Get started free →
HR 9333 119th Congress · House

Bill to Create a National AI Flaw Reporting System

Advocate

Official title: AI Flaw Reporting and Security Enhancement Act

Analysis by · · + Track this bill

What This Bill Does

This bill directs the National Institute of Standards and Technology (NIST), working with the Cybersecurity and Infrastructure Security Agency, to build a voluntary program for reporting, collecting, and tracking artificial intelligence flaws. It would convene industry, academia, nonprofits, standards groups, civil society, and federal agencies to define AI-related terms, create taxonomies, develop reporting standards, and speed up detection and monitoring. The bill also contemplates a national database of AI flaws, or an upgrade to an existing database, to support standardized reporting. NIST would have to report back to Congress within three years of enactment.

  • Directs NIST to run a voluntary program for reporting, collecting, and tracking AI flaws.
  • Requires consultation with CISA and a broad multi-stakeholder process.
  • Calls for a national AI flaws database, or modification of an existing one.
  • Sets a 3-year deadline for NIST to report to Congress on implementation.
  • Defines AI flaws to include vulnerabilities, incidents, and other unsafe or undesirable behaviors.

Who This Bill Affects

Public Relevance 28 / 100
Niche Modest scope Broad

For most people, the bill would not directly change day-to-day obligations or benefits, because it is focused on building a voluntary reporting and tracking system for AI flaws rather than creating a new public program or entitlement. The main effect would be indirect: if adopted, it could make AI products and services safer over time by helping developers, researchers, and agencies share standardized information about incidents, vulnerabilities, and failure modes. If you work with AI systems, test them, regulate them, or buy them for a business, you could see more structured disclosure and monitoring practices tied to NIST standards and a national database.

See how this bill affects you — sign in for a personalized analysis

Who Supports & Opposes This

FOR
  • AI developers and model deployers A shared reporting system could help companies learn from failures across the industry instead of rediscovering the same problems repeatedly. Standard definitions and severity measures could also make internal safety reviews and external communication more consistent.
  • Researchers and universities Academic labs and research institutions often identify AI failures early but lack a common place to document them. A NIST-led framework and database could improve reproducibility, benchmarking, and cross-sector learning.
  • Cybersecurity and safety professionals Professionals working on AI risk want a clearer way to track incidents, vulnerabilities, and hazards. The bill’s emphasis on taxonomy, interoperability, and machine-readable reporting could improve monitoring and response.
AGAINST
  • AI startups and smaller developers Even a voluntary reporting framework can create compliance pressure, especially if industry norms make participation expected. Smaller firms may worry about the cost of documentation, classification, and maintaining reporting processes.
  • Companies concerned about public disclosure The bill asks NIST to develop norms for when it is appropriate to publicly disclose AI flaws, which could raise concerns about reputational harm or premature disclosure of sensitive security information. Firms may worry that shared databases could reveal product weaknesses before they are fixed.
  • Organizations skeptical of federal standard-setting Some stakeholders may object that NIST-led definitions and taxonomies could become de facto national rules for a fast-moving technology. They may prefer more flexible, private-sector-led approaches rather than a federally coordinated reporting infrastructure.

Key Implications

  • “support the voluntary reporting, collection, and tracking of artificial intelligence flaws”

    This creates a federal framework for documenting AI problems without forcing every developer to report. In practice, that could improve information-sharing while avoiding a direct mandate to disclose every issue.

  • “a national database of artificial intelligence flaws”

    The bill contemplates a central repository for AI incident and vulnerability information. That could help researchers and agencies see patterns across products and sectors, but it also raises questions about access, privacy, and disclosure.

  • “Definitions of ... Vulnerabilities ... Incidents ... Adverse events”

    By standardizing terms, the bill tries to reduce confusion about what counts as a flaw and how serious it is. That matters because different groups often use these words differently when describing AI failures.

  • “support the development of methods ... measures of severity or risk”

    This could help prioritize which AI issues get fixed first. A consistent severity framework would be especially useful for organizations managing many systems with different levels of risk.

  • “not later than three years after the date of enactment”

    NIST would have to brief Congress on implementation within three years, which creates a concrete oversight deadline. It signals that the bill is intended to produce a practical framework relatively quickly rather than a purely open-ended study.

Latest Status

June 18, 2026

Referred to the House Committee on Science, Space, and Technology.

Take Action

Get more from BillBoard

Free tools to understand, respond to, and track this bill.

Ask AI about this bill
Email your representative Read full bill text Track this bill

Data sourced from api.congress.gov.

Free to use · No credit card

Understand every bill.
Make your voice count.

BillBoard turns dense U.S. legislation into plain-English summaries, helps you take a stance, and connects you to your representatives — in seconds.

Get started free Analyze this bill →