Skip to main content
Trending Topics
Featured Insights
View All Services
View All Industries
About Us Overview
    • Home
    • Insights
    • Bills in US Congress Would Require Federal Agencies and Vendors to Implement NIST AI Framework
      January 29, 2024

      Bills in US Congress Would Require Federal Agencies and Vendors to Implement NIST AI Framework

      Authors:
      Generate PDF
      Share

      Bipartisan, bicameral legislation in the US Congress would mandate the use of the National Institute of Standards and Technology’s (“NIST”) Artificial Intelligence Risk Management Framework (“Framework”) by federal agencies. H.R. 6936, the Federal Artificial Intelligence Risk Management Act of 2024, was introduced in the House earlier this month by Representatives Ted Lieu (D-CA-36), Zachary Nunn (R-IA-3), Donald Beyer (D-VA-08), and Marcus Molinaro (R-NY-19). Companion legislation, S. 3205, was introduced in the US Senate late last year by Senators Jerry Moran (R-KS) and Mark Warner (D-VA).

      Legislative Language

      Within one year of enactment, the bills would require the NIST Director to issue guidance for federal agencies to incorporate the Framework into their artificial intelligence risk management efforts. Of note, the bills would require the NIST guidance to include standards by which a supplier would have to attest compliance in order to be eligible for a federal artificial intelligence contract award. Within six months, the Office of Management and Budget would have to require the implementation of the Framework by federal agencies.

      Under the bills, “artificial intelligence” is defined as:

      … a machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations or decisions influencing real or virtual environments. Artificial intelligence systems use machine and human-based inputs to-

      (A) perceive real and virtual environments;

      (B) abstract such perceptions into models through analysis in an automated manner; and

      (C) use model inference to formulate options for information or action.

      Impacts on Federal Vendors

      Importantly, the bills would require vendors to federal agencies to adhere to the Framework. Specifically, the Administrator of Federal Procurement Policy would be required to issue draft contract language to federal agencies for use in procurement with suppliers of artificial intelligence. This language would require suppliers to adhere to specified actions that are “consistent with the Framework” (although the bills do not specify what these actions will be) and provide “appropriate access to data, models, and parameters…to enable sufficient test and evaluation, verification, and validation.”

      Additionally, within a year of enactment, the Federal Acquisition Regulatory (“FAR”) Council would be required to issue regulations establishing requirements for the acquisition of artificial intelligence products, services, tools, and systems. Within this timeframe, the FAR Council would also be required to issue regulations creating standard solicitation provisions and contract clauses applicable to artificial intelligence acquisitions. These regulations would provide for risk-based compliance with the Framework.

      Considerations for the Private Sector

      The Framework, which was issued in January 2023, provides a set of voluntary best practices to the private sector for the development and use of artificial intelligence systems. It provides guidelines to identify risk stemming from artificial intelligence activities, as well as suggested processes to assess and manage that risk.

      If enacted, the legislation would mark a significant shift by requiring the use of aspects of the Framework by private sector vendors to the federal government. Should the bills become law, federal vendors in the artificial intelligence space will need to rapidly develop adequate policies and procedures to ensure compliance with the Framework. A failure to do so could render the vendor ineligible to receive artificial intelligence-related contract awards. Private sector parties should pay close attention to any action on the bills by either the House of Representatives or the Senate. As evidenced by the bipartisan nature of the legislation in both chambers, congressional support exists for implementing artificial intelligence requirements on the private sector, and these bills may provide the basis to do so.

      Authors

      Related Content

      Related Services & Industries

      Stay Up To Date With Our Insights

      See how we use a multidisciplinary, integrated approach to meet our clients' needs.
      Subscribe

      Follow us

      © 2024 Mayer Brown

       

       

      Mayer Brown is a global services provider comprising associated legal practices that are separate entities, including Mayer Brown LLP (Illinois, USA), Mayer Brown International LLP (England & Wales), Mayer Brown (a Hong Kong partnership) and Tauil & Chequer Advogados (a Brazilian law partnership) and non-legal service providers, which provide consultancy services (collectively, the “Mayer Brown Practices”). The Mayer Brown Practices are established in various jurisdictions and may be a legal person or a partnership. PK Wong & Nair LLC (“PKWN”) is the constituent Singapore law practice of our licensed joint law venture in Singapore, Mayer Brown PK Wong & Nair Pte. Ltd. Details of the individual Mayer Brown Practices and PKWN can be found in the Legal Notices section of our website.

      “Mayer Brown” and the Mayer Brown logo are trademarks of Mayer Brown.

      Attorney Advertising. Prior results do not guarantee a similar outcome.