Legislation
SECTION 1422
Reporting
General Business (GBS) CHAPTER 20, ARTICLE 44-B
* § 1422. Reporting. 1. The office shall establish a mechanism to be
used by a frontier developer or a member of the public to report a
critical safety incident that includes all of the following:
(a) the date of the critical safety incident;
(b) the reasons the incident qualifies as a critical safety incident;
(c) a short and plain statement describing the critical safety
incident; and
(d) whether the incident was associated with internal use of a
frontier model.
2. (a) A large frontier developer shall transmit to the office a
summary of any assessment of catastrophic risk resulting from internal
use of its frontier models every three months or pursuant to another
reasonable schedule requested by the large frontier developer,
communicated in writing to the office with written updates, as
appropriate, and agreed upon by the office. The office shall establish a
mechanism to be used by a large frontier developer to confidentially
submit summaries of any assessments of the potential for catastrophic
risk resulting from internal use of its frontier models.
(b) The office shall take all reasonable precautions to limit access
to any reports related to internal use of frontier models to only
personnel authorized to know the information and to protect the reports
from unauthorized access.
3. (a) Subject to paragraph (b) of this subdivision, a frontier
developer shall report any critical safety incident pertaining to one or
more of its frontier models to the office within seventy-two hours from
a determination that a critical safety incident has occurred or within
seventy-two hours of the frontier developer learning facts sufficient to
establish a reasonable belief that a critical safety incident has
occurred.
(b) If a frontier developer discovers that a critical safety incident
poses an imminent risk of death or serious physical injury, the frontier
developer shall disclose that incident within twenty-four hours to an
authority, including any law enforcement agency or public safety agency
with jurisdiction, that is appropriate based on the nature of that
incident and as required by law.
(c) A frontier developer that discovers information about a critical
safety incident after filing the initial report required by this
subdivision may file an amended report.
4. The office shall review critical safety incident reports submitted
by frontier developers and may review reports submitted by members of
the public.
5. (a) The office may transmit reports of critical safety incidents or
summaries of any assessments of catastrophic risk from internal use of
frontier models to other governmental entities at their discretion,
considering for example and without limitation the following: the
severity of any such incident, potential ongoing risks, legal or
regulatory obligations, the need for coordinating with other
governmental agencies or other entities and the availability of
information. The office shall consider transmitting such reports or
summaries to the office of the attorney general, as appropriate. Any
report transmitted from the office to another governmental entity shall
be exempt from disclosure under article six of the public officers law.
(b) The office may consider, at its discretion, any risks related to
trade secrets, public safety, cybersecurity of a frontier developer, or
national security when transmitting reports.
6. A report of a critical safety incident submitted to the office
pursuant to this section and a report of assessments of catastrophic
risk from internal use pursuant to section fourteen hundred twenty-one
of this article, are exempt from disclosure under article six of the
public officers law.
7. (a) Beginning January first, two thousand twenty-eight, and
annually thereafter, the office shall produce a report, that includes
the following:
(i) anonymized and aggregated information about critical safety
incidents that have been reviewed by the office since the preceding
report;
(ii) any information that the office deems relevant to frontier model
safety;
(iii) recommended updates to this article, if any; and
(iv) any developments relevant to the purposes of this article.
(b) The office shall not include information in a report pursuant to
this subdivision that would compromise the trade secrets or
cybersecurity of a frontier developer, public safety, or the national
security of the United States or that would be prohibited by any federal
or state law.
(c) The office shall transmit a report pursuant to this subdivision to
the governor, the temporary president and minority leader of the senate,
the speaker and minority leader of the assembly, the chair and ranking
member of the senate committee on internet and technology, and the chair
and ranking member of the assembly committee on science and technology.
8. The office may adopt regulations designating one or more federal
laws, regulations, or guidance documents that meet all of the following
conditions for the purposes of subdivision nine of this section:
(a) (i) the law, regulation, or guidance document imposes or states
standards or requirements for critical safety incident reporting that
are substantially equivalent to, or stricter than, those required by
subdivision three of this section; and
(ii) the law, regulation, or guidance document described in
subparagraph (i) of this paragraph does not need to require critical
safety incident reporting to the state of New York; and
(b) the law, regulation, or guidance document is intended to assess,
detect, or mitigate the catastrophic risk.
9. (a) A frontier developer that intends to comply with subdivision
three of this section by complying with the requirements of, or meeting
the standards stated by, a federal law, regulation, or guidance document
designated pursuant to subdivision eight of this section shall declare
its intent to do so to the office.
(b) After a frontier developer has declared its intent pursuant to
paragraph (a) of this subdivision, the following shall apply:
(i) the frontier developer shall be deemed in compliance with
subdivision three of this section to the extent that the frontier
developer meets the standards of, or complies with the requirements
imposed or stated by, the designated federal law, regulation, or
guidance document until the frontier developer declares the revocation
of that intent to the office or the office revokes a relevant regulation
pursuant to subdivision ten of this section;
(ii) the failure by a frontier developer to meet the standards of, or
comply with the requirements stated by, the federal law, regulation, or
guidance document designated pursuant to subdivision eight of this
section shall constitute a violation of this article; and
(iii) frontier developers who comply with subdivision three of this
section by meeting such federal standards shall send copies of any
critical safety incident reports required by such federal standards to
the office concurrently with sending them to federal authorities.
10. The office shall revoke a regulation adopted under subdivision
eight of this section if the requirements of subdivision eight of this
section are no longer met.
* NB Effective January 1, 2027
used by a frontier developer or a member of the public to report a
critical safety incident that includes all of the following:
(a) the date of the critical safety incident;
(b) the reasons the incident qualifies as a critical safety incident;
(c) a short and plain statement describing the critical safety
incident; and
(d) whether the incident was associated with internal use of a
frontier model.
2. (a) A large frontier developer shall transmit to the office a
summary of any assessment of catastrophic risk resulting from internal
use of its frontier models every three months or pursuant to another
reasonable schedule requested by the large frontier developer,
communicated in writing to the office with written updates, as
appropriate, and agreed upon by the office. The office shall establish a
mechanism to be used by a large frontier developer to confidentially
submit summaries of any assessments of the potential for catastrophic
risk resulting from internal use of its frontier models.
(b) The office shall take all reasonable precautions to limit access
to any reports related to internal use of frontier models to only
personnel authorized to know the information and to protect the reports
from unauthorized access.
3. (a) Subject to paragraph (b) of this subdivision, a frontier
developer shall report any critical safety incident pertaining to one or
more of its frontier models to the office within seventy-two hours from
a determination that a critical safety incident has occurred or within
seventy-two hours of the frontier developer learning facts sufficient to
establish a reasonable belief that a critical safety incident has
occurred.
(b) If a frontier developer discovers that a critical safety incident
poses an imminent risk of death or serious physical injury, the frontier
developer shall disclose that incident within twenty-four hours to an
authority, including any law enforcement agency or public safety agency
with jurisdiction, that is appropriate based on the nature of that
incident and as required by law.
(c) A frontier developer that discovers information about a critical
safety incident after filing the initial report required by this
subdivision may file an amended report.
4. The office shall review critical safety incident reports submitted
by frontier developers and may review reports submitted by members of
the public.
5. (a) The office may transmit reports of critical safety incidents or
summaries of any assessments of catastrophic risk from internal use of
frontier models to other governmental entities at their discretion,
considering for example and without limitation the following: the
severity of any such incident, potential ongoing risks, legal or
regulatory obligations, the need for coordinating with other
governmental agencies or other entities and the availability of
information. The office shall consider transmitting such reports or
summaries to the office of the attorney general, as appropriate. Any
report transmitted from the office to another governmental entity shall
be exempt from disclosure under article six of the public officers law.
(b) The office may consider, at its discretion, any risks related to
trade secrets, public safety, cybersecurity of a frontier developer, or
national security when transmitting reports.
6. A report of a critical safety incident submitted to the office
pursuant to this section and a report of assessments of catastrophic
risk from internal use pursuant to section fourteen hundred twenty-one
of this article, are exempt from disclosure under article six of the
public officers law.
7. (a) Beginning January first, two thousand twenty-eight, and
annually thereafter, the office shall produce a report, that includes
the following:
(i) anonymized and aggregated information about critical safety
incidents that have been reviewed by the office since the preceding
report;
(ii) any information that the office deems relevant to frontier model
safety;
(iii) recommended updates to this article, if any; and
(iv) any developments relevant to the purposes of this article.
(b) The office shall not include information in a report pursuant to
this subdivision that would compromise the trade secrets or
cybersecurity of a frontier developer, public safety, or the national
security of the United States or that would be prohibited by any federal
or state law.
(c) The office shall transmit a report pursuant to this subdivision to
the governor, the temporary president and minority leader of the senate,
the speaker and minority leader of the assembly, the chair and ranking
member of the senate committee on internet and technology, and the chair
and ranking member of the assembly committee on science and technology.
8. The office may adopt regulations designating one or more federal
laws, regulations, or guidance documents that meet all of the following
conditions for the purposes of subdivision nine of this section:
(a) (i) the law, regulation, or guidance document imposes or states
standards or requirements for critical safety incident reporting that
are substantially equivalent to, or stricter than, those required by
subdivision three of this section; and
(ii) the law, regulation, or guidance document described in
subparagraph (i) of this paragraph does not need to require critical
safety incident reporting to the state of New York; and
(b) the law, regulation, or guidance document is intended to assess,
detect, or mitigate the catastrophic risk.
9. (a) A frontier developer that intends to comply with subdivision
three of this section by complying with the requirements of, or meeting
the standards stated by, a federal law, regulation, or guidance document
designated pursuant to subdivision eight of this section shall declare
its intent to do so to the office.
(b) After a frontier developer has declared its intent pursuant to
paragraph (a) of this subdivision, the following shall apply:
(i) the frontier developer shall be deemed in compliance with
subdivision three of this section to the extent that the frontier
developer meets the standards of, or complies with the requirements
imposed or stated by, the designated federal law, regulation, or
guidance document until the frontier developer declares the revocation
of that intent to the office or the office revokes a relevant regulation
pursuant to subdivision ten of this section;
(ii) the failure by a frontier developer to meet the standards of, or
comply with the requirements stated by, the federal law, regulation, or
guidance document designated pursuant to subdivision eight of this
section shall constitute a violation of this article; and
(iii) frontier developers who comply with subdivision three of this
section by meeting such federal standards shall send copies of any
critical safety incident reports required by such federal standards to
the office concurrently with sending them to federal authorities.
10. The office shall revoke a regulation adopted under subdivision
eight of this section if the requirements of subdivision eight of this
section are no longer met.
* NB Effective January 1, 2027