|
Amended
IN
Assembly
July 17, 2025 |
|
Amended
IN
Assembly
July 07, 2025 |
|
Amended
IN
Senate
March 26, 2025 |
| Introduced by Senator McNerney |
February 21, 2025 |
LEGISLATIVE COUNSEL'S DIGEST
This bill would require any entity that engages in conduct that could materially impact critical infrastructure safety, security, or operations to report an artificial intelligence (AI) adverse event, as defined, in a form and manner prescribed by the Office of Emergency Services, as provided. The bill would subject each entity that fails to provide an AI adverse event report to a specified civil penalty. The bill would authorize the office to, among other things, authorize public or private entities to receive information about individual events or aggregated statistics for the purpose of collaboratively addressing identified harms, except as provided. The bill would include related findings and declarations.
The people of the State of California do enact as follows:
SECTION 1.
The Legislature finds and declares all of the following:(c)The working group’s 2025 report recommends the establishment of adverse event reporting mechanisms for artificial intelligence systems, especially in high-risk domains such as critical infrastructure, to ensure transparency, accountability, and public safety.
(d)The report underscores the importance of centralized, timely, and clear reporting of AI malfunctions or failures that could lead to physical harm, data breaches, or disruption of essential services. These recommendations are echoed by expert consensus on artificial intelligence safety protocols nationally.
(e)
(f)As California integrates artificial intelligence into critical infrastructure operations, it is essential that state agencies implement human verification mechanisms, conduct rigorous risk assessments, and comply with mandatory adverse event reporting standards to protect public health, safety, and the integrity of essential systems.
(a)For purposes of this section, the following definitions apply:
(1)“AI adverse event” means an incident, circumstance, or series of events where the development, deployment, use, or malfunction of an artificial intelligence (AI) system or automated decision system in critical infrastructure has caused or contributed to any of the following:
(A)Death of any person.
(B)Serious physical injury requiring medical
treatment.
(C)Significant disruption to critical infrastructure operations lasting more than one hour.
(D)Unauthorized access to or compromise of sensitive data affecting more than 100 individuals.
(E)Material financial loss greater than fifty thousand dollars ($50,000) to any person or entity.
(F)System failure that requires manual intervention to prevent harm or restore service.
(G)Any failure of the AI system to perform as intended that could reasonably lead to mass casualty events or widespread critical infrastructure failure.
(2)“Artificial intelligence” (“AI”) means an engineered or machine-based system that varies in its level of autonomy that can, for explicit or implicit objectives, infer from the input it receives how to generate outputs that can influence physical or virtual environments.
(3)“Automated decision system” means a computational process derived from machine learning, statistical modeling, data analytics,
or artificial intelligence that issues simplified output, including a score, classification, or recommendation, that is used to assist or replace human discretionary decisionmaking and materially impacts natural persons. “Automated decision system” does not include a spam email filter, firewall, antivirus software, identity and access management tools, or a calculator.
(4)“Critical infrastructure” means systems or assets so vital to the state that the incapacity or destruction of those networks, systems, or assets would have a debilitating impact on public health, safety, economic security, or any combination thereof, including any of
the following infrastructure:
(A)Transportation.
(B)Energy.
(C)Food and agriculture.
(D)Communications.
(E)Emergency services.
(F)Financial services.
(5)“Operator” means a state agency in charge of critical infrastructure.
(b)(1)An operator deploying artificial intelligence that could materially impact critical infrastructure safety, security, or operations shall establish a human oversight mechanism to do both of the following:
(A)Monitor the artificial intelligence system’s operations in real time.
(B)Review and approve any plan or action proposed by an artificial intelligence system before execution.
(2)This subdivision shall not apply to an existing automated decision system that is critical to state infrastructure if the required human oversight would cause an immediate pause that would destabilize that system.
(c)The Department of Technology shall administer specialized training in artificial intelligence safety protocols and risk management techniques to be given to oversight personnel.
(d)(1)An operator shall conduct an annual assessment of its artificial intelligence systems and automated decision systems that does all of the following:
(A)Evaluates compliance with this section.
(B)Evaluates system performance and safety.
(C)Identifies and evaluates potential risks and
vulnerabilities, including those that could lead to mass casualty events.
(2)An operator shall submit a summary of the assessment findings to the Department of Technology.
(3)The assessment shall coincide with any requirement on the operator to perform a risk analysis pursuant to
subdivision (b) of Section 11549.65.
(a)Any entity that engages in conduct that could materially impact critical infrastructure safety, security, or operations shall report an AI adverse event in a form and manner prescribed by the office as follows:
(1)Within four hours after detection of an AI adverse event that poses an ongoing urgent threat to public health or safety.
(2)Within 24 hours after detection of an AI adverse event involving death or serious physical injury.
(3)Within 72 hours after detection of an adverse AI event involving significant critical infrastructure disruption or data compromise.
(4)Within 14 calendar days after detection of any other AI adverse event.
(b)For purposes of this section, detection occurs on the first business day that the AI adverse event is known to the operator or, by exercising reasonable diligence, should have been known to the operator.
(c)An AI adverse event report shall include, to the extent known or reasonably ascertainable, all of the following:
(1)A description of the artificial intelligence system or automated decision system, including, but not limited to, all of the following:
(A)System type, purpose, and intended use.
(B)Vendor information and version numbers.
(C)Deployment environment and integration details.
(D)Training data sources relevant to the incident.
(E)Status of human oversight mechanisms at the time of the incident.
(2)Details of the adverse event, including, but not limited to, all of the following:
(A)Date, time, and location of the occurrence.
(B)Circumstances leading to the event.
(C)Nature and extent of the harm, damage, or disruption.
(D)Number of individuals or systems affected.
(E)Root-cause analysis, when available.
(F)Effectiveness of human oversight mechanisms in detecting or preventing the incident.
(3)Response and mitigation measures taken or being planed, including, but not limited to, any modifications to human oversight mechanisms.
(4)Contact information for a designated representative of the operator.
(5)Any additional information requested by the department.
(d)Each entity shall be subject to a civil penalty not to exceed five hundred dollars ($500) for each seven days that the entity fails to provide an AI adverse event report required under this section.
(e)The office
may do any of the following:
(1)Authorize entities that are not operators to voluntarily participate in the reporting system for the purpose of maximally growing the evidence base.
(2)Authorize public or private entities to receive information about individual events or aggregated statistics for the purpose of collaboratively addressing identified harms.
(3)Post on its internet website information about individual events or aggregated statistics.
(f)The office shall not disclose any record or information within a record of the office related to enforcement of this section that is privileged, protected by copyright, or otherwise prohibited by law from being disclosed; that is exempt from disclosure to the public under express provisions of the
California Public Records Act (Division 10 (commencing with Section 7920.000) of Title 1); or in which, based on the facts of the particular case, the public interest served by not disclosing the record clearly outweighs the public interest served by disclosure of the record.