WeVote

Bill

Bill

HR 8819

Federal Artificial Intelligence Risk Management Act of 2026

119th Congress Introduced by Josh Gottheimer and 2 co-sponsors

Mandates federal agencies adopt NIST’s AI Risk Management Framework, standardizing risk, provenance, labeling of synthetic content, and ongoing evaluation across civilian AI use.

Introduced in House
0
WeVote Research Nonpartisan
Bill Summary · HR 8819

Overview

Federal Artificial Intelligence Risk Management Act of 2026 (H.R. 8819) would require U.S. federal agencies to adopt and implement the Artificial Intelligence Risk Management Framework developed by the National Institute of Standards and Technology (NIST). The bill seeks to establish standards, guidelines, and governance around the development, procurement, use, and management of artificial intelligence systems across non-national security federal operations.

Main purpose and intent

  • Ensure consistent, government-wide use of a risk management approach for AI.
  • Create formal standards to manage trustworthiness, provenance, labeling of synthetic content, and overall risk in agency AI activities.
  • Align federal AI standards with existing federal frameworks and management practices, while providing for ongoing testing, evaluation, and revisions.

Key provisions and changes

  • Creation of Section 5304 (Standards for Artificial Intelligence Systems) within the National Defense Authorization Act for FY2021 (as amended by this bill) to:
    • Develop Federal standards and guidelines for AI systems used or operated by agencies or their contractors (excluding national security systems).
    • Develop minimum requirements for managing risks related to the trustworthiness of AI systems for all agency operations and assets.
    • Develop minimum requirements for authenticating, tracking provenance of, and labeling synthetic content generated by an agency or its contractors (excluding national security systems).
    • Conduct research and analysis to inform these standards and guidelines.
  • Standards and guidelines must:
    • Be consistent with the NIST AI Risk Management Framework (NIST AI 100-1) and related frameworks, and support practical tools for reducing AI-related risk in development, procurement, and use.
    • Align with the Federal framework, Circular A-119, and enable conformity assessment where feasible.
    • Include training recommendations for agency personnel responsible for procuring AI systems.
    • Establish performance indicators and measurement approaches to support implementation.
    • Provide guidelines for creating agency use profiles of AI systems consistent with the framework.
    • Evaluate policies and practices for national security AI systems to explore potential applicability to civilian agencies.
    • Periodically assess effectiveness and revise standards as needed.
  • Readiness and implementation:
    • When a standard is deemed ready for widespread adoption, it can be submitted to the Secretary of Commerce for promulgation under 40 U.S.C. 11331.
    • The Director of NIST may provide technical review and assistance to agencies to implement these standards.
    • Regular evaluation of effectiveness and challenges in implementation, with revisions as appropriate.
  • Testing and evaluation of AI acquisitions:
    • Conduct a gap analysis on existing voluntary testing, evaluation, verification, and validation standards for AI acquisitions.
    • Develop and update standards for testing/evaluation related to AI acquisitions and, when ready, submit to the Secretary of Commerce for promulgation.
    • Require a report to Congress detailing the gap analysis and a plan for next steps.

Who is affected

  • Federal agencies and their contractors procuring, developing, or deploying AI systems for non-national security purposes.
  • Agencies would need to implement risk management practices, labeling of synthetic content, provenance tracking, and profiling guidelines.
  • All agency AI-related activities would be subject to conformity assessment and ongoing assessment of effectiveness.

Procedural and timeline aspects

  • Establishes mandatory standards development by NIST in coordination with OMB and agency heads.
  • Readiness determinations trigger potential promulgation by the Secretary of Commerce under existing statutes (40 U.S.C. 11331).
  • Requires periodic review, testing standards development, and a report to Congress within 90 days after completing the initial gap analysis for AI acquisitions.
  • Introduces a phased approach: standards development and readiness, implementation support, testing/evaluation standards, and periodic revision.

Notes

  • Excludes national security systems from certain provisions.
  • Defines key terms (AI system, synthetic content, profile, framework) to standardize understanding across agencies.
  • Builds on the NIST AI Risk Management Framework, reinforcing a structured risk management approach to federal AI use.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.