This bill directs the Secretary of Energy to stand up an Advanced Artificial Intelligence Evaluation Program to test, red‑team, and classify results on AI systems the statute calls “advanced.” It requires covered developers to participate and to hand over substantive technical artifacts on request (code, training data, weights, architectures, deployment interfaces); deploying an advanced system into interstate or foreign commerce without compliance triggers a civil fine.
The program must produce empirical risk assessments to inform a permanent federal oversight framework, deliver an initial plan to Congress within a year, and run for up to seven years unless Congress renews it. The statute builds explicit national‑security tools (classified assessments, simulated adversarial attacks) and a narrow procedural route for the Secretary to revise the statutory definition of “advanced” AI.
At a Glance
What It Does
Creates a DOE office that conducts standardized and classified testing, including adversarial red‑team exercises, of AI systems meeting a defined computational threshold and prepares formal reports and policy options for Congress. It also authorizes blind third‑party evaluations and recommends containment, monitoring, and regulation strategies based on test results.
Who It Affects
“Covered advanced AI system developers” — anyone who designs, substantially modifies, or initiates a training run of systems that meet the bill’s computing‑power threshold and are used in interstate or foreign commerce. Cloud providers, open‑source distributors, and entities that deploy such models cross state lines will be subject to the deployment prohibition if they are not in compliance.
Why It Matters
The bill centralizes empirical safety testing at DOE and conditions commercial deployment on compliance, creating a single U.S. point of technical oversight tied to national‑security testing. For regulated developers this shifts part of safety validation from internal processes to a federally administered, partially classified testing regime with criminally nontrivial civil penalties.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The Act instructs the Department of Energy to build a time‑limited, centralized facility and program to evaluate high‑compute AI systems and to generate data that Congress can use when designing AI oversight. Rather than only offering voluntary reviews, the statute makes participation compulsory for developers of systems that cross a quantitative computing‑power threshold and ties deployment in commerce to that participation.
The program’s testing regime is explicitly adversarial and, where necessary, classified: DOE must simulate real‑world jailbreaks and hostile exploitation techniques, use red teams with capabilities comparable to sophisticated attackers, and enable blind or independent third‑party evaluations so that conclusions have technical credibility. Participating developers receive written reports with identified risks and recommended mitigations; DOE must also produce policy options based on empirical findings, including contingency measures if systems approach “artificial superintelligence.”Deadlines and deliverables are specific.
DOE must launch the program within 90 days of enactment, deliver a detailed recommendation for a permanent oversight framework to Congress within 360 days, and update that plan at least annually. The program sunsets after seven years unless Congress acts to continue it.
The statute also sets a statutory definition for “advanced AI” tied to the amount of computing power used in training, while giving the Secretary a rulemaking mechanism to propose a new definition — but that change requires Congressional approval to take effect.
The Five Things You Need to Know
The bill defines an “advanced AI system” as one trained with more than 10^26 integer or floating‑point operations, a numeric threshold that triggers coverage unless changed by statute.
Covered developers must, on request, provide underlying code, training data, model weights, architecture and implementation details to DOE; those materials can be requested for program testing.
No person may deploy an advanced AI system in interstate or foreign commerce unless in compliance with the law; noncompliance carries a civil fine of at least $1,000,000 per day.
DOE must establish the program within 90 days and deliver a detailed recommendation for permanent federal AI oversight to Congress within 360 days, with annual updates thereafter.
The program is explicitly authorized to run classified testing, blind third‑party assessments, and red‑team adversarial evaluations, and it automatically sunsets seven years after enactment unless renewed.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Sense of Congress and program purposes
This provision frames the statute’s goals: treat rapid AI capability gains as material national‑security and economic risks and justify a centralized, empirical testing program. Its practical effect is largely rhetorical but it steers DOE to focus on national‑security, public‑safety, civil‑liberties, and labor‑market impacts when designing testing protocols and reporting to Congress.
Key statutory definitions and how coverage is triggered
Section 3 supplies the gating definitions: ‘advanced AI system,’ ‘covered developer,’ ‘loss‑of‑control,’ ‘scheming behavior,’ and ‘artificial superintelligence.’ The trigger is a numeric computing‑power threshold (training >10^26 operations), but the Secretary can propose a new definition through rulemaking that only becomes law if Congress enacts a joint resolution approving it. That two‑step path preserves Congressional control over re‑defining the statute’s scope while giving DOE a technical avenue to update coverage criteria.
Mandatory participation, deployment ban, and civil fines
This section imposes affirmative obligations on covered developers to participate in the DOE program and to furnish detailed technical materials on request. It bars deployment in interstate or foreign commerce absent compliance and establishes a minimum civil penalty of $1 million per day for violations. Practically, the deployment prohibition creates immediate commercial leverage to enforce participation; the per‑day fine is structured as a severe economic deterrent rather than a negotiated administrative penalty.
Establishment and required testing activities
DOE must set up the Advanced AI Evaluation Program quickly and run adversarial, standardized, and, as needed, classified tests that mirror high‑end real‑world attack techniques. The statute requires DOE to produce formal reports for participants, develop containment and mitigation recommendations, and enable third‑party blind evaluations to increase test credibility. Those mechanics mean DOE will need technical staffing, classified handling capability, and legal workflows for receiving proprietary or classified model artifacts.
Reporting to Congress, rule options, and sunset
DOE must give Congress a comprehensive plan for permanent oversight within a year, including operational monitoring proposals (hardware and cloud usage tracking), certification or licensing options, and contingency measures if systems approach capabilities described as artificial superintelligence. Annual updates are required, and the entire program expires after seven years unless Congress renews it — forcing a mid‑term policy decision on whether DOE’s work should evolve into a permanent regulatory architecture.
This bill is one of many.
Codify tracks hundreds of bills on Technology across all five countries.
Explore Technology in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- Congress and policymakers — receive empirical, DOE‑produced testing data and scenario analyses to inform statute and regulation design rather than relying solely on vendor self‑reports. This lowers informational asymmetries when crafting oversight options.
- National security community and federal agencies — gain a centralized facility that runs classified adversarial tests and identifies weaponization or foreign‑actor risks, improving interagency situational awareness.
- Independent evaluators and accredited third‑party testers — the bill creates demand for blind model evaluation services and red‑team expertise, opening government contracting and classified evaluation work.
- Workers and labor policymakers — get data on potential economic and labor‑market impacts (job displacement or concentration risks) that the program is required to surface for Congress.
Who Bears the Cost
- AI developers (established firms and startups) — must disclose code, training data, and model parameters on request, submit to testing, and may face crippling daily fines if judged noncompliant, increasing compliance costs and legal exposure.
- Cloud providers and infrastructure vendors — will face additional customer demands for audit support, monitoring hooks, and potential legal friction when hosting covered training runs or deployments.
- Department of Energy — tasked with rapid program buildout, classified handling, and sustained red‑team testing with limited explicit appropriations in the text, creating operational and resourcing burdens.
- Open‑source communities and academic researchers — may confront unclear exposure where releasing models or weights triggers ‘deployment’ obligations or enforcement risk, chilling open research and distribution.
Key Issues
The Core Tension
The central dilemma is reconciling the urgent public‑safety and national‑security interest in centralized, empirical testing and the commercial and civil liberties interests in protecting trade secrets, research openness, and rapid innovation. The statute prioritizes risk mitigation by granting DOE intrusive technical access and severe penalties, but those same measures can chill legitimate development, push actors out of regulatory reach, or produce legal and operational obstacles that impede the very oversight the law seeks to enable.
The bill mixes a technical threshold (10^26 operations) with broad policy powers. A single numeric FLOPs threshold is easy to administer but brittle: it captures some high‑risk systems while missing lower‑compute systems that achieve emergent behaviors via algorithmic efficiency, transfer learning, or specialized architectures.
The Secretary’s rulemaking escape hatch partially mitigates this, but it requires Congress to affirm a new definition to be effective, which could be slow or politicized.
Mandating transfer of code, training data, and model weights to DOE raises immediate intellectual‑property, privacy, and liability questions. Proprietary datasets and models can contain trade secrets or personally identifiable information; the bill allows classified channels but does not provide a statutory compensatory or indemnity framework for private firms.
The $1,000,000 per‑day minimum fine is a blunt enforcement tool that can be administratively efficient but invites constitutional and proportionality challenges and could push noncompliant actors to retreat offshore or to obscure operations.
Operationally, DOE will need classified facilities, cyber‑defense posture, and red‑team talent at venture‑level sophistication. The statute mandates blind third‑party evaluations and recommends continuous monitoring of hardware and cloud usage, but it lacks explicit funding strings and narrow legal authority to compel third‑party cooperation (for example, to mandate data from foreign cloud operators).
That creates a gap between the program’s ambitions and practical reach, particularly over decentralized development chains and open‑source releases.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.