The CREATE AI Act of 2025 adds a new Title LVI to the National Artificial Intelligence Initiative Act to authorize and govern a National Artificial Intelligence Research Resource (NAIRR). The bill charges the Director of the National Science Foundation, working with a newly‑formed NAIRR Steering Subcommittee (within the existing Interagency Committee), to establish a Program Management Office at NSF, select a nongovernmental Operating Entity via competitive process, and provision shared computational hardware, datasets, AI testbeds, and educational services for eligible U.S. researchers and institutions.
Practically, the law centralizes how federal compute and data assets can be pooled, procured, and made available while embedding requirements for privacy, ethics, scientific integrity, security, and research‑security screening. It authorizes fee schedules with a required free tier and allows the NAIRR to accept private donations — creating a hybrid public infrastructure that aims to lower barriers to high‑end AI research but also raises governance, sustainability, and security trade‑offs for NSF, agencies, and private partners.
At a Glance
What It Does
The bill requires NSF, in coordination with the OSTP‑chaired NAIRR Steering Subcommittee, to establish a Program Management Office and, within one year of enactment, stand up the NAIRR, select a nongovernmental Operating Entity through a competitive process, and provision compute, data, testbeds, and training to eligible U.S. researchers. It sets processes for procurement, dataset standards (with NIST coordination), user eligibility, security baselines, auditing for privacy/ethics, and an annually evaluated governance cycle.
Who It Affects
Directly affected parties include university researchers and students, nonprofits, federally funded research and development centers, small businesses (including SBIR/STTR awardees), federal agencies contributing resources, and private cloud and data providers who may host or donate assets. NSF, OSTP, and any selected Operating Entity will bear operational and oversight responsibilities.
Why It Matters
The NAIRR is a federal effort to shift costly AI R&D enablers — large‑scale compute, curated datasets, and testbeds — from primarily commercial gatekeepers to an accessible public resource. That matters for competitive positioning of U.S. researchers, federal research security policy, procurement practices, and how private donations and fee revenue will shape public research infrastructure.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The law creates a governance ladder: OSTP chairs a NAIRR Steering Subcommittee drawn from the Interagency Committee, and NSF must create a Program Management Office (PMO) to run day‑to‑day functions. The Steering Subcommittee approves the NAIRR operating plan and budget, defines KPIs, and issues requests for proposals for an Operating Entity; the PMO runs the competitive selection and supervises the Operating Entity’s contract compliance.
The NAIRR is explicitly designed to supply four resource classes: computational resources (on‑premises, public cloud, hybrid options, APIs and open software), curated datasets (with interoperability and repository standards coordinated with NIST), AI testbeds (cataloging and facilitated access), and training/educational services to increase STEM participation. The Operating Entity runs the user portal, maintains infrastructure, hires technical and policy staff, administers training, and modernizes the platform over time.Access rules are restrictive in scope but broad in reach: eligible users are U.S.‑based researchers, students, and staff affiliated with institutions of higher education, nonprofits, federal agencies, FFRDCs, qualifying small businesses, or approved consortia.
The statute bars individuals employed by foreign countries listed under 10 U.S.C. 4872(d)(2) from eligibility and tasks NSF with enforcing that restriction. The PMO must establish auditing and approval processes that consider privacy, ethics, safety, and trustworthiness when allocating resources, and it may tier security requirements and user access in line with NIST and CISA guidance.On governance and sustainability, the bill permits the NAIRR to charge fees (with a mandated free tier), accept cash and in‑kind donations, and retain fees for operations.
It also requires annual evaluation against KPIs, public annual reporting, and periodic independent assessments. The text notably embeds research‑security obligations aligned with National Security Presidential Memorandum‑33 and signals coordination with federal statistical agencies for use of restricted statistical data.
The Five Things You Need to Know
NSF must establish the NAIRR within one year of the Act’s enactment and create a Program Management Office to run it.
The Program Management Office must include at least three full‑time employees and will competitively select a nongovernmental Operating Entity to operate the NAIRR portal and services.
The NAIRR may provide on‑premises, cloud, hybrid compute, an open software environment, an API to AI models, curated datasets (governed by NIST interoperability guidance), and access to AI testbeds.
Individuals employed by foreign countries listed under 10 U.S.C. 4872(d)(2) are explicitly excluded from NAIRR eligibility; NSF must verify compliance with this exclusion.
The head of the PMO may set a fee schedule that can be retained for program use but must include a free tier; fees may vary by user type and allow cost‑recovery purchases beyond subsidized allocations.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Creates the NAIRR Steering Subcommittee inside the Interagency Committee
This amendment inserts a new subsection establishing a NAIRR Steering Subcommittee chaired by the OSTP Director. It prescribes member selection standards (expertise, funded AI R&D, or other ties to NAIRR) and requires at least annual composition reviews. Practically, the Subcommittee is the policy and budget control point: it approves the NAIRR operating plan, reviews budgets, sets KPIs, solicits and scopes the Operating Entity procurement, identifies federated resources, and produces an annual public report plus periodic independent assessments.
Definitions and scope
The statute defines core program terms — NAIRR, Program Management Office (PMO), Operating Entity, AI testbeds, and resources — to set legal boundaries for contracting, delegation, and oversight. By tying certain definitions to existing statutes (e.g., NIST testbed language and the Small Business Act), the bill narrows interpretive wiggle room and links NAIRR operations to established federal standards and procurement categories.
Establishment, PMO, and Operating Entity selection
This section requires NSF to stand up a PMO and to run a competitive, transparent solicitation to select a nongovernmental Operating Entity (an NGO or consortium which may include FFRDCs). The PMO retains oversight authority: it sets evaluation criteria, supervises asset allocation, hires staff, identifies an independent evaluator, and may terminate the Operating Entity for unsatisfactory annual performance and reselect a replacement.
Catalog of NAIRR resources — compute, data, testbeds, education
Section 5603 mandates a minimum resource set: a mix of computational environments (cloud, on‑premises, hybrid), an open software stack and API access to models, curated datasets (with repository standards in coordination with NIST), an AI open data commons, outreach to federal statistical sources, and AI testbed access. Practically, this sets procurement and interoperability expectations for vendors and data curators and directs NAIRR to publicly summarize available resource categories.
User eligibility, privacy/ethics review, integrity, and security controls
This section prescribes who may use NAIRR resources (U.S.‑based academics, nonprofits, federal agencies, FFRDCs, qualifying SBs, consortia) and explicitly excludes persons employed by certain foreign governments. It obligates the PMO and Operating Entity to implement auditing and application review processes for privacy, ethics, civil liberties, safety, and trustworthiness; to publish scientific‑integrity guidance; and to align security baselines with the NIST Cybersecurity Framework (with CISA coordination). The PMO can create tiers of access and set a fee schedule that must include a free tier and allow retained fee use for operations.
Funding flexibilities and donations
Rather than appropriating a fixed fund, the Act authorizes the NAIRR to accept and use private donations of cash, services, and property to carry out its mission. That creates a hybrid funding model — appropriations‑driven obligations plus donor and fee income — which has implications for sustainability, conflicts of interest, and contracting.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- University researchers and students — gain subsidized access to large‑scale compute, curated datasets, testbeds, and structured training programs that are otherwise concentrated in industry, lowering barriers to model development and benchmarking.
- Small businesses (SBIR/STTR awardees and other qualifying small firms) — the statute expressly includes qualifying small businesses as eligible and enables them to access compute and data they could not afford independently, improving commercialization pathways.
- Nonprofit research organizations and minority‑serving institutions — curated outreach and a free access tier aim to expand participation and diversify the research pipeline by offering training, curated datasets, and technical support.
- Federal agencies and policymakers — a shared catalog of AI testbeds, training materials, and centralized analytics will improve cross‑agency evaluation, benchmarking, and workforce upskilling without duplicative procurement.
- Cloud, data repository, and testbed providers — stand to win contracts or in‑kind partnerships to host compute, provide repositories, or contribute testbeds, and to influence standards (NIST coordination creates procurement opportunities).
Who Bears the Cost
- National Science Foundation and participating agencies — must staff and run the PMO, coordinate interagency contributions, and sustain oversight and annual evaluations; these are real operating costs that may require appropriations beyond donated assets.
- Operating Entity (contractor/consortium) — bears daily operational, staffing, security, compliance, and reporting duties and faces termination risk if annual performance is deemed unsatisfactory.
- Private donors and cloud providers — donating or contracting resources may trigger additional compliance obligations, auditing, and restrictions on how contributed data or compute may be used, and donors may face reputational risk if governance disputes arise.
- Taxpayers — the mandated free tier and federal oversight imply subsidy; if appropriations are insufficient, service quality could degrade or costs could shift to users via higher fees.
- Privacy and ethics review offices — agencies and the Operating Entity must perform dataset audits and continuous review for privacy, civil‑liberties, and scientific‑integrity concerns, adding workload and budgetary demand on compliance officials.
Key Issues
The Core Tension
The bill’s central dilemma is between democratizing access to high‑end AI resources (openness, equity, and scientific progress) and protecting national security, privacy, and research integrity (control, vetting, and restriction). Any governance choices that make the NAIRR broadly accessible increase risk of misuse or foreign exploitation; conversely, tight security and donor/contractor conditions can preserve safety but re‑erect access barriers and empower gatekeepers.
The Act blends public leadership with private participation but leaves several implementation choices unresolved. It authorizes donations and fee retention without detailed conflict‑of‑interest safeguards; donors could influence resource priorities or gain privileged access unless the PMO imposes rigid conditions.
The Operating Entity model centralizes operations in a nongovernmental contractor, creating a potential single‑point‑of‑failure and a powerful gatekeeper for who gets scarce compute time and valuable datasets. Contract design, termination triggers, and performance metrics will therefore be pivotal to prevent capture or mission drift.
Security and openness sit in tension throughout the text. The statute requires conformance with NSPM‑33 research‑security principles while also mandating data sharing and an open data commons and a research ecosystem that prioritizes openness and scientific integrity.
Operationalizing those dual aims — guarding against illicit foreign influence and export of sensitive capabilities while preserving collaborative, open science — will depend on how the PMO designs eligibility checks, access tiers, and data redaction or enclaves for sensitive datasets. Resource prioritization rules (e.g., giving projects on ethics and safety priority when demand exceeds supply) introduce additional subjective judgment that could shape the research agenda.
Finally, the law sets minimum staffing (three full‑time PMO employees) and creates substantial reporting and auditing duties for the PMO and Operating Entity; those minimums risk under‑resourcing oversight. The fee model plus donations can help finance operations but also creates sustainability uncertainty: fees must balance accessibility (free tier) with enough cost recovery to maintain modern infrastructure, and reliance on voluntary donations may bias resource types toward projects attractive to donors rather than public‑interest needs.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.