The AI Incident Reporting Act would require developers to flag dangerous model capabilities to the Commerce Department, with Congress notified within 48 hours of serious cases
Representative Nathaniel Moran, a Texas Republican, introduced legislation on June 25 that would force AI companies to tell the federal government when their models do something dangerous. The bill, called the AI Incident Reporting Act, gives developers a seven-day window to report critical safety incidents to the US Commerce Department.
What the bill actually requires #
When an AI company discovers a significant security breach or safety incident, it has seven days to notify the Commerce Department. For serious cases, Commerce then has 48 hours to loop in Congress.
The types of incidents that trigger mandatory reporting are specific. They include AI models that evade oversight mechanisms, unauthorized access to model weights (the core parameters that define how an AI system behaves), and situations where models demonstrate capabilities related to chemical, biological, or nuclear threats.
Why this bill exists right now #
The bill also follows specific federal actions that have put AI safety squarely in the spotlight. On June 12, the Commerce Department issued a directive targeting specific AI models from Anthropic, one of the leading AI developers and a company that has positioned itself as the safety-conscious alternative to OpenAI.
Earlier in June, a separate discussion draft known as the Great American Artificial Intelligence Act was also published. That broader proposal included incident reporting provisions among a wider set of safety measures. Moran’s bill effectively strips out the incident reporting piece and packages it as standalone legislation, a strategy designed to avoid the political gridlock that tends to swallow larger regulatory frameworks.
The broader AI safety landscape #
The push for mandatory incident reporting reflects a growing consensus, at least among some lawmakers, that voluntary safety commitments from AI companies are insufficient. Major AI developers have signed various pledges and commitments over the past few years, but these carry no legal teeth. A company that discovers its model can help synthesize dangerous pathogens currently has no legal obligation to tell anyone.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our