The legislation has already drawn widespread criticism for its proposal to preempt state AI laws.
A bipartisan group of House lawmakers introduced legislation Thursday to regulate the development of frontier AI models, with a focus on protecting the nation from cyberattacks and fraud and building an AI-literate workforce.
The 269-page draft of the Great American Artificial Intelligence Act would require large frontier AI developers — defined as those with more than $500 million in annual revenue — to publish frameworks and reports assessing their models’ risks. The bill would codify the National Institute of Standards and Technology (NIST)’s Center for AI Standards and Innovation (CAISI) and direct it to certify “independent verification organizations” (IVOs) that would audit AI firms’ compliance with the transparency requirements.
“Large frontier developers must retain a licensed IVO to verify compliance with their framework and to ensure the adequacy of the framework and procedures,” lawmakers explained in a bill summary . “These IVOs must be granted sufficient access to company materials, and report their audits to CAISI.”
Reps. Jay Obernolte, R-Calif., and Lori Trahan, D-Mass., co-introduced the bill along with Reps. Suhas Subramanyam, D-Va.; Scott Franklin, R-Fla.; Scott Peters, D-Calif.; and Erin Houchin, R-Ind.
The measure represents one of Congress’s most ambitious AI regulatory efforts to date, and it sparked immediate controversy. Civil society organizations , AI safety advocates and labor groups criticized its preemption of state AI laws, with one advocacy group saying it would be “a generational mistake” to prevent states from “addressing emerging AI harms.” On Capitol Hill , Democrats criticized the preemption language while Republicans said regulation could undermine innovation.
In formally authorizing CAISI, the House bill would give the center a $300 million budget over fiscal years 2027-2029 and authorize it to hire “critical technical experts” at salaries above the traditional government limits.
The bill would also direct CAISI to work with the Cybersecurity and Infrastructure Security Agency (CISA) on open-source security. CISA would have to award grants to U.S.-based developers of critical open-source packages to help them with patching, security evaluations and regular maintenance. The bill would also require AI firms to provide those developers with access to advanced AI models that can find and fix vulnerabilities . That provision could significantly improve the cybersecurity of the open-source ecosystem, which has struggled with a flood of AI-powered bug reports in recent years.
Another provision would require NIST and the Energy Department to partner with federal labs and the private sector to create AI security testbeds. These research centers would evaluate AI models’ capabilities and weaknesses and organize a hackathon to publicly test the models.
The bill would task the Government Accountability Office with auditing the security measures protecting AI model weights and the security posture of the open-source ecosystem.
The legislation would also reauthorize the Cybersecurity Information Sharing Act , which allows companies and government agencies to exchange threat intelligence without liability or antitrust concerns. Congress in February temporarily reauthorized CISA through the end of September, but business groups and cybersecurity experts have cited advances in AI as one of the most pressing reasons to put the program on a more permanent footing.
Two major technology trade groups, the Information Technology Industry Council and the software industry association BSA , praised lawmakers for including a CISA reauthorization in the AI bill.