Summary of HF 4544 (Minnesota, 2025-2026)
Purpose and overall intent
- Establishes a licensing framework for independent verification organizations (IVOs) that assess artificial intelligence models and applications.
- Creates an AI Advisory Council within the Department of Commerce to oversee licensing, auditing, and related activities.
- Enables rulemaking to implement the program and requires annual reporting and public-facing disclosures.
- Provides a limited liability and rebuttable presumption related to injuries or property damage involving verified AI systems.
Key provisions and changes
1) Definitions and scope (Chapter 325M.50)
- Defines core terms:
- Artificial intelligence application: software that uses AI to perform tasks requiring human-like intelligence.
- Artificial intelligence model: machine-based system that can infer outputs from inputs to influence environments.
- Deployer: person who implements or offers an AI model/application in Minnesota.
- Developer: person who develops an AI model/application deployed in Minnesota.
- Independent verification organization (IVO): entity licensed to assess adherence to standards aimed at preventing personal injury and property damage.
- Security vendor: third party used by an IVO or developer to evaluate AI safety or security.
2) Independent Verification Organization licensure (Chapter 325M.51)
- License required to operate as an IVO; applicants file information and forms per commissioner rules.
- IVOs must submit a proposed plan detailing risk mitigation for AI models/applications, including:
- Identification of risks, definitions of acceptable risk, measurable metrics, target levels, and ongoing evaluation/reporting protocols.
- Mitigation requirements for developers/deployers (predevelopment and postdevelopment), including monitoring, risk mitigation efficacy, and governance.
- Methods for evaluation, benchmarks, audit methodologies, and plans for ongoing compliance and independent governance.
- Procedures for corrective actions, revocation standards, and coordination with authorities.
- Details on staffing qualifications, governance, funding, and independence.
- License determination:
- Commissioner can license if the applicant demonstrates independence from the broader AI community and that the plan adequately mitigates identified risks.
- If only specific risks are adequately mitigated, licensure may be limited to those risks.
- License will specify the risks covered and applicable markets.
- Revocation and cure:
- Licenses may be revoked for misleading/misaligned plans, noncompliance, compromised independence, obsolete methods, or causing material harm.
- A cure process allows temporary fixes to avoid termination.
- Fees and rulemaking:
- Reasonable fees to offset administrative costs; rules may be adopted to implement sections 325M.51–325M.54.
- Verification not mandatory:
- AI developers or deployers are not required to seek IVO verification.
3) IVO requirements and ongoing duties (Chapter 325M.52)
- Implementation: licensed IVO must implement its approved plan.
- Revocation of verification:
- IVO must revoke verification if developers/deployers fail to meet mitigation requirements, do not cooperate with monitoring, violate governance policies, or fail to implement corrective actions.
- Plan modification:
- IVOs may update plans to address new tech or issues, with written notices to the commissioner; changes take effect on notification, and the commissioner can request information or reject changes within six months.
- Annual reporting:
- IVOs must submit an annual report with aggregated capabilities, observed risks/benefits, adequacy of resources, verification results, remediation compliance, risk descriptions beyond licensed scope, list of verified models/apps, evaluation methods, and any funding or independence changes.
- Redactions allowed for trade secrets and sensitive information; records retained for 10 years, and the commissioner must publish redacted reports.
- Verification timelines and independence:
- Emphasis on ongoing monitoring, governance, and independence from AI industry interests.
4) Artificial Intelligence Advisory Council (Chapter 325M.53)
- Establishes a council within the Department of Commerce.
- Composition: at least one civil society representative (e.g., NGOs, educational/research institutions, public policy institutes, consumer/business advocates); size determined by the commissioner.
- Duties:
- Commissioner delegates licensing and auditing powers to the council.
- Members must avoid conflicts of interest (no IA industry ties, post-employment restrictions of one year in AI firms/IVO contexts, etc.).
- Administration:
- Members may serve up to two consecutive terms; expenses reimbursed and possible salary; removal for inefficiency, neglect, or malfeasance.
- Quorum requires a majority; proceedings must be recorded, including licensing considerations.
5) Limited liability and rebuttable presumption (Chapter 325M.54)
- In civil actions for AI-caused personal injury or property damage, a rebuttable presumption against liability if:
- The AI model/app was verified by a licensed IVO at the time of injury.
- The injury arose from a risk the IVO was licensed to verify and for which verification occurred.
- The model/app operates within the IVO's licensed market segment.
Who and what is affected
- IVOs: Entities seeking licensure to verify AI systems; must develop and maintain comprehensive risk mitigation plans, governance, reporting, and ongoing monitoring.
- Developers and deployers: Entities developing or deploying AI models/apps in Minnesota may interact with IVOs for verification; they must meet mitigation and governance requirements, and may incur reporting obligations.
- End users and the public: Beneficiaries of heightened verification standards, risk disclosures, and governance transparency; potential liability framework changes for verified AI systems.
- Advisory Council: Provides governance, licensing oversight, and independent assessment of IVO activities.
- State agencies and the Department of Commerce: Implementing rules, overseeing licensure, collecting reports, and publishing redacted verification reports.
Timeline and process notes
- Licensure process for IVOs includes a detailed plan, independence and risk-mitigation criteria, and potential for phased licensing (by risk area).
- Annual reporting by IVOs and published redacted reports by the Department of Commerce.
- Rulemaking authority granted to implement sections 325M.51–325M.54.
- The Advisory Council has duties related to licensing and auditing, with governance and conflict-of-interest safeguards.
- The liability framework provides a presumptive defense in civil actions if verification by an IVO is in place and within scope.
Overall impact
- Creates a formal, state-level regime to certify and oversee third-party verifiers of AI safety and risk management.
- Seeks to standardize risk definitions, measurement metrics, and corrective action processes for AI systems deployed in Minnesota.
- Encourages transparency and public accountability through annual reporting and published findings while providing limited liability protections for verified AI systems under specified conditions.