would have to notify congressional leaders and relevant committee chairs within 48 hours.

Commerce would have to issue reporting guidelines within 180 days after enactment. The bill also directs the department to create a secure reporting mechanism for AI companies.

“AI is a powerful engine of innovation, and I want to see it flourish, but not without accountability and not without human oversight,” Moran said in the press release. “The rule of law should apply to this new frontier.”

The bill also includes protections for sensitive information submitted to the government. Reports would be exempt from public disclosure, would not waive trade secret or attorney-client protections, and generally could not be used by federal, state, or local governments to regulate or bring enforcement actions against the developer.

Commerce could act based on reports to address risks to national security or public safety. The bill would also allow Commerce to share information with other agencies, including intelligence and law enforcement agencies, as appropriate.

The bill does not yet appear to have cleared committee.