Sec. 4. Procurement of artificial intelligence
740 words·~3 min read·
/bill/118/s/4495/rs/section-4A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Not later than 1 year after the date of enactment of this Act, the Federal Acquisition Regulatory Council shall review Federal Acquisition Regulation acquisition planning, source selection, and other requirements and update the Federal Acquisition Regulation as needed to ensure that agency procurement of artificial intelligence includes— a requirement to address the outcomes of the risk evaluation and impact assessments required under section 8(a); a requirement for consultation with an interdisciplinary team of agency experts prior to, and throughout, as necessary, procuring or obtaining artificial intelligence; and any other considerations determined relevant by the Federal Acquisition Regulatory Council.
The interdisciplinary team of experts described in paragraph (1)(B) may— vary depending on the use case and the risks determined to be associated with the use case; and include technologists, information security personnel, domain experts, privacy officers, data officers, civil rights and civil liberties officers, contracting officials, legal counsel, customer experience professionals, and others. The acquisition planning updates described in paragraph
(1)shall include considerations for, at minimum, as appropriate depending on the use case— data ownership and privacy; data information security; interoperability requirements; data and model assessment processes; scope of use; ongoing monitoring techniques; type and scope of artificial intelligence audits; environmental impact; and safety and security risk mitigation techniques, including a plan for how adverse event reporting can be incorporated, pursuant to section 5(g). Beginning on the date that is 1 year after the date of enactment of this Act, the head of an agency may not procure or obtain artificial intelligence for a high risk use case, as defined in section 7(a)(2)(D), prior to establishing and incorporating certain terms into relevant contracts, agreements, and employee guidelines for artificial intelligence, including— a requirement that the use of the artificial intelligence be limited to its operational design domain; requirements for safety, security, and trustworthiness, including— a reporting mechanism through which agency personnel are notified by the deployer of any adverse incident; a requirement, in accordance with section 5(g), that agency personnel receive from the deployer a notification of any adverse incident, an explanation of the cause of the adverse incident, and any data directly connected to the adverse incident in order to address and mitigate the harm; and that the agency has the right to temporarily or permanently suspend use of the artificial intelligence if— the risks of the artificial intelligence to rights or safety become unacceptable, as determined under the agency risk classification system pursuant to section 7; or on or after the date that is 180 days after the publication of the most recently updated version of the framework developed and updated pursuant to section 22(A)(c) of the National Institute of Standards and Technology Act ( 15 U.S.C. 278h–1(c) ), the deployer is found not to comply with such most recent update; requirements for quality, relevance, sourcing and ownership of data, as appropriate by use case, and applicable unless the head of the agency waives such requirements in writing, including— retention of rights to Government data and any modification to the data including to protect the data from unauthorized disclosure and use to subsequently train or improve the functionality of commercial products offered by the deployer, any relevant developers, or others; and a requirement that the deployer and any relevant developers or other parties isolate Government data from all other data, through physical separation, electronic separation via secure copies with strict access controls, or other computational isolation mechanisms; requirements for evaluation and testing of artificial intelligence based on use case, to be performed on an ongoing basis; and requirements that the deployer and any relevant developers provide documentation, as determined necessary and requested by the agency, in accordance with section 8(b). The Senior Procurement Executive, in coordination with the Chief Artificial Intelligence Officer, shall consult with technologists, information security personnel, domain experts, privacy officers, data officers, civil rights and civil liberties officers, contracting officials, legal counsel, customer experience professionals, and other relevant agency officials to review the requirements described in clauses
(i)through
(v)of subparagraph
(A)and determine whether it may be necessary to incorporate additional requirements into relevant contracts or agreements. The Federal Acquisition Regulatory Council shall revise the Federal Acquisition Regulation as necessary to implement the requirements of this subsection. This Act shall supersede any requirements that conflict with this Act under the guidance required to be produced by the Director pursuant to section 7224(d) of the Advancing American AI Act ( 40 U.S.C. 11301 note).
Connectionstraces to 1
Traces to 1 document
U.S. Code
1 reference not yet in our index
- 15 USC 278h–1(c)
Citation graph
cites case law
Cites 2Cited by 0 across 0 sources