| ||||||||||||||||||||
| ||||||||||||||||||||
| ||||||||||||||||||||
| 1 | AN ACT concerning business. | |||||||||||||||||||
| 2 | Be it enacted by the People of the State of Illinois, | |||||||||||||||||||
| 3 | represented in the General Assembly: | |||||||||||||||||||
| 4 | Section 1. Short title. This Act may be cited as the | |||||||||||||||||||
| 5 | Artificial Intelligence Safety Act. | |||||||||||||||||||
| 6 | Section 5. Definitions. In this Act: | |||||||||||||||||||
| 7 | "Artificial intelligence model" means an engineered or | |||||||||||||||||||
| 8 | machine-based component of a system that varies in its level | |||||||||||||||||||
| 9 | of autonomy and that can, for explicit or implicit objectives, | |||||||||||||||||||
| 10 | infer from the input it receives how to generate outputs that | |||||||||||||||||||
| 11 | can influence physical or virtual environments. | |||||||||||||||||||
| 12 | "Critical harm" means the death or serious injury of 100 | |||||||||||||||||||
| 13 | or more people or at least $1,000,000,000 of damages to rights | |||||||||||||||||||
| 14 | in property caused or materially enabled by a frontier model, | |||||||||||||||||||
| 15 | through either: | |||||||||||||||||||
| 16 | (1) the creation or use of a chemical, biological, | |||||||||||||||||||
| 17 | radiological, or nuclear weapon; or | |||||||||||||||||||
| 18 | (2) engaging in conduct that: | |||||||||||||||||||
| 19 | (A) acts with no meaningful human intervention; | |||||||||||||||||||
| 20 | and | |||||||||||||||||||
| 21 | (B) would, if committed by a human, constitute a | |||||||||||||||||||
| 22 | criminal offense that requires intent, recklessness, | |||||||||||||||||||
| 23 | or negligence, or the solicitation or aiding and | |||||||||||||||||||
| |||||||
| |||||||
| 1 | abetting of such a crime. | ||||||
| 2 | "Developer" means a person or organization that has | ||||||
| 3 | trained, or initiated the training of, at least one frontier | ||||||
| 4 | model. | ||||||
| 5 | "Frontier model" means an artificial intelligence model | ||||||
| 6 | that: (1) is trained using greater than 10^26 computational | ||||||
| 7 | operations, such as integer or floating-point operations; or | ||||||
| 8 | (2) has a compute cost that exceeds $100,000,000. | ||||||
| 9 | Section 10. Frontier model transparency. | ||||||
| 10 | (a) A developer shall not be held liable for critical | ||||||
| 11 | harms if the developer did not intentionally or recklessly | ||||||
| 12 | cause the critical harms and the developer: | ||||||
| 13 | (1) published a safety and security protocol on its | ||||||
| 14 | website that satisfies the requirements of Section 15 and | ||||||
| 15 | adhered to that safety and security protocol prior to the | ||||||
| 16 | release of the frontier model; | ||||||
| 17 | (2) published a transparency report on its website at | ||||||
| 18 | the time of the frontier model's release that satisfies | ||||||
| 19 | the requirements of Section 20. | ||||||
| 20 | The requirements of paragraphs (1) and (2) do not apply if | ||||||
| 21 | the developer does not reasonably foresee any material | ||||||
| 22 | difference between the frontier model's capabilities or risks | ||||||
| 23 | of critical harm and a frontier model that was previously | ||||||
| 24 | evaluated by the developer in a manner substantially similar | ||||||
| 25 | to this Act. | ||||||
| |||||||
| |||||||
| 1 | (b) If a developer has produced a safety and security | ||||||
| 2 | protocol in a manner substantially similar to this Act, then | ||||||
| 3 | the developer shall be deemed to have complied with subsection | ||||||
| 4 | (a) if the developer: | ||||||
| 5 | (1) agrees to be bound by the safety and security | ||||||
| 6 | requirements adopted under Article 56 of the European | ||||||
| 7 | Union's Artificial Intelligence Act; or | ||||||
| 8 | (2) enters into an agreement with an agency of the | ||||||
| 9 | federal government that: | ||||||
| 10 | (A) enables the agency to access the developer's | ||||||
| 11 | frontier models for the purposes of conducting | ||||||
| 12 | research and evaluations; | ||||||
| 13 | (B) facilitates the evaluation of frontier models, | ||||||
| 14 | such as an assessment of cyber and biological risks; | ||||||
| 15 | and | ||||||
| 16 | (C) allows for the federal government to release | ||||||
| 17 | information related to evaluations of frontier models | ||||||
| 18 | that have been publicly released. | ||||||
| 19 | (c) A developer that enters into an agreement with an | ||||||
| 20 | agency of the federal government under paragraph (2) of | ||||||
| 21 | subsection (b) shall file a certification with the Attorney | ||||||
| 22 | General, in a manner prescribed by the Attorney General, | ||||||
| 23 | attesting that the developer has entered into an agreement | ||||||
| 24 | that satisfies the requirements of paragraph (2) of subsection | ||||||
| 25 | (b). It is a violation of this Act to make a materially false | ||||||
| 26 | or misleading statement, or to omit a material fact, in any | ||||||
| |||||||
| |||||||
| 1 | certification submitted under this subsection. | ||||||
| 2 | Section 15. Requirements for safety and security | ||||||
| 3 | protocols. | ||||||
| 4 | (a) In order to satisfy the requirements of paragraph (1) | ||||||
| 5 | of subsection (a) of Section 10, a developer shall create a | ||||||
| 6 | safety and security protocol that documents a developer's | ||||||
| 7 | technical and organizational protocols to manage, assess, and | ||||||
| 8 | mitigate risk of critical harm arising from the use and | ||||||
| 9 | distribution of its frontier models. It shall include a | ||||||
| 10 | high-level summary of: | ||||||
| 11 | (1) testing procedures that the developer uses to | ||||||
| 12 | assess risk of a reasonably foreseeable critical harms | ||||||
| 13 | arising from the deployment of a frontier model; | ||||||
| 14 | (2) thresholds used by the developer to identify and | ||||||
| 15 | assess whether a frontier model poses a critical risk, | ||||||
| 16 | including: | ||||||
| 17 | (A) how the developer will assess whether a | ||||||
| 18 | threshold has been attained, which may include | ||||||
| 19 | multiple tiered thresholds; and | ||||||
| 20 | (B) an illustrative summary of the potential | ||||||
| 21 | actions the developer may take if each threshold is | ||||||
| 22 | attained; | ||||||
| 23 | (3) the mitigations that a developer takes to mitigate | ||||||
| 24 | reasonably foreseeable critical harms and how the | ||||||
| 25 | developer assesses the effectiveness of those mitigations; | ||||||
| |||||||
| |||||||
| 1 | (4) whether and how a developer will use third parties | ||||||
| 2 | to assess risk of critical harm and capabilities or the | ||||||
| 3 | effectiveness of mitigations of critical harms; | ||||||
| 4 | (5) the developer's cybersecurity practices relating | ||||||
| 5 | to frontier models and how the developer secures | ||||||
| 6 | unreleased frontier model weights from unauthorized | ||||||
| 7 | modification or transfer by internal or external parties; | ||||||
| 8 | (6) to the extent that the frontier model is deployed | ||||||
| 9 | by the developer, a description of how the developer will | ||||||
| 10 | monitor for critical harm and how a developer would | ||||||
| 11 | respond; and | ||||||
| 12 | (7) the process by which the developer determines when | ||||||
| 13 | a frontier model presents material new risks such that it | ||||||
| 14 | should be subject to additional assessments. | ||||||
| 15 | (b) A developer may make appropriate redactions to the | ||||||
| 16 | information required under subsection (a), as necessary, to | ||||||
| 17 | maintain model security and integrity, trade secrets, and | ||||||
| 18 | proprietary information. | ||||||
| 19 | Section 20. Requirements for transparency reports. | ||||||
| 20 | (a) In order to satisfy the requirements of paragraph (2) | ||||||
| 21 | of subsection (a) of Section 10, a developer shall create a | ||||||
| 22 | transparency report that: | ||||||
| 23 | (1) identifies the frontier model that is the subject | ||||||
| 24 | of the transparency report; and | ||||||
| 25 | (2) provides a summary of the results of assessments | ||||||
| |||||||
| |||||||
| 1 | conducted in accordance with the developer's safety and | ||||||
| 2 | security protocol and the steps taken to address any | ||||||
| 3 | identified risks. | ||||||
| 4 | (b) A developer may make appropriate redactions to the | ||||||
| 5 | information required under subsection (a), as necessary, to | ||||||
| 6 | maintain model security and integrity, trade secrets, and | ||||||
| 7 | proprietary information. | ||||||
| 8 | Section 25. Application of the Act. | ||||||
| 9 | (a) This Act shall no longer apply if the federal | ||||||
| 10 | government enacts a law or adopts regulations that establish | ||||||
| 11 | overlapping requirements for developers of frontier models. | ||||||
| 12 | (b) A developer shall be deemed to be in compliance with | ||||||
| 13 | this Act if the developer is in compliance with another | ||||||
| 14 | state's substantially similar frontier model safety and | ||||||
| 15 | security framework. | ||||||