<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="billres.xsl"?>
<!DOCTYPE bill PUBLIC "-//US Congress//DTDs/bill.dtd//EN" "bill.dtd">
<bill bill-stage="Introduced-in-House" dms-id="H0325A834F36A4ACA96042364E03A5204" public-private="public" key="H" bill-type="olc"><metadata xmlns:dc="http://purl.org/dc/elements/1.1/">
<dublinCore>
<dc:title>119 HR 9333 IH: AI Flaw Reporting and Security Enhancement Act</dc:title>
<dc:publisher>U.S. House of Representatives</dc:publisher>
<dc:date>2026-06-18</dc:date>
<dc:format>text/xml</dc:format>
<dc:language>EN</dc:language>
<dc:rights>Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.</dc:rights>
</dublinCore>
</metadata>
<form>
<distribution-code display="yes">I</distribution-code><congress display="yes">119th CONGRESS</congress><session display="yes">2d Session</session><legis-num display="yes">H. R. 9333</legis-num><current-chamber>IN THE HOUSE OF REPRESENTATIVES</current-chamber><action display="yes"><action-date date="20260618">June 18, 2026</action-date><action-desc><sponsor name-id="R000305">Ms. Ross</sponsor> (for herself, <cosponsor name-id="H001100">Mr. Hurd of Colorado</cosponsor>, and <cosponsor name-id="B001292">Mr. Beyer</cosponsor>) introduced the following bill; which was referred to the <committee-name committee-id="HSY00">Committee on Science, Space, and Technology</committee-name></action-desc></action><legis-type>A BILL</legis-type><official-title display="yes">To direct the Director of the National Institute of Standards and Technology to develop a program for the voluntary reporting of artificial intelligence flaws and the acceleration of detection and monitoring of such flaws, and for other purposes.</official-title></form><legis-body id="H304C7CA0B47544F1A257A65EA51F7507" style="OLC"> 
<section id="H882FD65B00EF4EC8AB4B4E84C1E7F0EC" section-type="section-one"><enum>1.</enum><header>Short title</header><text display-inline="no-display-inline">This Act may be cited as the <quote><short-title>AI Flaw Reporting and Security Enhancement Act</short-title></quote>.</text></section> <section id="H07C53D12EB6C48178A227F5448466096"><enum>2.</enum><header>Supporting voluntary reporting of artificial intelligence flaws</header> <subsection id="H9BE177A5BF804E3391F9ECD9C6C27D5F" commented="no"><enum>(a)</enum><header>In general</header><text>The Director of the National Institute of Standards and Technology (NIST), in consultation with the Director of the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security, shall carry out a program to support the voluntary reporting, collection, and tracking of artificial intelligence flaws (in this section referred to as the <quote>program</quote>).</text></subsection> 
<subsection id="H5F8351503BAD49779D1484F510542BE5" commented="no"><enum>(b)</enum><header>Activities</header><text>In carrying out the program, the Director of the NIST shall seek to convene appropriate representatives of industry, academia, nonprofit organizations, standards development organizations, civil society groups, and appropriate Federal departments and agencies to carry out the following:</text> <paragraph id="H1656B6DC4EBE41AFBE97801460049133" commented="no"><enum>(1)</enum><text>Establish common definitions and characterizations for relevant aspects relating to artificial intelligence flaws, including consideration of the following:</text> 
<subparagraph id="H3AC8AB8FEB0F42B9B4B04A412142B269" commented="no"><enum>(A)</enum><text>Definitions of the following terms, as such terms relate to artificial intelligence:</text> <clause id="HAF8D2751208F4B24AD37832385E3F3B4" commented="no"><enum>(i)</enum><text>Vulnerabilities.</text></clause> 
<clause id="H2CAD05DA738042EC9BB4FC75E36865A0" commented="no"><enum>(ii)</enum><text>Failure modes.</text></clause> <clause id="H40B72889EDDB41CB88BA48C8E84CDE65" commented="no"><enum>(iii)</enum><text>Accidents.</text></clause> 
<clause id="H8810A924A44B4A33B9D8485D8B10D30B" commented="no"><enum>(iv)</enum><text>Failures.</text></clause> <clause id="H9A17B1A2FBFC446EA1A0E556710E1277" commented="no"><enum>(v)</enum><text>Hazards.</text></clause> 
<clause id="H8575E12B8FBE48F3B97440C1539CBD63" commented="no"><enum>(vi)</enum><text>Catastrophes.</text></clause> <clause id="H3142F3A1CF5446B0B918F2A7E4B6F81C" commented="no"><enum>(vii)</enum><text>Misuse.</text></clause> 
<clause id="H9E2B9F5BEA0C44DF8300E17DA33CDB06"><enum>(viii)</enum><text>Incidents.</text></clause> <clause id="H4E3DEC2E967E4D8DB15535FEA98103AE" commented="no"><enum>(ix)</enum><text>Adverse events.</text></clause></subparagraph> 
<subparagraph id="HBB9F7BC5A8A949C79D02CEA6F11A69BC" commented="no"><enum>(B)</enum><text display-inline="yes-display-inline">Taxonomies to classify such artificial intelligence flaws based on relevant characteristics, impacts, or other appropriate criteria to enable the management and prioritization of such flaws, including the following:</text> <clause id="HAAE9C0821E574AAB98AF3B3882FD1B79" commented="no"><enum>(i)</enum><text>Artificial intelligence security-related flaws.</text></clause> 
<clause id="HF0E650E67EF849BE9D4A4318E1565C4D" commented="no"><enum>(ii)</enum><text>Artificial intelligence safety-related flaws.</text></clause></subparagraph> </paragraph> <paragraph id="H4D24768A24CD452F849AF5EA8AEFF4AC" commented="no"><enum>(2)</enum><text>Support the development of technical standards and guidance related to artificial intelligence flaws and processes for managing such flaws.</text></paragraph> 
<paragraph id="H16BEF40173B64281978B7956DE677702" commented="no"><enum>(3)</enum><text>Support the development of methods, which may include measures of severity or risk associated with artificial intelligence flaws, to enable prioritization of remediation activities of such flaws.</text></paragraph> <paragraph id="H4FCF711FB73442F1895E5D102C96F4D3" commented="no"><enum>(4)</enum><text>Support the development of technical approaches which accelerate detection and monitoring of artificial intelligence flaws.</text></paragraph> 
<paragraph id="H1274E2DD5CED4F298691BF00F9983467" commented="no"><enum>(5)</enum><text display-inline="yes-display-inline">Identify and provide guidelines, best practices, methodologies, procedures, and processes for reporting, collecting, and tracking artificial intelligence flaws across different sectors and use cases.</text></paragraph> <paragraph id="H40AA632EC14A41B7AE55B147EE1B5181" commented="no"><enum>(6)</enum><text>Support the development of standardized reporting and documentation mechanisms, including automated mechanisms, that would help provide information, including public information, regarding artificial intelligence flaws.</text></paragraph> 
<paragraph id="H57D77AA2C51949419B41CCDF3DFDE7FD" commented="no"><enum>(7)</enum><text display-inline="yes-display-inline">Support the development of norms for appropriate disclosure and reporting of artificial intelligence flaws, including when it is appropriate to publicly disclose such flaws.</text></paragraph></subsection> <subsection id="HC34B568F3491413A940AAA193E2F1CD6"><enum>(c)</enum><header>Development of infrastructure for the measurement and monitoring of artificial intelligence flaws</header> <paragraph id="HBC081B879321462EB9B52E81817E8AC3" commented="no"><enum>(1)</enum><header>In general</header><text display-inline="yes-display-inline">In carrying out the program, the Director of NIST shall, in consultation with representatives of industry, academia, nonprofit organizations, standards development organizations, civil society groups, appropriate public sector entities, and appropriate Federal departments and agencies, develop, or enter into cooperative agreements with one or more eligible entity designated by the Director to develop, infrastructure for the voluntary reporting, collection, and tracking of artificial intelligence flaws. Such infrastructure shall include a national database of artificial intelligence flaws or the modification of an existing national database to account for such flaws, as determined appropriate by the Director. Such database may be maintained by NIST or one or more eligible entities designated by the Director</text></paragraph> 
<paragraph id="HCF5FCFA35FD04FAFA463DF0936597B2A"><enum>(2)</enum><header>Considerations</header><text>In carrying out this subsection, the Director shall consider the following:</text> <subparagraph id="H62D0BE7269E948B0A6AD711F9C2A6087"><enum>(A)</enum><text>Technical standards and best practices regarding machine-readability.</text></subparagraph> 
<subparagraph id="HBAB315744C054104BA161D4656D6205A" commented="no"><enum>(B)</enum><text>Interoperability of the infrastructure described in paragraph (1) with relevant existing standards, best practices, and systems.</text></subparagraph> <subparagraph id="H6C3546EB87B24CCBBE6CA237A89C77A0" commented="no"><enum>(C)</enum><text>Future updates to the infrastructure described in paragraph (1) that may include additional types of information and taxonomies relevant to new stakeholders and coordination mechanisms.</text></subparagraph> 
<subparagraph id="HA21D83DDDBC343E48A43B088542577E4" commented="no"><enum>(D)</enum><text>Relevant policies, procedures, and norms regarding dissemination of reported artificial intelligence flaws and public disclosures.</text></subparagraph></paragraph></subsection> <subsection id="HB7049DAB308C41A9A136F4470D1B03F6"><enum>(d)</enum><header>Report</header><text>Not later than three years after the date of the enactment of this Act, the Director of NIST shall submit to Congress a report on the implementation of this section. Such report shall include the following:</text> 
<paragraph id="H0A0135EECA744D21A6A69AF7E14ED4C9"><enum>(1)</enum><text>Findings from the multi-stakeholder activities under subsections (b) and (c).</text></paragraph> <paragraph id="H48DC397C29C444D8AAA4DF1E7C40A2E0" commented="no"><enum>(2)</enum><text>A description of the infrastructure developed pursuant to subsection (c), including a description of the national database referred to in such subsection.</text></paragraph> 
<paragraph id="H16AEB92A94A842328F22707BCAE1DE29" commented="no"><enum>(3)</enum><text>An assessment of and recommendations for establishing reporting and collection mechanisms by which industry, academia, nonprofit organizations, standards development organizations, civil society groups, and appropriate public sector entities may voluntarily share standardized information regarding artificial intelligence flaws.</text></paragraph></subsection> <subsection id="H32C5FB0C73A4450DAA54FBD7CCCB4D35"><enum>(e)</enum><header>Definitions</header><text>In this section:</text> 
<paragraph id="H3005CC3C00C640F4B281A1E9CEF717A1"><enum>(1)</enum><header>Artificial intelligence</header><text>The term <term>artificial intelligence</term> has the meaning given such term in section 5002 of the National Artificial Intelligence Initiative Act of 2020 (<external-xref legal-doc="usc" parsable-cite="usc/15/9401">15 U.S.C. 9401</external-xref>).</text></paragraph> <paragraph id="HA94349B5A6E84663BE88BC53E9ECCC79" display-inline="no-display-inline" commented="no"><enum>(2)</enum><header>Artificial intelligence flaw</header><text>The term <term>artificial intelligence flaw</term> means a set of conditions or behaviors that allow the violation of an explicit or implicit policy related to the safety, security, or other undesirable effects from use of an artificial intelligence system, including artificial intelligence vulnerabilities and artificial intelligence incidents, and which is not dependent on the presence of malicious intent or related harm.</text></paragraph> 
<paragraph id="H6B0C11C8EE5942788B298B636DDC66A0"><enum>(3)</enum><header>Artificial intelligence system</header><text>The term <term>artificial intelligence system</term> has the meaning given such term in section 7223 of the Advancing American AI Act (<external-xref legal-doc="usc" parsable-cite="usc/40/11301">40 U.S.C. 11301</external-xref> note; as enacted as part of title LXXII of division G of the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023; <external-xref legal-doc="public-law" parsable-cite="pl/117/263">Public Law 117–263</external-xref>).</text></paragraph> <paragraph id="HC43184E3F69049C28C4EBBEB26945FB0" commented="no"><enum>(4)</enum><header>Eligible entity</header><text display-inline="yes-display-inline">The term <term>eligible entity</term> means an institution of higher education (as such term is defined in section 101(a) of the Higher Education Act of 1965 (<external-xref legal-doc="usc" parsable-cite="usc/20/1001">20 U.S.C. 1001</external-xref>)), a research institution (as such term is defined in section 9 of the Small Business Act (<external-xref legal-doc="usc" parsable-cite="usc/15/638">15 U.S.C. 638(e)(8)</external-xref>), or consortia thereof.</text></paragraph> </subsection></section> 
</legis-body></bill>

