[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[S. 3050 Introduced in Senate (IS)]
<DOC>
118th CONGRESS
1st Session
S. 3050
To require a report on artificial intelligence regulation in the
financial services industry, to establish artificial intelligence bug
bounty programs, to require a vulnerability analysis study for
artificial intelligence-enabled military applications, and to require a
report on data sharing and coordination, and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
October 17, 2023
Mr. Rounds (for himself, Mr. Schumer, Mr. Young, and Mr. Heinrich)
introduced the following bill; which was read twice and referred to the
Committee on Armed Services
_______________________________________________________________________
A BILL
To require a report on artificial intelligence regulation in the
financial services industry, to establish artificial intelligence bug
bounty programs, to require a vulnerability analysis study for
artificial intelligence-enabled military applications, and to require a
report on data sharing and coordination, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Artificial Intelligence Advancement
Act of 2023''.
SEC. 2. DEFINITIONS.
In this Act:
(1) Congressional defense committees.--The term
``congressional defense committees'' has the meaning given such
term in section 101 of title 10, United States Code.
(2) Foundational artificial intelligence model.--The term
``foundational artificial intelligence model'' means an
adaptive generative model that is trained on a broad set of
unlabeled data sets that can be used for different tasks, with
minimal fine-tuning.
SEC. 3. REPORT ON ARTIFICIAL INTELLIGENCE REGULATION IN FINANCIAL
SERVICES INDUSTRY.
(a) In General.--Not later than 90 days after the date of enactment
of this Act, each of the Board of Governors of the Federal Reserve
System, the Federal Deposit Insurance Corporation, the Office of the
Comptroller of the Currency, the National Credit Union Administration,
and the Bureau of Consumer Financial Protection shall submit to the
Committee on Banking, Housing and Urban Affairs of the Senate and the
Committee on Financial Services of the House of Representatives a
report on its gap in knowledge relating to artificial intelligence,
including an analysis on--
(1) which tasks are most frequently being assisted or
completed with artificial intelligence in the institutions the
agency regulates;
(2) current governance standards in place for artificial
intelligence use at the agency and current standards in place
for artificial intelligence oversight by the agency;
(3) potentially additional regulatory authorities required
by the agency to continue to successfully execute its mission;
(4) where artificial intelligence may lead to overlapping
regulatory issues between agencies that require clarification;
(5) how the agency is currently using artificial
intelligence, how the agency plans to use such artificial
intelligence the next 3 years, and the expected impact,
including fiscal and staffing, of those plans; and
(6) what resources, monetary or other resources, if any,
the agency requires to both adapt to the changes that
artificial intelligence will bring to the regulatory landscape
and to adequately adopt and oversee the use of artificial
intelligence across its operations described in paragraph (5).
(b) Rule of Construction.--Nothing in this section may be construed
to require an agency to include confidential supervisory information or
pre-decisional or deliberative non-public information in a report under
this section.
SEC. 4. ARTIFICIAL INTELLIGENCE BUG BOUNTY PROGRAMS.
(a) Program for Foundational Artificial Intelligence Products Being
Incorporated by Department of Defense.--
(1) Development required.--Not later than 180 days after
the date of the enactment of this Act and subject to the
availability of appropriations, the Chief Data and Artificial
Intelligence Officer of the Department of Defense shall develop
a bug bounty program for foundational artificial intelligence
models being integrated into Department of Defense missions and
operations.
(2) Collaboration.--In developing the program required by
paragraph (1), the Chief may collaborate with the heads of
other government agencies that have expertise in cybersecurity
and artificial intelligence.
(3) Implementation authorized.--The Chief may carry out the
program developed pursuant to subsection (a).
(4) Contracts.--The Secretary of Defense shall ensure, as
may be appropriate, that whenever the Department of Defense
enters into any contract, the contract allows for participation
in the bug bounty program developed pursuant to paragraph (1).
(5) Rule of construction.--Nothing in this subsection shall
be construed to require--
(A) the use of any foundational artificial
intelligence model; or
(B) the implementation of the program developed
pursuant to paragraph (1) in order for the Department
to incorporate a foundational artificial intelligence
model.
(b) Briefing.--Not later than one year after the date of the
enactment of this Act, the Chief shall provide the congressional
defense committees a briefing on--
(1) the development and implementation of bug bounty
programs the Chief considers relevant to the matters covered by
this section; and
(2) long-term plans of the Chief with respect to such bug
bounty programs.
SEC. 5. VULNERABILITY ANALYSIS STUDY FOR ARTIFICIAL INTELLIGENCE-
ENABLED MILITARY APPLICATIONS.
(a) Study Required.--Not later than one year after the date of the
enactment of this Act, the Chief Digital and Artificial Intelligence
Officer (CDAO) of the Department of Defense shall complete a study
analyzing the vulnerabilities to the privacy, security, and accuracy
of, and capacity to assess, artificial intelligence-enabled military
applications, as well as research and development needs for such
applications.
(b) Elements.--The study required by subsection (a) shall cover the
following:
(1) Research and development needs and transition pathways
to advance explainable and interpretable artificial
intelligence-enabled military applications, including the
capability to assess the underlying algorithms and data models
of such applications.
(2) Assessing the potential risks to the privacy, security,
and accuracy of underlying architectures and algorithms of
artificial intelligence-enabled military applications,
including the following:
(A) Individual foundational artificial intelligence
models, including the adequacy of existing testing,
training, and auditing for such models to ensure models
can be properly assessed over time.
(B) The interactions of multiple artificial
intelligence-enabled military applications, and the
ability to detect and assess new, complex, and emergent
behavior amongst individual agents, as well as the
collective impact, including how such changes may
affect risk to privacy, security, and accuracy over
time.
(C) The impact of increased agency in artificial
intelligence-enabled military applications and how such
increased agency may affect the ability to detect and
assess new, complex, and emergent behavior, as well
risks to the privacy, security, and accuracy of such
applications over time.
(3) Assessing the survivability and traceability of
decision support systems that are integrated with artificial
intelligence-enabled military applications and used in a
contested environment, including--
(A) potential benefits and risks to Department of
Defense missions and operations of implementing such
applications; and
(B) other technical or operational constraints to
ensure such decision support systems that are
integrated with artificial intelligence-enabled
military applications are able to adhere to the
Department of Defense Ethical Principles for Artificial
Intelligence.
(4) Identification of existing artificial intelligence
metrics, developmental, testing and audit capabilities,
personnel, and infrastructure within the Department of Defense,
including test and evaluation facilities, needed to enable
ongoing identification and assessment under paragraphs (1)
through (3), and other factors such as--
(A) implications for deterrence systems based on
systems warfare; and
(B) vulnerability to systems confrontation on the
system and system-of-systems level.
(5) Identification of gaps or research needs to
sufficiently respond to the elements outlined in this
subsection that are not currently, or not sufficiently, funded
within the Department of Defense.
(c) Coordination.--In carrying out the study required by subsection
(a), the Chief Digital and Artificial Intelligence Officer shall
coordinate with the following:
(1) The Director of the Defense Advanced Research Projects
Agency (DARPA).
(2) The Under Secretary of Defense for Research and
Evaluation.
(3) The Under Secretary of Defense for Policy.
(4) The Director for Operational Test and Evaluation
(DOT&E) of the Department.
(5) As the Chief Digital and Artificial Intelligence
Officer considers appropriate, the following:
(A) The Secretary of Energy.
(B) The Director of the National Institute of
Standards and Technology.
(C) The Director of the National Science
Foundation.
(D) The head of the National Artificial
Intelligence Initiative Office of the Office of Science
and Technology Policy.
(E) Members and representatives of industry.
(F) Members and representatives of academia.
(d) Interim Briefing.--Not later than 180 days after the date of
the enactment of this Act, the Chief Digital and Artificial
Intelligence Officer shall provide the congressional defense committees
a briefing on the interim findings of the Chief Digital and Artificial
Intelligence Officer with respect to the study being conducted pursuant
to subsection (a).
(e) Final Report.--
(1) In general.--Not later than one year after the date of
the enactment of this Act, the Chief Digital and Artificial
Intelligence Officer shall submit to the congressional defense
committees a final report on the findings of the Chief Digital
and Artificial Intelligence Officer with respect to the study
conducted pursuant to subsection (a).
(2) Form.--The final report submitted pursuant to paragraph
(1) shall be submitted in unclassified for, but may include a
classified annex.
SEC. 6. REPORT ON DATA SHARING AND COORDINATION.
(a) In General.--Not later than 180 days after the date of the
enactment of this Act, the Secretary of Defense shall submit to the
congressional defense committees a report on ways to improve data
sharing, interoperability, and quality, as may be appropriate, across
the Department of Defense.
(b) Contents.--The report submitted pursuant to subsection (a)
shall include the following:
(1) A description of policies, practices, and cultural
barriers that impede data sharing and interoperability, and
lead to data quality issues, among components of the
Department.
(2) The impact a lack of appropriate levels of data
sharing, interoperability, and quality has on Departmental
collaboration, efficiency, interoperability, and joint-
decisionmaking.
(3) A review of current efforts to promote appropriate data
sharing, including to centralize data management, such as the
AVANA program.
(4) A description of near-, mid-, and long-term efforts
that the Office of the Secretary of Defense plans to implement
to promote data sharing and interoperability, including efforts
to improve data quality.
(5) A detailed plan to implement a data sharing and
interoperability strategy that supports effective development
and employment of artificial intelligence-enabled military
applications.
(6) A detailed assessment of the implementation of the
Department of Defense Data Strategy issued in 2020, as well as
the use of data decrees to improve management rigor in the
Department when it comes to data sharing and interoperability.
(7) Any recommendations for Congress with respect to
assisting the Department in these efforts.
<all>