Legislation
SECTION 1421
Transparency requirements regarding frontier model training and use
General Business (GBS) CHAPTER 20, ARTICLE 44-B
* § 1421. Transparency requirements regarding frontier model training
and use. 1. Before deploying a frontier model, the large developer of
such frontier model shall do all of the following:
(a) Implement a written safety and security protocol;
(b) Retain an unredacted copy of the safety and security protocol,
including records and dates of any updates or revisions. Such unredacted
copy of the safety and security protocol, including records and dates of
any updates or revisions, shall be retained for as long as a frontier
model is deployed plus five years;
(c) (i) Conspicuously publish a copy of the safety and security
protocol with appropriate redactions and transmit a copy of such
redacted safety and security protocol to the attorney general and
division of homeland security and emergency services;
(ii) Grant the attorney general and division of homeland security and
emergency services or the attorney general access to the safety and
security protocol, with redactions only to the extent required by
federal law, upon request;
(d) Record, as and when reasonably possible, and retain for as long as
the frontier model is deployed plus five years information on the
specific tests and test results used in any assessment of the frontier
model required by this section or the developer's safety and security
protocol that provides sufficient detail for third parties to replicate
the testing procedure; and
(e) Implement appropriate safeguards to prevent unreasonable risk of
critical harm.
2. A large developer shall not deploy a frontier model if doing so
would create an unreasonable risk of critical harm.
3. A large developer shall conduct an annual review of any safety and
security protocol required by this section to account for any changes to
the capabilities of their frontier models and industry best practices
and, if necessary, make modifications to such safety and security
protocol. If any material modifications are made, the large developer
shall publish the safety and security protocol in the same manner as
required pursuant to paragraph (c) of subdivision one of this section.
4. A large developer shall disclose each safety incident affecting the
frontier model to the attorney general and division of homeland security
and emergency services within seventy-two hours of the large developer
learning of the safety incident or within seventy-two hours of the large
developer learning facts sufficient to establish a reasonable belief
that a safety incident has occurred. Such disclosure shall include: (a)
the date of the safety incident; (b) the reasons the incident qualifies
as a safety incident as defined in subdivision thirteen of section
fourteen hundred twenty of this article; and (c) a short and plain
statement describing the safety incident.
5. A large developer shall not knowingly make false or materially
misleading statements or omissions in or regarding documents produced
pursuant to this section.
* NB Effective March 19, 2026
and use. 1. Before deploying a frontier model, the large developer of
such frontier model shall do all of the following:
(a) Implement a written safety and security protocol;
(b) Retain an unredacted copy of the safety and security protocol,
including records and dates of any updates or revisions. Such unredacted
copy of the safety and security protocol, including records and dates of
any updates or revisions, shall be retained for as long as a frontier
model is deployed plus five years;
(c) (i) Conspicuously publish a copy of the safety and security
protocol with appropriate redactions and transmit a copy of such
redacted safety and security protocol to the attorney general and
division of homeland security and emergency services;
(ii) Grant the attorney general and division of homeland security and
emergency services or the attorney general access to the safety and
security protocol, with redactions only to the extent required by
federal law, upon request;
(d) Record, as and when reasonably possible, and retain for as long as
the frontier model is deployed plus five years information on the
specific tests and test results used in any assessment of the frontier
model required by this section or the developer's safety and security
protocol that provides sufficient detail for third parties to replicate
the testing procedure; and
(e) Implement appropriate safeguards to prevent unreasonable risk of
critical harm.
2. A large developer shall not deploy a frontier model if doing so
would create an unreasonable risk of critical harm.
3. A large developer shall conduct an annual review of any safety and
security protocol required by this section to account for any changes to
the capabilities of their frontier models and industry best practices
and, if necessary, make modifications to such safety and security
protocol. If any material modifications are made, the large developer
shall publish the safety and security protocol in the same manner as
required pursuant to paragraph (c) of subdivision one of this section.
4. A large developer shall disclose each safety incident affecting the
frontier model to the attorney general and division of homeland security
and emergency services within seventy-two hours of the large developer
learning of the safety incident or within seventy-two hours of the large
developer learning facts sufficient to establish a reasonable belief
that a safety incident has occurred. Such disclosure shall include: (a)
the date of the safety incident; (b) the reasons the incident qualifies
as a safety incident as defined in subdivision thirteen of section
fourteen hundred twenty of this article; and (c) a short and plain
statement describing the safety incident.
5. A large developer shall not knowingly make false or materially
misleading statements or omissions in or regarding documents produced
pursuant to this section.
* NB Effective March 19, 2026