[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 8819 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 8819
To require Federal agencies to use the Artificial Intelligence Risk
Management Framework developed by the National Institute of Standards
and Technology with respect to the use of artificial intelligence.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
May 14, 2026
Mr. Lieu (for himself, Mr. Nunn of Iowa, and Mr. Beyer) introduced the
following bill; which was referred to the Committee on Science, Space,
and Technology
_______________________________________________________________________
A BILL
To require Federal agencies to use the Artificial Intelligence Risk
Management Framework developed by the National Institute of Standards
and Technology with respect to the use of artificial intelligence.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Federal Artificial Intelligence Risk
Management Act of 2026''.
SEC. 2. STANDARDS FOR ARTIFICIAL INTELLIGENCE SYSTEMS.
(a) In General.--Title LIII of division E of the William M. (Mac)
Thornberry National Defense Authorization Act for Fiscal Year 2021
(Public Law 116-283) is amended by adding at the end the following new
section:
``SEC. 5304. STANDARDS FOR ARTIFICIAL INTELLIGENCE SYSTEMS.
``(a) In General.--The Director of the National Institute of
Standards and Technology, in consultation with the Director of the
Office of Management and Budget and the heads of other Federal
agencies, as appropriate, shall--
``(1) develop Federal standards and guidelines, including
minimum requirements, for artificial intelligence systems used
or operated by an agency or by a contractor of an agency or
other organization on behalf of an agency, other than national
security systems (as defined in section 3552(b)(6) of title 44,
United States Code);
``(2) develop standards and guidelines, including minimum
requirements, for managing risks associated with the
trustworthiness of artificial intelligence systems for all
agency operations and assets, but such standards and guidelines
shall not apply to national security systems;
``(3) develop standards and guidelines, including minimum
requirements, for authenticating, tracking provenance of, and
labeling synthetic content generated by an agency or by a
contractor of an agency or other organization on behalf of an
agency, other than national security systems; and
``(4) conduct research and analysis pursuant to section
5301 of this Act to inform the development of standards and
guidelines for activities described in this section.
``(b) Standards and Guidelines.--In developing the standards and
guidelines required by subsections (a), the Director shall--
``(1) provide standards, guidelines, and best practices
consistent with the framework established under section 22A(c)
of the National Institute of Standards and Technology Act (15
U.S.C. 278h-1(c)), as appropriate, and tools that Federal
agencies can use to leverage the framework to reduce risks
caused by agency implementation in the development,
procurement, and use of artificial intelligence systems;
``(2) to the extent practicable, provide standards and
guidelines that--
``(A) are consistent with the framework, successor
document, or Federal standard that is functionally
equivalent to the framework;
``(B) are consistent with Circular A-119 of the
Office of Management and Budget; and
``(C) enable conformity assessment;
``(3) recommend training on standards and guidelines for
each agency responsible for procuring artificial intelligence
systems;
``(4) identify or develop, and as appropriate periodically
revise, performance indicators and measures that support the
implementation of standards and guidelines for agency
artificial intelligence systems;
``(5) provide guidelines for developing profiles for agency
use of artificial intelligence systems consistent with the
framework;
``(6) evaluate policies and practices developed for
artificial intelligence systems that are national security
systems to assess potential application by agencies to
strengthen risk management of artificial intelligence systems;
and
``(7) periodically assess the effectiveness of standards
and guidelines developed under this section and undertake
revisions as appropriate.
``(c) Readiness.--For standards and guidelines developed pursuant
to subsection (a) that are deemed by the Director to be at a readiness
level sufficient for widespread adoption by Federal agencies, the
Director--
``(1) shall submit said Federal standards and guidelines to
the Secretary of Commerce for promulgation under section 11331
of title 40, United States Code;
``(2) where practicable and appropriate, shall provide
technical review and assistance to Federal agencies, including
assisting Federal agencies in assessing the effectiveness and
sufficiency of implementation of standards and guidelines
developed under this section; and
``(3) shall evaluate the effectiveness and sufficiency of,
and challenges to, Federal agencies implementation of Federal
standards and guidelines developed under this section and
Federal standards and guidelines promulgated under section
11331 of title 40, United States Code.
``(d) Testing and Evaluation of Artificial Intelligence
Acquisitions.--
``(1) Study.--Subject to the availability of
appropriations, the Director shall conduct a gap analysis to
review the existing and forthcoming voluntary technical
standards for the testing, evaluation, verification, and
validation related to acquisitions of an artificial
intelligence system or service.
``(2) Standards for testing and evaluation.--After the date
of the completion of the study required by paragraph (1), the
Director shall--
``(A) convene relevant stakeholders to facilitate
the development of standards for the testing,
evaluation, verification, and validation related to
acquisitions of an artificial intelligence system or
service;
``(B) develop and periodically update standards and
guidelines for testing, evaluation, verification, and
validation related to acquisitions of an artificial
intelligence system or service pursuant to subsection
(a); and
``(C) when determined by the Director to be at a
readiness level sufficient for widespread adoption by
Federal agencies, submit standards and guidelines to
the Secretary of Commerce for promulgation under
section 11331 of title 40, United States Code.
``(3) Report.--Not later than 90 days after the date on
which the Director conducts the analysis described in paragraph
(1), the Director shall submit a report to the Committee on
Science, Space, and Technology of the House of Representatives
and the Committee on Commerce, Science, and Transportation of
the Senate that includes--
``(A) the gap analysis described in paragraph (1);
and
``(B) a plan for activities described in paragraph
(2).
``(e) Definitions.--In this section:
``(1) Agency.--The term `agency' means any department,
independent establishment, Government corporation, or other
agency of the executive branch of the Federal Government.
``(2) Artificial intelligence system.--The term `artificial
intelligence system' means--
``(A) any system that meets the definition given
the term `artificial intelligence' in section 5002 of
the William M. (Mac) Thornberry National Defense
Authorization Act for Fiscal Year 2021 (15 U.S.C.
9401); or
``(B) any data system, software, hardware,
application, tool, or utility that operates, in whole
or in part, using a system described by subparagraph
(A).
``(4) Director.--The term `Director' means the Director of
the National Institute of Standards and Technology.
``(5) Framework.--The term `framework' means document
number NIST AI 100-1 of the National Institute of Standards and
Technology entitled `Artificial Intelligence Risk Management
Framework', or any successor document.
``(6) Profile.--The term `profile' means an implementation
of the artificial intelligence risk management functions,
categories, and subcategories for a specific setting or
application based on the requirements, risk tolerance, and
resources of the framework user.
``(7) Synthetic content.--The term `synthetic content'
means information, such as images, videos, audio clips, and
text, that has been significantly modified or generated by
algorithms, including by artificial intelligence systems.''.
(b) Clerical Amendment.--The table of contents in section 2 and
title LIII of division E of the William M. (Mac) Thornberry National
Defense Authorization Act for Fiscal Year 2021 (Public Law 116-283) are
each amended by inserting after the item relating to section 5303 the
following new item:
``Sec. 5304. Standards for artificial intelligence systems.''.
<all>