The bill directs the Director of the Office of Science and Technology Policy to create a federal artificial intelligence regulatory sandbox that permits temporary waivers or modifications of specified federal requirements so AI products, services, or development methods can be tested on a limited basis. The sandbox is designed to spur innovation, job creation, and commercialization in the United States while requiring participants to abide by written agreements and consumer-notification rules.
This is significant because it centralizes a federal pathway for experimental deployments of AI under coordinated cross-agency review and reporting. That structure changes how federal enforcement interacts with novel AI deployments: agencies can suspend enforcement of particular covered provisions for compliant participants, but the program also builds in monitoring, disclosure, and mechanisms for agencies and Congress to evaluate whether statutory or regulatory changes are warranted.
At a Glance
What It Does
The OSTP Director establishes and runs a program that accepts applications for temporary waivers or modifications of ‘covered provisions’ so developers can test AI products or methods without immediate enforcement of those specific rules. Agencies with jurisdiction over the covered provisions review applications and recommend mitigation terms; the Director signs written agreements that govern participation.
Who It Affects
U.S.-based AI developers and service providers seeking experimental regulatory relief, federal agencies tasked with enforcement of the covered provisions, and consumers who may interact with experimental AI products. State-level sandbox programs are explicitly contemplated for coordination.
Why It Matters
The bill creates an administratively managed experiment in regulatory relief at the federal level rather than through piecemeal agency pilots. That can accelerate product development and provide data for future rulemaking, while changing incentives for compliance, agency workload, and congressional oversight of regulatory text.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill adds a new Title VII to the governing science-and-technology statute to create an AI regulatory sandbox housed at OSTP. It defines covered terms (including what counts as an AI product/service and what counts as a covered provision) and tasks the OSTP Director with building an application system, publishing the review criteria, and operating the program.
Applicants must certify U.S. jurisdictional ties and describe the AI product or development method they want to test, identify which federal provisions they seek to waive or modify, and explain benefits and risk-mitigation plans. OSTP may assist applicants in identifying likely statutory or regulatory triggers and can also itself submit applications it thinks will advance AI in the U.S. Each application is sent to the agencies that enforce the targeted provisions for technical review and stakeholder consultation; agencies then document foreseeable risks and their recommended mitigation or denial.If OSTP and the agencies approve (in whole or in part), the participant signs a written agreement spelling out the waived provisions and the operational terms and mitigations the applicant must follow.
While a waiver is in effect and the participant complies with its written agreement, the bill shields the participant from criminal or civil enforcement of those specifically identified covered provisions—but not from civil suits seeking actual damages or from enforcement of provisions not included in the waiver. The statute also requires public disclosures to consumers, a multi-point reporting regime for participants, access-to-records for OSTP, incident reporting, and annual OSTP reporting to Congress.The program includes appeals to the Director for denied applicants, a judicial-review hook identifying several actions as final agency actions, a revocation path if participants fail to comply, and statutory coordination mechanisms with state sandbox programs.
The program has a statutory sunset and explicit channels by which OSTP can recommend repeal or amendment of covered provisions to Congress based on what the sandbox reveals.
The Five Things You Need to Know
OSTP must establish the AI regulatory sandbox within one year of enactment and publish the criteria used to assess health/safety, economic, and unfair/deceptive risks.
Agencies receiving an application get copies within 14 days; they must produce a record of decision within 90 days or OSTP may treat the absence of a record as non‑objection.
An approved waiver initially lasts 2 years and may be renewed up to four additional 2‑year periods, subject to compliance and material-change review.
Participants must enter a written agreement with OSTP and the applicable agency, report serious incidents to OSTP and agencies within 72 hours, and make public consumer disclosures while testing.
OSTP must provide an annual Program report to Congress and a special message (by May 1 each year) recommending covered provisions that could be amended or repealed; the entire Program sunsets 12 years after establishment.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Definitions that frame the sandbox
This section imports and defines key terms used across the title: what counts as an artificial intelligence system or product (by reference to the National AI Initiative Act), what a covered provision is (broadly tied to the APA definition of a rule and including guidance and statutorily required rules), and the specific risk categories OSTP must assess (health and safety, economic damage, unfair or deceptive trade practices). Those definitions set the gates for what can be waived and which risks agencies must evaluate.
Establishing the Program and its stated purpose
OSTP must create and run the administrative program, with a standardized application form and a public, commentable set of criteria for assessing covered‑provision waiver requests. The statutory purpose language explicitly prioritizes development, commercialization, job creation, and U.S. innovation capacity — framing the program as pro‑innovation and economic in focus rather than solely safety or consumer‑protection driven.
Application content and agency review processes
Applicants must demonstrate U.S. incorporation or headquarters ties, disclose criminal convictions of principals, identify each covered provision they seek to waive or modify, and explain benefits and mitigation plans tied to the statutory risk categories. OSTP forwards completed applications to applicable agencies within a short statutory window; agencies must solicit technical and private‑sector input, prepare a record of decision identifying risks and mitigation proposals, and either approve, deny, or recommend partial approvals. If an agency does not submit its record in time, OSTP may presume no objection, which is a pressure point for agency responsiveness.
Written agreements, Director‑filed applications, and public reuse
No waiver becomes effective until the applicant and OSTP plus the relevant agency head sign a written agreement specifying the waived provisions and mitigation duties. OSTP can itself submit ‘Director‑submitted’ applications to create precedent waivers; when OSTP‑initiated waivers are granted, OSTP must publish the waiver and allow other parties to apply to utilize it under a standardized process, effectively allowing some waivers to be reused by multiple firms under the same terms.
Terms, revocation, disclosures, reporting and records
The statute builds a compliance regime: participants must notify OSTP and agencies within 72 hours of incidents causing health, economic, or unfair‑practice harms; preserve and make available records on demand; and submit multiple reports during the waiver term (early, mid‑term, pre‑expiration). While in compliance, participants are insulated from enforcement (civil or criminal) for the specifically identified covered provisions, but not from private liability for actual damages or enforcement for provisions not waived. OSTP can revoke waivers if participants fail to cure violations within the statutory cure periods.
Reporting, state coordination, confidentiality, and sunset
OSTP must annually report to Congress on program metrics, name waiver recipients, and provide applicant and agency materials. The statute instructs OSTP to coordinate with state sandboxes, accept joint applications, and harmonize testing approaches as feasible. The law protects trade secrets from forced public disclosure but otherwise requires public consumer notices. The program terminates 12 years after creation, placing a hard statutory horizon on experimentation.
Congressional review and repeal recommendations
OSTP must annually send a special message identifying covered provisions that have been waived repeatedly or otherwise appear suitable for repeal or amendment, along with counts, denial summaries, and recommended textual changes for Congress to consider via expedited joint resolutions. The section establishes detailed, expedited rules for committee referral, floor consideration, and timelines in both Houses to accelerate congressional action on statutory changes informed by sandbox results.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- U.S.-based AI developers and startups — they gain a structured federal pathway to test novel AI products or development methods with temporary relief from specific regulatory constraints, potentially lowering the cost and regulatory risk of early deployments.
- OSTP and agencies — they receive structured, real‑world data about how AI systems operate in practice and documented mitigation measures, which can inform future rulemaking and reduce uncertainty in policy decisions.
- Policymakers and Congress — the Program is designed to generate empirical evidence and explicit repeal/amendment recommendations that can be fast‑tracked into legislative changes, streamlining policy learning from experiments.
Who Bears the Cost
- Applicable federal agencies — they must review applications, form advisory boards, meet short statutory deadlines for decisions, and produce records and oversight materials, increasing workload and potentially requiring new staff resources.
- Consumers and end users interacting with experimental offerings — while disclosure and incident reporting are required, consumers may be exposed to products operating outside usual regulatory constraints, shifting some safety and economic risk onto end users.
- Smaller firms not participating in the sandbox — firms without the resources to navigate the application, mitigation, and reporting regime may face competitive disadvantage relative to better‑funded participants who can operate with temporary regulatory relief.
Key Issues
The Core Tension
The central dilemma is accelerating AI development by granting temporary legal relief for experimentation while preserving consistent enforcement and consumer safety: the more expansive the sandbox and the lighter the oversight, the faster firms can iterate—but that increases the risk of harm and regulatory uncertainty; the tighter the oversight, the less the program lowers the costs of experimentation.
The bill creates a regulatory shortcut with formal guardrails, but those guardrails rest on administrative processes rather than new statutory safety standards. A key implementation challenge is information asymmetry: agencies and OSTP must judge risks and mitigation plans proposed by firms that control the underlying systems and data.
If agencies lack budgetary or technical capacity to evaluate applications promptly and deeply, OSTP’s presumption of non‑objection for late agency records could lead to waivers granted with insufficient scrutiny.
Another unresolved area is the interplay between program confidentiality protections for trade secrets and the public need for transparency. The statute protects proprietary information from forced disclosure but nevertheless requires public notices and Congress‑facing reports.
Striking the right redaction and disclosure balance will be operationally and politically difficult. Finally, the Program shifts some enforcement authority via contract and administrative immunity—this could create litigation over the scope of immunity, the meaning of compliance with written agreements, and the limits of private suits versus agency enforcement when harms occur.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.