WeVote

Bill

Bill

HR 9333

AI Flaw Reporting and Security Enhancement Act

119th Congress Introduced by Jeff Hurd and 1 co-sponsor

Establish a voluntary national program and infrastructure for reporting, classifying, and tracking AI flaws to improve detection, remediation, and safe AI use.

Introduced in House
0
WeVote Research Nonpartisan
Bill Summary · HR 9333

Purpose and intent

  • HR 9333, the AI Flaw Reporting and Security Enhancement Act, directs the Director of the National Institute of Standards and Technology (NIST) to develop a voluntary reporting program for artificial intelligence (AI) flaws and to accelerate detection and monitoring of such flaws.
  • The bill envisions a multi-stakeholder, collaborative effort to create common definitions, taxonomies, standards, and infrastructure to help identify, classify, report, and disclose AI-related flaws across sectors.

Key provisions and changes

  • Voluntary reporting program (Section 2(a)-(b)):

    • NIST, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), shall establish a program to support voluntary reporting, collection, and tracking of AI flaws.
    • Activities include convening industry, academia, nonprofits, standards bodies, civil society, and federal entities to develop:
    • Common definitions for AI-related concepts (vulnerabilities, failure modes, accidents, failures, hazards, catastrophes, misuse, incidents, adverse events).
    • Taxonomies to classify AI flaws by characteristics, impacts, and risk.
    • Methods and guidance for prioritizing remediation based on severity or risk.
    • Technical approaches to accelerate detection and monitoring of AI flaws.
    • Guidelines, best practices, procedures for reporting, collecting, and tracking flaws across sectors and use cases.
    • Standardized reporting and documentation mechanisms, including automated processes, to provide public information on AI flaws.
    • Norms for disclosure and reporting of AI flaws, including when public disclosure is appropriate.
  • Infrastructure for measurement, monitoring, and reporting (Section 2(c)):

    • Development or procurement of infrastructure for voluntary reporting, collection, and tracking of AI flaws, including a national database (or modification of an existing database).
    • The infrastructure may be managed by NIST or an eligible entity designated by NIST.
    • Considerations include machine-readable standards, interoperability with existing standards, future updates to include additional information and stakeholders, and policies about dissemination and public disclosures.
  • Reporting to Congress (Section 2(d)):

    • Within three years of enactment, NIST must submit a report detailing:
    • Findings from multi-stakeholder activities.
    • Description of infrastructure and the national database (or its modification).
    • Recommendations for mechanisms to voluntarily share standardized information about AI flaws across industry, academia, nonprofits, standards bodies, civil society, and public sector entities.
  • Definitions (Section 2(e)):

    • AI: As defined in the National AI Initiative Act of 2020.
    • AI flaw: A set of conditions or behaviors that violate safety, security, or other undesirable effects from AI use, including vulnerabilities and incidents, not requiring malicious intent.
    • AI system: As defined in the Advancing American AI Act (and related NDAA reference).
    • Eligible entity: Institutions of higher education, research institutions, or consortia thereof.

Who would be affected

  • Federal agencies (notably NIST and CISA) coordinating the program.
  • Industry, academia, nonprofit organizations, standards development organizations, civil society groups, and other stakeholders participating in stakeholder processes.
  • Entities that may interact with the national infrastructure/database for AI flaw reporting (eligible entities—colleges, universities, and research consortia).

Timeline and procedural aspects

  • The bill directs a program establishment and multi-stakeholder processes soon after enactment.
  • A national infrastructure for reporting and tracking AI flaws should be developed or contracted, with interoperability and future-proofing considerations.
  • A comprehensive Congress-facing report is due within three years of enactment (including findings, infrastructure description, and voluntary reporting recommendations).

Definitions of scope and impact

  • The bill focuses on voluntary reporting and improved monitoring rather than mandatory disclosures.
  • It emphasizes risk-based prioritization of remediation, standardized taxonomy, and public-facing information disclosures when appropriate.
  • It aims to create a centralized or coordinated national database of AI flaws to support better oversight, transparency, and safer AI deployment.

If you’d like, I can provide a one-page quick reference list of terms and a comparison with related AI safety and reporting initiatives.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.