[Congressional Record Volume 170, Number 115 (Thursday, July 11, 2024)]
[Senate]
[Page S5077]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

  SA 2857. Mr. SCHUMER (for himself and Mr. Heinrich) submitted an 
amendment intended to be proposed by him to the bill S. 4638, to 
authorize appropriations for fiscal year 2025 for military activities 
of the Department of Defense, for military construction, and for 
defense activities of the Department of Energy, to prescribe military 
personnel strengths for such fiscal year, and for other purposes; which 
was ordered to lie on the table; as follows:

       At the appropriate place in title X, insert the following:

     SEC. ___. PHYSICAL AND CYBERSECURITY REQUIREMENTS FOR 
                   DATACENTERS STORING FRONTIER ARTIFICIAL 
                   INTELLIGENCE MODELS.

       (a) Definitions.--In this section:
       (1) Artificial intelligence.--The term ``artificial 
     intelligence'' has the meaning given such term in section 238 
     of the John S. McCain National Defense Authorization Act for 
     Fiscal year 2019 (Public Law 115-232; 10 U.S.C. note prec. 
     4061).
       (2) Covered artificial intelligence firm.--The term 
     ``covered artificial intelligence firm'' means a person who 
     engages in the development, deployment, or management of 
     artificial intelligence technologies which the President 
     designates as critical to national security, economic 
     stability, or public safety.
       (3) Executive agency.--The term ``Executive agency'' has 
     the meaning given such term in section 105 of title 5, United 
     States Code.
       (b) Findings.--Congress makes the following findings:
       (1) Model weights and related technology in the possession 
     of private artificial intelligence firms are an invaluable 
     national resource that would pose a grave threat to United 
     States national security if stolen by a foreign adversary 
     through a cyberoperation or insider threat.
       (2) Numerous foreign adversaries have the capacity to 
     engage in cyberoperations to extract important data from 
     private companies absent the most stringent cybersecurity 
     protections.
       (c) Authority for Mandatory Requirements.--
       (1) In general.--The President may develop mandatory 
     cybersecurity and insider threat protocols for all covered 
     artificial intelligence firms to address or mitigate risks 
     relating to national security, economic stability, or public 
     safety, including to protect vital national resources from 
     theft that would do grave damage to the United States.
       (2) Additional risks.--Pursuant to paragraph (1), the 
     President may develop additional protocols for subsets of 
     covered artificial intelligence firms that present additional 
     risks to national security, economic stability, or public 
     safety.
       (3) Minimum stringency.--Protocols developed under 
     paragraph (2) shall be no less stringent than ISO/IEC 27001, 
     as in effect on the day before the date of the enactment of 
     this Act.
       (d) Delegation of Authority.--
       (1) In general.--The President may delegate the authority 
     provided by subsection (c) to an Executive agency as the 
     President considers appropriate.
       (2) Waiver of certain administrative requirements.--Use of 
     authority under subsection (c) that has been delegated to an 
     Executive agency under paragraph (1) of this subsection shall 
     be exempt from the requirements of section 553 of title 5, 
     United States Code.
                                 ______