Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 3838 (Engrossed in House) — To authorize appropriations for fiscal year 2026 for military activities of the Department of Defense, for military c... · Sec. 1531

Sec. 1531. Artificial intelligence and machine learning security in the Department of Defense

870 words·~4 min read·/bill/119/hr/3838/eh/section-1531·

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

Not later than 180 days after the date of enactment of this Act, the Secretary of Defense shall develop and implement a Department-wide policy for the cybersecurity and governance of artificial intelligence and machine learning, as well as the models for artificial intelligence and machine learning used in national defense applications. The policy required under paragraph
(1)shall address the following: Protection against security threats specific to artificial intelligence and machine learning, including model serialization attacks, model tampering, data leakage, adversarial prompt injection, model extraction, model jailbreaks, and supply chain attacks. Use of cybersecurity measures throughout the life cycle of systems using artificial intelligence or machine learning. Adoption of industry-recognized frameworks to guide the development and implementation of artificial intelligence and machine learning security best practices. Standards for governance, testing, auditing, and monitoring of systems using artificial intelligence and machine learning to ensure the integrity and resilience of such systems. Training requirements for the workforce of the Department of Defense to ensure personnel are prepared to identify and mitigate vulnerabilities that are specific to artificial intelligence and machine learning. The Secretary of Defense shall conduct a comprehensive review to identify and assess the effectiveness of the artificial intelligence and machine learning cybersecurity and governance practices of the Department of Defense. Not later than August 31, 2026, the Secretary of Defense shall submit to the Committees on Armed Services of the House of Representatives and the Senate a report on the findings of the review conducted under subparagraph (A). The report required under clause
(i)shall include— an assessment of the current security practices for artificial intelligence and machine learning across the Department of Defense; an assessment of the cybersecurity risks posed by the use of authorized and unauthorized artificial intelligence software, including models developed by companies headquartered in or operating from foreign countries of concern, by the Department; an identification of gaps in the existing security measures of the Department related to threats specific to the use of artificial intelligence and machine learning; an analysis of the potential of security management, access, and runtime capabilities for artificial intelligence in the commercial sector for use by the Department to defend system using artificial intelligence from threats, minimize data exposure resulting from the use of such systems, and maintain the trustworthiness of applications of the Department that use artificial intelligence; an evaluation of the alignment of the policies of the Department with industry frameworks; recommend actions to enhance the security, integrity, and governance of artificial intelligence and machine learning models used by the Department; and an identification of any additional authorities, resources, or legislative actions required for the Department to effectively implement artificial intelligence and machine learning model security policy required by paragraph (1). Any policy, regulation, guidance, or requirement issued by the Department of Defense relating to the use, submission, or maintenance of a software bill of materials shall also apply to an artificial intelligence software bill of materials, to the extent practicable, for all artificial intelligence systems, models, and software used, developed, or procured by the Department. Not later than 180 days after the date of enactment of this Act, the Secretary of Defense, acting through the Chief Digital and Artificial Intelligence Officer of the Department of Defense and Chief Information Officer of the Department of Defense, shall revise the regulations, guidance, and policies of the Department of Defense to comply with paragraph (1), including guidance and standards for artificial intelligence software bill of materials, in accordance with the best practices for software bill of materials. Not later than one year after the date of the enactment of this Act, the Secretary of the Department of Defense shall submit to the Committees on Armed Services of the House of Representatives and the Senate a report on— the status of the implementation of requirements for artificial intelligence software bill of materials under this subsection, including challenges, recommendations, and potential legislative or regulatory modifications needed to enhance the effectiveness of such implementation; the feasibility and necessity to update Department of Defense Instruction 5000.87, Operation of the Software Acquisition Pathway (October 2, 2020) and the software acquisition pathway established under section 3603 of title 10, United States Code, with requirements for artificial intelligence software bill of materials and more detailed software bill of materials in the procurement of software, hardware, artificial intelligence technologies, and cryptographic technologies; and the estimated costs for the implementation of the policies for artificial intelligence software bill of materials and more detailed software bill of materials required under this subsection and described in subparagraph (B), including for any new systems or investments required to support greater implementation and adoption by the Department of Defense of artificial intelligence. In this section: The terms artificial intelligence and machine learning have the meanings given such terms, respectively, in section 5001 of the National Artificial Intelligence Initiative Act of 2020 ( 15 U.S.C. 9401 ). The term artificial intelligence software bill of materials means the records kept in the normal course of business that identify each component, library, and dependency comprising an artificial intelligence software application. The term software bill of materials means the records kept in the normal course of business that identify each component, library, and dependency comprising a software application.
Connectionstraces to 1
Traces to 1 document
Citation graph
cites case law
Sec. 1531
Artificial intelligence and machine learning security in the Department of Defense
U.S.C.§ 9401
Cites 1Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.