The reporting requirement would also apply to theft or attempted theft of model weights, capabilities that could materially enable offensive cyber operations against important software or critical infrastructure, autonomous development of more capable AI systems, and capabilities that could accelerate the development or use of chemical, biological, radiological, nuclear, or explosive weapons.
The legislation also directs the Commerce Department to develop the capability thresholds in consultation with AI developers, academic researchers, cybersecurity experts, national security officials, and other stakeholders before issuing implementation guidance.
Sanchit Vir Gogia, chief analyst at Greyhound Research, said the proposal would make reporting serious AI incidents a legal obligation rather than a voluntary practice for developers of frontier AI models.
