Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 119th Congress · H.R. 8516 (Introduced in House) — To make certain improvements relating to artificial intelligence, and for other purposes. · Sec. 321

Sec. 321. Activities to support voluntary vulnerability and incident tracking associated with artificial intelligence

796 words·~4 min read·/bill/119/hr/8516/ih/section-321

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Director of the National Institute of Standards and Technology, in coordination with industry stakeholders, standards development organizations, and appropriate Federal agencies, as appropriate, shall carry out the following: Establish or identify common definitions and any characteristics of artificial intelligence security vulnerabilities that make utilization of the National Vulnerability Database inappropriate for the management of such vulnerabilities, and develop processes and procedures for vulnerability management of such vulnerabilities.
Support the development of standards and guidance for technical vulnerability management processes related to artificial intelligence. Consistent with paragraphs
(1)and (2), as appropriate, initiate a process to update the Institute’s processes and procedures associated with the National Vulnerability Database to ensure such Database and associated vulnerability management processes incorporate artificial intelligence security vulnerabilities to the greatest extent practicable. The Director of the National Institute of Standards and Technology, in consultation with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, shall convene a multi-stakeholder process to consider the development of a process relating to the voluntary collection, reporting, and tracking of substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents. In carrying out paragraph (1), the Director of the National Institute of Standards and Technology shall convene appropriate representatives of industry, academia, nonprofit organizations, standards development organizations, civil society groups, Sector Risk Management Agencies, and appropriate Federal departments and agencies to carry out the following: Establish common definitions and characterizations for relevant aspects of substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents, which may include the following: Classifications that sufficiently differentiate between the following: Artificial intelligence security incidents. Artificial intelligence safety incidents. Taxonomies to classify incidents referred to in clause
(i)based on relevant characteristics, impacts, or other appropriate criteria. Assess the usefulness and cost-effectiveness of an effort to voluntarily track substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents. Identify and provide guidelines, best practices, methodologies, procedures, and processes for tracking and reporting substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents across different sectors and use cases. Support the development of standardized reporting and documentation mechanisms, including automated mechanisms, that would help provide information, including public information, regarding substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents. Support the development of norms for reporting of substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents, taking into account when it is appropriate to publicly disclose such incidents. Not later than three years after the date of the enactment of this Act, the Director of the National Institute of Standards and Technology shall submit to Congress a report on a process relating to the voluntary collection, reporting, and tracking of substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents under paragraph (1). Such report shall include the following: Findings from the multi-stakeholder process referred to in such paragraph. An assessment of and recommendations for establishing reporting and collection mechanisms by which industry, academia, nonprofit organizations, standards development organizations, civil society groups, and appropriate public sector entities may voluntarily share standardized information regarding substantial artificial intelligence security incidents and substantial artificial intelligence safety incidents. Nothing in this section provides the Director of the National Institute of Standards and Technology with any enforcement authority that was not in effect on the day before the date of the enactment of this section. In this section: The term artificial intelligence has the meaning given such term in section 5002 of the National Artificial Intelligence Initiative Act of 2020 ( 15 U.S.C. 9401 ). The term artificial intelligence security vulnerability means a weakness in an artificial intelligence system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source. The term artificial intelligence system — means any data system, software, application, tool, or utility that operates in whole or in part using dynamic or static machine learning algorithms or other forms of artificial intelligence, whether— the data system, software, application, tool, or utility is established primarily for the purpose of researching, developing, or implementing artificial intelligence technology; or artificial intelligence capability is integrated into another system or agency business process, operational activity, or technology system; and does not include any common commercial product within which artificial intelligence is embedded, such as a word processor or map navigation system. The term nonprofit organization has the meaning given such term in section 201 of title 35, United States Code. The term Sector Risk Management Agency has the meaning given such term in section 2200 of the Homeland Security Act of 2002 ( 6 U.S.C. 650 ). The term threat source means any of the following: An intent and method targeted at the intentional exploitation of a vulnerability. A situation and method that may accidentally trigger a vulnerability.
Connectionstraces to 2
Traces to 2 documents
Citation graph
cites case law
Sec. 321
Activities to support voluntary vulnerability and incident tracking associated with artificial intelligence
U.S.C.§ 9401
U.S.C.§ 650
Cites 2Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.