Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 118th Congress · S. 4495 (Introduced in Senate) — To enable safe, responsible, and agile procurement, development, and use of artificial intelligence by the Federal Go... · Sec. 7

Sec. 7. Agency risk classification of artificial intelligence use cases for procurement and use

682 words·~3 min read·/bill/118/s/4495/is/section-7

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The head of each agency shall be responsible for developing, not later than 1 year after the date of enactment of this Act, a risk classification system for agency use cases of artificial intelligence, without respect to whether artificial intelligence is embedded in a commercial product. The risk classification system under paragraph
(1)shall, at a minimum, include unacceptable, high, medium, and low risk classifications. In developing the risk classifications under subparagraph (A), the head of the agency shall consider the following: The mission and operations of the agency. The seriousness and probability of adverse impacts. The breadth of application, such as the number of individuals affected. The degree of choice that an individual, group, or entity has as to whether to be subject to the effects of artificial intelligence. Standards and frameworks for risk classification of use cases that support democratic values, such as the standards and frameworks developed by the National Institute of Standards and Technology, the International Standards Organization, and the Institute of Electrical and Electronics Engineers. The risk classification system may allow for an operational use case to be categorized under a lower risk classification, even if the use case is a part of a larger area of the mission of the agency that is categorized under a higher risk classification. The risk classification system may allow for changes to the risk classification of an artificial intelligence use case based on the results from procurement process testing or other information that becomes available. High risk classification shall, at a minimum, apply to use cases for which the outputs of the system— are presumed to serve as a principal basis for a decision or action that has a legal, material, binding, or similarly significant effect, with respect to an individual or community, on— civil rights, civil liberties, or privacy; equal opportunities, including in access to education, housing, insurance, credit, employment, and other programs where civil rights and equal opportunity protections apply; or access to or the ability to apply for critical government resources or services, including healthcare, financial services, public housing, social services, transportation, and essential goods and services; or are presumed to serve as a principal basis for a decision that substantially impacts the safety of, or has the potential to substantially impact the safety of— the well-being of an individual or community, including loss of life, serious injury, bodily harm, biological or chemical harms, occupational hazards, harassment or abuse, or mental health; the environment, including irreversible or significant environmental damage; critical infrastructure, including the critical infrastructure sectors defined in Presidential Policy Directive 21, entitled Critical Infrastructure Security and Resilience (dated February 12, 2013) (or any successor directive) and the infrastructure for voting and protecting the integrity of elections; or strategic assets or resources, including high-value property and information marked as sensitive or classified by the Federal Government and controlled unclassified information. The head of each agency shall add other use cases to the high risk category, as appropriate. If a use case is not high risk, as described in subparagraph (D), the head of an agency shall have the discretion to define the risk classification. If an agency identifies, through testing, adverse incident, or other means or information available to the agency, that a use or outcome of an artificial intelligence use case is a clear threat to human safety or rights that cannot be adequately or practicably mitigated, the agency shall identify the risk classification of that use case as unacceptable risk. The risk classification system under paragraph
(1)shall be published on a public-facing website, with the methodology used to determine different risk levels and examples of particular use cases for each category in language that is easy to understand to the people affected by the decisions and outcomes of artificial intelligence. This section shall take effect on the date that is 180 days after the date of enactment of this Act, on and after which an agency that has not complied with the requirements of this section may not develop, procure or obtain, or use artificial intelligence until the agency complies with such requirements.
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.