UNOFFICIAL COPY 25 RS BR 1157
Page 1 of 24
XXXX 2/18/2025 1:20 PM Jacketed
AN ACT relating to protection of information and declaring an emergency. 1
Be it enacted by the General Assembly of the Commonwealth of Kentucky: 2
Section 1. KRS 42.722 is amended to read as follows: 3
As used in KRS 42.720 to 42.742: 4
(1) "Artificial intelligence" means a set of technologies that enables machines to 5
perform tasks under varying and unpredictable circumstances that typically 6
require human intelligence or oversight, or that can learn from experience and 7
improve performance; 8
(2) "Artificial intelligence system" means a machine-based computing system that: 9
(a) Is built upon algorithms that can operate under varying circumstances 10
autonomously without human intervention; 11
(b) Is built on technology designed to simulate human intelligence; 12
(c) Operates by making observations about environments or data to make 13
predictions and decisions that affect real or virtual environments; and 14
(d) Is capable of learning from its experiences and improving its capabilities; 15
(3) "Communications" or "telecommunications" means any transmission, emission, or 16
reception of signs, signals, writings, images, and sounds of intelligence of any 17
nature by wire, radio, optical, or other electromagnetic systems, and includes all 18
facilities and equipment performing these functions; 19
(4) "Consequential decision" means any decision that has a material, significant, or 20
legal effect on providing or denying services, cost, or terms to any citizen or 21
business; 22
(5) "Deployer" means any department, agency, and administrative body that deploys 23
or uses a high-risk artificial intelligence system; 24
(6) "Developer" means any department, agency, or administrative body that develops 25
or intentionally and substantially modifies a high-risk artificial intelligence 26
system that is offered, purchased, sold, leased, given, or otherwise provided to 27 UNOFFICIAL COPY 25 RS BR 1157
Page 2 of 24
XXXX 2/18/2025 1:20 PM Jacketed
citizens and businesses in the Commonwealth; 1
(7) "External artificial intelligence system" means artificial intelligence systems that 2
are used to: 3
(a) Analyze data about individual citizens or businesses within the 4
Commonwealth; 5
(b) Make decisions relating to such individual citizens or businesses; or 6
(c) Produce outputs directly accessible by such individual citizens or 7
businesses; 8
(8) "Foundation model" means a machine learning model that is trained on broad 9
data at scale, designed for generality of output, and can be adapted to a wide 10
range of distinctive tasks; 11
(9) "General-purpose artificial model" means any form of artificial intelligence 12
system that displays significant generality, is capable of performing a wide range 13
of distinct tasks, and can be integrated into a variety of subsequent applications 14
or systems; 15
(10) "Generative artificial intelligence system" means any artificial intelligence 16
system or service that incorporates generative artificial intelligence; 17
(11)[(2)] "Geographic information system" or "GIS" means a computerized database 18
management system for the capture, storage, retrieval, analysis, and display of 19
spatial or locationally defined data; 20
(12) (a) "High-risk artificial intelligence system" means any artificial intelligence 21
system that is a substantial factor in the decision-making process or 22
specifically intended to autonomously make a consequential decision. 23
(b) "High-risk artificial intelligence system" does not include a system or 24
service intended to perform a procedural task, improve the result of a 25
completed human activity, or detect decision-making patterns or deviations 26
from previous decision-making patterns and is not meant to replace or 27 UNOFFICIAL COPY 25 RS BR 1157
Page 3 of 24
XXXX 2/18/2025 1:20 PM Jacketed
influence human assessment without human review, or perform a 1
preparatory task in an assessment relevant to a consequential decision; 2
(13)[(3)] "Information resources" means the procedures, equipment, and software that 3
are designed, built, operated, and maintained to collect, record, process, store, 4
retrieve, display, and transmit information, and associated personnel; 5
(14)[(4)] "Information technology" means data processing and telecommunications 6
hardware, software, services, supplies, facilities, maintenance, and training that are 7
used to support information processing and telecommunications systems to include 8
geographic information systems; 9
(15) "Internal artificial intelligence system" means artificial intelligence systems that 10
are only used internally by departments, agencies, and administrative bodies to 11
increase efficiency, streamline internal processes, or otherwise improve the way 12
such organizations function internally; 13
(16) "Machine learning" means the development of algorithms to build data-derived 14
statistical models that are capable of drawing inferences from previously unseen 15
data without explicit human instruction; 16
(17)[(5)] "Personal information" has the same meaning as in KRS 61.931; 17
(18)[(6)] "Project" means a program to provide information technologies support to 18
functions within an executive branch state agency, which should be characterized 19
by well-defined parameters, specific objectives, common benefits, planned 20
activities, expected outcomes and completion dates, and an established budget with 21
a specified source of funding; 22
(19)[(7)] "Security breach" has the same meaning as in KRS 61.931; and 23
(20)[(8)] "Technology infrastructure" means any computing equipment, servers, 24
networks, storage, desktop support, telephony, enterprise shared systems, 25
information technology security, disaster recovery, business continuity, database 26
administration, and software licensing. 27 UNOFFICIAL COPY 25 RS BR 1157
Page 4 of 24
XXXX 2/18/2025 1:20 PM Jacketed
Section 2. KRS 42.726 is amended to read as follows: 1
(1) The Commonwealth Office of Technology shall be the lead organizational entity 2
within the executive branch regarding delivery of information technology services, 3
including application development and delivery, and shall serve as the single 4
information technology authority for the Commonwealth. 5
(2) The roles and duties of the Commonwealth Office of Technology shall include but 6
not be limited to: 7
(a) Providing technical support and services to all executive agencies of state 8
government in the application of information technology; 9
(b) Assuring compatibility and connectivity of Kentucky's information systems; 10
(c) Developing strategies and policies to support and promote the effective 11
applications of information technology within state government as a means of 12
saving money, increasing employee productivity, and improving state services 13
to the public, including electronic public access to information of the 14
Commonwealth; 15
(d) Developing, implementing, and managing strategic information technology 16
directions, standards, and enterprise architecture, including implementing 17
necessary management processes to ensure full compliance with those 18
directions, standards, and architecture; 19
(e) Promoting effective and efficient design and operation of all major 20
information resources management processes for executive branch agencies, 21
including improvements to work processes; 22
(f) Developing, implementing, and maintaining the technology infrastructure of 23
the Commonwealth and all related support staff, planning, administration, 24
asset management, and procurement for all executive branch cabinets and 25
agencies except: 26
1. Agencies led by a statewide elected official; 27 UNOFFICIAL COPY 25 RS BR 1157
Page 5 of 24
XXXX 2/18/2025 1:20 PM Jacketed
2. The nine (9) public institutions of postsecondary education; 1
3. The Department of Education's services provided to local school 2
districts; 3
4. The Kentucky Retirement Systems, the County Employees Retirement 4
System, the Kentucky Public Pensions Authority, and the Teachers' 5
Retirement System; 6
5. The Kentucky Housing Corporation; 7
6. The Kentucky Lottery Corporation; 8
7. The Kentucky Higher Education Student Loan Corporation; and 9
8. The Kentucky Higher Education Assistance Authority; 10
(g) Facilitating and fostering applied research in emerging technologies that offer 11
the Commonwealth innovative business solutions; 12
(h) Reviewing and overseeing large or complex information technology projects 13
and systems for compliance with statewide strategies, policies, and standards, 14
including alignment with the Commonwealth's business goals, investment, 15
and other risk management policies. The executive director is authorized to 16
grant or withhold approval to initiate these projects; 17
(i) Integrating information technology resources to provide effective and 18
supportable information technology applications in the Commonwealth; 19
(j) Establishing the central statewide geographic information clearinghouse to 20
maintain map inventories, information on current and planned geographic 21
information systems applications, information on grants available for the 22
acquisition or enhancement of geographic information resources, and a 23
directory of geographic information resources available within the state or 24
from the federal government; 25
(k) Coordinating multiagency information technology projects, including 26
overseeing the development and maintenance of statewide base maps and 27 UNOFFICIAL COPY 25 RS BR 1157
Page 6 of 24
XXXX 2/18/2025 1:20 PM Jacketed
geographic information systems; 1
(l) Providing access to both consulting and technical assistance, and education 2
and training, on the application and use of information technologies to state 3
and local agencies; 4
(m) In cooperation with other agencies, evaluating, participating in pilot studies, 5
and making recommendations on information technology hardware and 6
software; 7
(n) Providing staff support and technical assistance to the Geographic 8
Information Advisory Council and the Kentucky Information Technology 9
Advisory Council; 10
(o) Overseeing the development of a statewide geographic information plan with 11
input from the Geographic Information Advisory Council; 12
(p) Developing for state executive branch agencies a coordinated security 13
framework and model governance structure relating to the privacy and 14
confidentiality of personal information collected and stored by state executive 15
branch agencies, including but not limited to: 16
1. Identification of key infrastructure components and how to secure them; 17
2. Establishment of a common benchmark that measures the effectiveness 18
of security, including continuous monitoring and automation of 19
defenses; 20
3. Implementation of vulnerability scanning and other security 21
assessments; 22
4. Provision of training, orientation programs, and other communications 23
that increase awareness of the importance of security among agency 24
employees responsible for personal information; and 25
5. Development of and making available a cyber security incident response 26
plan and procedure;[ and] 27 UNOFFICIAL COPY 25 RS BR 1157
Page 7 of 24
XXXX 2/18/2025 1:20 PM Jacketed
(q) Establishing, publishing, maintaining and implementing comprehensive 1
policy standards and procedures for the responsible, ethical, and 2
transparent use of generative artificial intelligence systems and high-risk 3
artificial intelligence systems, including but not limited to policy standards 4
and procedures that: 5
1. Govern their procurement, implementation, and ongoing assessment; 6
2. Address and provide resources for security of data and privacy; and 7
3. Create guidelines for acceptable use policies for integrating high-risk 8
artificial intelligence systems; and 9
(r) Preparing proposed legislation and funding proposals for the General 10
Assembly that will further solidify coordination and expedite implementation 11
of information technology systems. 12
(3) The Commonwealth Office of Technology may: 13
(a) Provide general consulting services, technical training, and support for 14
generic software applications, upon request from a local government, if the 15
executive director finds that the requested services can be rendered within the 16
established terms of the federally approved cost allocation plan; 17
(b) Promulgate administrative regulations in accordance with KRS Chapter 13A 18
necessary for the implementation of KRS 42.720 to 42.742, 45.253, 171.420, 19
186A.040, and 186A.285; 20
(c) Solicit, receive, and consider proposals from any state agency, federal agency, 21
local government, university, nonprofit organization, private person, or 22
corporation; 23
(d) Solicit and accept money by grant, gift, donation, bequest, legislative 24
appropriation, or other conveyance to be held, used, and applied in accordance 25
with KRS 42.720 to 42.742, 45.253, 171.420, 186A.040, and 186A.285; 26
(e) Make and enter into memoranda of agreement and contracts necessary or 27 UNOFFICIAL COPY 25 RS BR 1157
Page 8 of 24
XXXX 2/18/2025 1:20 PM Jacketed
incidental to the performance of duties and execution of its powers, including 1
but not limited to agreements or contracts with the United States, other state 2
agencies, and any governmental subdivision of the Commonwealth; 3
(f) Accept grants from the United States government and its agencies and 4
instrumentalities, and from any source, other than any person, firm, or 5
corporation, or any director, officer, or agent thereof that manufactures or 6
sells information resources technology equipment, goods, or services. To 7
these ends, the Commonwealth Office of Technology shall have the power to 8
comply with those conditions and execute those agreements that are 9
necessary, convenient, or desirable; and 10
(g) Purchase interest in contractual services, rentals of all types, supplies, 11
materials, equipment, and other services to be used in the research and 12
development of beneficial applications of information resources technologies. 13
Competitive bids may not be required for: 14
1. New and emerging technologies as approved by the executive director 15
or her or his designee; or 16
2. Related professional, technical, or scientific services, but contracts shall 17
be submitted in accordance with KRS 45A.690 to 45A.725. 18
(4) Nothing in this section shall be construed to alter or diminish the provisions of KRS 19
171.410 to 171.740 or the authority conveyed by these statutes to the Archives and 20
Records Commission and the Department for Libraries and Archives. 21
(5) The Commonwealth Office of Technology shall, on or before October 1 of each 22
year, submit to the Legislative Research Commission a report in accordance with 23
KRS 57.390 detailing: 24
(a) Any security breaches that occurred within organizational units of the 25
executive branch of state government during the prior fiscal year that required 26
notification to the Commonwealth Office of Technology under KRS 61.932; 27 UNOFFICIAL COPY 25 RS BR 1157
Page 9 of 24
XXXX 2/18/2025 1:20 PM Jacketed
(b) Actions taken to resolve the security breach, and to prevent additional security 1
breaches in the future; 2
(c) A general description of what actions are taken as a matter of course to protect 3
personal data from security breaches; and 4
(d) Any quantifiable financial impact to the agency reporting a security breach. 5
SECTION 3. A NEW SECTION OF KRS 42.720 TO 42.742 IS CREATED TO 6
READ AS FOLLOWS: 7
(1) The Commonwealth Office of Technology shall create an Artificial Intelligence 8
Governance Committee to: 9
(a) Develop policy standards and guiding principles to mitigate risks and 10
protect data and privacy of Kentucky citizens and businesses that adhere to 11
the latest version of Standard ISO/IEC 42001 of the International 12
Organization for Standardization; 13
(b) Establish technology standards to provide protocols and requirements for 14
the use of generative artificial intelligence and high-risk artificial 15
intelligence systems; 16
(c) Ensure transparency in the use of artificial intelligence systems; 17
(d) Maintain a centralized registry to include current inventory of generative 18
artificial intelligence systems and high-risk artificial intelligence systems; 19
and 20
(e) Develop an approval process to include a registry of application, use case, 21
and decision rationale. 22
(2) The Artificial Intelligence Governance Committee shall develop policies and 23
procedures to ensure that any department, program, cabinet, agency, or 24
administrative body that utilizes and accesses the Commonwealth's information 25
technology and technology infrastructure shall: 26
(a) Verify the use and development of generative artificial intelligence systems 27 UNOFFICIAL COPY 25 RS BR 1157
Page 10 of 24
XXXX 2/18/2025 1:20 PM Jacketed
and high-risk artificial intelligence systems, and that any information 1
utilized or produced is trusted, safe, and secure; and 2
(b) Act in compliance with responsible, ethical, and transparent procedures to 3
implement the use of artificial intelligence technologies by: 4
1. Ensuring artificial intelligence models have comprehensive and 5
complete documentation that is available for review and inspection; 6
2. Requiring validation by humans for bias, unintended consequences, 7
and correctness for all outcomes from generative and high-risk 8
artificial intelligence systems; 9
3. Ensuring the use of generative artificial intelligence and high-risk 10
artificial intelligence systems are resilient, accountable, and 11
explainable; and 12
4. Prohibiting the use of unexplainable artificial intelligence capabilities 13
in any decision-making or approval or denial processes in state 14
government functions. 15
(3) The Commonwealth Office of Technology shall prioritize personal privacy and 16
the protection of the data of individuals and businesses as the state develops, 17
implements, employs, and procures artificial intelligence systems, generative 18
artificial intelligence systems, and high-risk artificial intelligence systems by 19
ensuring all departments, agencies, and administrative bodies: 20
(a) Allow only the use of necessary data in artificial intelligence systems; 21
(b) Do not allow unrestricted access to personal data controlled by the 22
Commonwealth; and 23
(c) Secure all data and implement a timeframe for data retention. 24
(4) To maintain and secure the technology infrastructure, information technology, 25
information resources, and personal information, all departments, agencies, and 26
administrative bodies shall be subject to the centralized approval process in 27 UNOFFICIAL COPY 25 RS BR 1157
Page 11 of 24
XXXX 2/18/2025 1:20 PM Jacketed
subsection (5) of this section for both the internal and external utilization of 1
generative artificial intelligence systems or high-risk artificial intelligence 2
systems. 3
(5) (a) The Commonwealth Office of Technology shall ensure the implementation 4
of generative artificial intelligence and high-risk artificial intelligence in 5
agency use and business processes is only considered if there is a positive 6
outcome for citizens. A department, agency, or administrative body shall: 7
1. Demonstrate that the use of artificial intelligence is the best solution to 8
yield the intended outcome by examining other technology and process 9
applications available prior to employing the capabilities of artificial 10
intelligence; and 11
2. Provide a statement of intent for each use case of the artificial 12
intelligence application, and indicate whether the outcome of artificial 13
intelligence will make a recommendation to the user or make a 14
determination on behalf of the user. 15
(b) When a department, agency, or administrative body seeks approval to 16
develop, implement, employ, or procure any internal or external artificial 17
intelligence systems, the request shall: 18
1. Be entered into a registry maintained by the Commonwealth Office of 19
Technology; and 20
2. Include the planned artificial intelligence use case and any necessary 21
documentation. 22
(c) The executive director of the Commonwealth Office of Technology shall: 23
1. Review and approve or disapprove each request for use of artificial 24
intelligence; and 25
2. Retain records of the specific artificial intelligence use and decision 26
rationale for an approval or disapproval. 27 UNOFFICIAL COPY 25 RS BR 1157
Page 12 of 24
XXXX 2/18/2025 1:20 PM Jacketed
(d) At a minimum, the executive director of the Commonwealth Office of 1
Technology shall consider and document: 2
1. Whether the artificial intelligence system is fair and will not result in 3
discrimination against any individual or group of individuals; 4
2. How the use of generative artificial intelligence or other artificial 5
intelligence capabilities will benefit the citizens of the Commonwealth 6
and serve the objectives of the department or agency; 7
3. Whether adequate oversight and human interaction of the artificial 8
intelligence system exists; 9
4. The potential risks, including cybersecurity, data protection and 10
privacy, and health and safety of individuals and businesses, and a 11
mitigation strategy to any identified or potential risk; and 12
5. The proper control and management for all data possessed by the 13
Commonwealth to maintain security and data quality. 14
(6) (a) A department, agency, or administrative body shall disclose to the public, 15
through a clear and conspicuous disclaimer, when generative artificial 16
intelligence, artificial intelligence systems, or other artificial intelligence-17
related capabilities are used: 18
1. To render any decision regarding individual citizens or businesses 19
within the state; 20
2. In any process, or to produce materials used by the system or humans, 21
to inform a decision or create an output; or 22
3. To produce information or outputs accessible by citizens and 23
businesses. 24
(b) When an artificial intelligence system makes external decisions related to 25
citizens of the Commonwealth, a department, agency, or administrative 26
body shall: 27 UNOFFICIAL COPY 25 RS BR 1157
Page 13 of 24
XXXX 2/18/2025 1:20 PM Jacketed
1. Disclose how artificial intelligence is used in the decision-making 1
process; 2
2. Provide the extent of human involvement in validating and oversight 3
of any decision made; and 4
3. Make readily available options for individuals to appeal a 5
consequential decision that involves artificial intelligence. 6
(c) Any disclaimer under paragraph (a) of this subsection shall also provide 7
information regarding third-party artificial intelligence products or 8
programs, including but not limited to: 9
1. Data sets used; 10
2. Data and time parameters in the data set; 11
3. Description of biases embedded in the program; and 12
4. Any warranties provided by the owner of the artificial intelligence 13
program and subsequent data outputs. 14
(7) All departments, agencies, and administrative bodies shall submit for review all 15
third-party high-risk artificial intelligence developers, system administrators, 16
providers, and contractors by the Commonwealth Office of Technology in order 17
to mitigate the risk of data breaches, unauthorized access, or misuse of personal 18
information. The review process shall include but is not limited to: 19
(a) Assessing the ability to deliver value to the citizens of the Commonwealth 20
and evaluate their trust, safety, and security procedures; 21
(b) Ensuring utilization of the Commonwealth's data collection and utilization 22
standards, comply with any applicable laws, policies, and administrative 23
regulations, and adhere to the latest version of Standard ISO/IEC 42001 of 24
the International Organization for Standardization; 25
(c) Reviewing the results of testing conducted by the developer to verify the 26
efficacy of the generative artificial intelligence or high-risk artificial 27 UNOFFICIAL COPY 25 RS BR 1157
Page 14 of 24
XXXX 2/18/2025 1:20 PM Jacketed
intelligence systems, including but not limited to: 1
1. The cybersecurity and physical security; 2
2. The potential risks associated; and 3
3. Any of the potential biases that could result in unlawful 4
discrimination; 5
(d) Assessing the audit reports, product roadmaps, warranties, terms of service, 6
end-user license agreements, contracts, and any other documentation in the 7
assessment of risk management activities; and 8
(e) Implementing and maintaining a comprehensive inventory of all third-party 9
material used or required for the use of all third-party generative artificial 10
intelligence or other artificial intelligence related capabilities; 11
(8) The Commonwealth Office of Technology shall establish policies to encompass 12
legal and ethical frameworks to ensure that any artificial intelligence systems 13
shall align with existing laws, administrative regulations, and guidelines, which 14
shall be updated at least annually to maintain compliance as technology and 15
industry best practices evolve. 16
(9) Operating standards for utilization of high-risk artificial intelligence systems 17
shall: 18
(a) Prohibit the use of a high-risk artificial intelligence system to render a 19
consequential decision without the design and implementation of a risk 20
management policy and program for high-risk artificial intelligence 21
systems. The risk management policy shall; 22
1. Specify principles, process, and personnel that shall be utilized to 23
maintain the risk management program; and 24
2. Identify, mitigate, and document any bias or potential bias that is a 25
potential consequence of use in making a consequential decision; and 26
(b) Each risk management policy designed and implemented shall at a 27 UNOFFICIAL COPY 25 RS BR 1157
Page 15 of 24
XXXX 2/18/2025 1:20 PM Jacketed
minimum adhere to the latest version of Standard ISO/IEC 42001 of the 1
International Organization for Standardization, or another national or 2
internationally recognized risk management framework for artificial 3
intelligence systems, and consider: 4
1. The size and complexity of the deployer; 5
2. Nature and scope and intended use of the high-risk artificial 6
intelligence system and is deployer; and 7
3. The sensitivity and volume of data processed. 8
(10) (a) The use of a high-risk artificial intelligence system shall not be used to 9
make a consequential decision without a completed impact assessment that 10
shall be completed before initial use and no later than ninety (90) days after 11
each significant update. 12
(b) Each impact assessment for a high-risk artificial intelligence system shall 13
include but not be limited to: 14
1. A statement disclosing the purpose, intended use case, and benefits; 15
2. Identify if the use creates a potential risk and measures to prevent bias 16
or unlawful discrimination; 17
3. A statement that any post-deployment assessments for significant 18
updates are consistent with or vary from the agency's intended use; 19
4. A description of categories of the process inputs and outputs, 20
including any description of data categories used for customization; 21
5. A list of any metrics for performance evaluation and known 22
limitations; 23
6. A description of transparency measures; and 24
7. A description of monitoring, user safeguards, and any oversight 25
processes to addresses issues from the implementation or use of a 26
high-risk artificial intelligence system. 27 UNOFFICIAL COPY 25 RS BR 1157
Page 16 of 24
XXXX 2/18/2025 1:20 PM Jacketed
(11) The Commonwealth Office of Technology shall provide education and training of 1
employees about the benefits and risks of artificial intelligence and allowable use 2
policies. 3
(12) (a) The Commonwealth Office of Technology shall transmit reports to the 4
Legislative Research Committee and the Interim Joint Committee on State 5
Government by December 1, 2025, and annually every year thereafter. The 6
reports shall include: 7
1. The artificial intelligence registry in subsection (5)(b)1. of this section, 8
which shall include the current inventory of artificial intelligence 9
utilized in state government; 10
2. Applications received for use of artificial intelligence, including the 11
decision and rationale in approving or disapproving a request in 12
compliance with subsection (5)(c) of this section; and 13
3. Third-party artificial intelligence developers, system administrators, 14
providers, and contractors submitted for review in compliance with 15
subsection (5) of this section. 16
(b) To facilitate the report in paragraph (a) of this subsection the 17
Commonwealth Office of Technology shall receive from each department, 18
agency, and administrative body a report examining and identifying 19
potential use cases for the deployment of generative artificial intelligence 20
systems and high-risk artificial intelligence systems, including a description 21
of the benefits and risks to individuals, communities, government and 22
government, employees. 23
(13) The Commonwealth Office of Technology shall promulgate administrative 24
regulations in accordance with KRS Chapter 13A to implement this section and 25
Section 2 of this Act by July 1, 2025. 26
Section 4. KRS 117.001 is amended to read as follows: 27 UNOFFICIAL COPY 25 RS BR 1157
Page 17 of 24
XXXX 2/18/2025 1:20 PM Jacketed
As used in this chapter[, unless the context otherwise requires]: 1
(1) "Audit log" means a detailed record of all actions and events that have occurred on 2
the voting system, including: 3
(a) Log-in attempts with username and time stamp; 4
(b) Election definition and setup; 5
(c) Ballot preparation and results processing; 6
(d) Diagnostics of any type; and 7
(e) Error and warning messages and operator response; 8
(2) "Automatic tabulating equipment" means apparatus necessary to automatically 9
examine and count votes as designated on ballots and data processing machines 10
which can be used for counting ballots and tabulating results; 11
(3) "Ballot" or "official ballot" means the official presentation of offices and candidates 12
to be voted for, including write-in candidates, and all public questions submitted for 13
determination, and shall include a voting machine ballot, a paper ballot, an absentee 14
ballot, a federal provisional ballot, a federal provisional absentee ballot, or a 15
supplemental paper ballot which has been authorized for the use of voters in any 16
primary, regular election, or special election by the Secretary of State or the county 17
clerk; 18
(4) "Ballot box" means any box, bag, or other container that can be locked, sealed, or 19
otherwise rendered tamper-resistant, for receiving ballots; 20
(5) "Ballot marking device" means any approved device for marking a ballot which 21
will enable the ballot to be tabulated manually or by means of automatic tabulating 22
equipment; 23
(6) "Election" or "elections" means any primary, regular election, or special election; 24
(7) "Election officer" has the same meaning as in KRS 118.015; 25
(8) (a) "Electioneering communication" means any communication broadcast by 26
cable, internet, television, or radio, printed in a newspaper or on a billboard, 27 UNOFFICIAL COPY 25 RS BR 1157
Page 18 of 24
XXXX 2/18/2025 1:20 PM Jacketed
directly mailed or delivered by hand to personal residences, or in telephone 1
calls made to personal residences, otherwise distributed that: 2
1. Unambiguously refers to any candidate for any state, county, city, or 3
district office, or to any ballot measure; 4
2. Occurs within forty-five (45) days before a primary or general 5
election; and 6
3. Is received by an audience that includes members of the electorate for 7
such public office or the electorate associated with the ballot 8
containing the ballot measure. 9
(b) "Electioneering communication" does not include: 10
1. Any news articles, editorial endorsements, opinions or commentary, 11
writings, or letters to the editor printed in a newspaper, magazine, or 12
other periodical not owned or controlled by a candidate, committee, or 13
political party; 14
2. Any editorial endorsements or opinions aired by a broadcast facility 15
not owned or controlled by a candidate, committee, or political party; 16
3. Any communication by persons made in the regular course and scope 17
of their business or any communication made by a membership 18
organization solely to members of such an organization and their 19
families; 20
4. Any communication that refers to any candidate only as part of the 21
popular name of a bill or statute; or 22
5. A communication that constitutes a contribution or independent 23
expenditure as defined in KRS 121.015; 24
(9) "E-poll book" means an electronic device capable of holding a file of voter data and 25
related information for use in identifying registered voters prior to a voter's 26
receiving or casting a ballot, and allowing a voter to electronically sign in on an 27 UNOFFICIAL COPY 25 RS BR 1157
Page 19 of 24
XXXX 2/18/2025 1:20 PM Jacketed
electronic registered voter roster in lieu of signing a paper registered voter roster; 1
(10)[(9)] "Federal provisional voter" means a person: 2
(a) Who does not appear to be registered to vote; 3
(b) Whose name does not appear on the precinct roster; 4
(c) Who has not provided proof of identification to the precinct election officer 5
before voting in a federal election; and 6
(d) Who elects to proceed with voting a federal provisional ballot under KRS 7
117.229; 8
(11)[(10)] "Federal provisional ballot" or "federal provisional absentee ballot" means 9
ballots which have been authorized by the Secretary of State or the county clerk to 10
be used by federal provisional voters in any federal primary or election; 11
(12)[(11)] "Information content provider" means any person or entity that is 12
responsible, in whole or in part, for the creation or development of information 13
provided through the internet or any other interactive computer service; 14
(13) "Inner envelope" or "secrecy envelope" means the envelope provided to the voter 15
with a ballot into which the voter shall place his or her voted ballot; 16
(14) "Interactive computer service" means any information service, system, or access 17
software provider that provides or enables computer access by multiple users to a 18
computer server, including specifically a service or system that provides access to 19
the internet and such services offered or systems operated by libraries or 20
educational institutions; 21
(15)[(12)] "Political group" has the same meaning as in KRS 118.015; 22
(16)[(13)] "Political organization" has the same meaning as in KRS 118.015; 23
(17)[(14)] "Precinct ballot counter" means an automatic tabulating device used at the 24
precinct to tabulate and process ballots; 25
(18)[(15)] "Proof of identification" means a document that was issued by: 26
(a) The United States or the Commonwealth of Kentucky, and the document 27 UNOFFICIAL COPY 25 RS BR 1157
Page 20 of 24
XXXX 2/18/2025 1:20 PM Jacketed
contains: 1
1. The name of the individual to whom the document was issued; and 2
2. A photograph of the individual to whom the document was issued; 3
(b) The United States Department of Defense, a branch of the uniformed services, 4
the Merchant Marine, or the Kentucky National Guard, and the document 5
contains: 6
1. The name of the individual to whom the document was issued; and 7
2. A photograph of the individual to whom the document was issued; 8
(c) A public or private college, university, or postgraduate technical or 9
professional school located within the United States, and the document 10
contains: 11
1. The name of the individual to whom the document was issued; and 12
2. A photograph of the individual to whom the document was issued; or 13
(d) Any city government, county government, urban-county government, charter 14
county government, consolidated local government, or unified local 15
government, which is located within this state, and the document contains: 16
1. The name of the individual to whom the document was issued; and 17
2. A photograph of the individual to whom the document was issued; 18
(19) "Sponsor" means the person or entity paying for the electioneering 19
communication. If a person or entity acts as an agent for another or is 20
reimbursed by another for the payment, the original source of the payment is the 21
sponsor; 22
(20) (a) 1. "Synthetic media" means an image, audio recording, or video 23
recording of an identifiable natural individual's appearance, action, 24
or speech that has been intentionally manipulated with the use of 25
generative adversarial network techniques or other digital technology 26
in a manner to create a realistic but false image, audio, or video that 27 UNOFFICIAL COPY 25 RS BR 1157
Page 21 of 24
XXXX 2/18/2025 1:20 PM Jacketed
produces: 1
a. A depiction that, to a reasonable individual, is of an identifiable 2
natural individual in appearance, action, or speech that did not 3
actually occur in reality and that was created without the consent 4
of such individual; and 5
b. A fundamentally different understanding or impression of the 6
appearance, action, or speech than a reasonable person would 7
have from the unaltered, original version of the image, audio 8
recording, or video recording. 9
2. As used in this subparagraph: 10
a. "Generative adversarial network" means a machine learning 11
model that uses neural networks to develop new data and make 12
more accurate predictions; and 13
b. "Neural network" means a machine learning algorithm modeled 14
on the human brain and nervous system. 15
(b) "Synthetic media" does not include content that contains a disclosure 16
under subsection (2) of Section 5 of this Act. 17
(21)[(16)] "Voting booth" or "ballot completion area" means an area in which a voter 18
casts his or her vote or completes his or her ballot which is designed to ensure the 19
secrecy of the vote; 20
(22)[(17)] "Vote center" means a consolidated precinct of the county; 21
(23)[(18)] "Voting equipment" means any physical component of a voting system and 22
includes voting machines where voting machines are in operation; 23
(24)[(19)] "Voting machine" or "machine": 24
(a) Means a part of a voting system that consists of one (1) or more electronic 25
devices that operate independently or as a combination of a ballot marking 26
device and an electronic or automatic vote tabulation device; and 27 UNOFFICIAL COPY 25 RS BR 1157
Page 22 of 24
XXXX 2/18/2025 1:20 PM Jacketed
(b) Does not include an e-poll book; 1
(25)[(20)] "Voting system": 2
(a) Means the total combination of physical, mechanical, electromechanical, or 3
electronic equipment, including the software, hardware, firmware, and 4
documentation required to program, control, and support that equipment, that 5
is used to: 6
1. Define ballots; 7
2. Cast and count votes; 8
3. Report or display election results; and 9
4. Maintain and produce any audit trail information; 10
(b) Includes the practices and associated documentation used to: 11
1. Identify system components and versions of those components; 12
2. Test the system during its development and maintenance; 13
3. Maintain records of system errors and defects; 14
4. Determine specific system changes to be made to a system after the 15
initial qualification of the system; 16
5. Make available any materials to the voter, such as notices, instructions, 17
forms, or paper ballots; and 18
(c) Does not include an e-poll book; and 19
(26)[(21)] "Voter-verified paper audit trail" means a contemporaneous paper record of a 20
ballot printed for the voter to confirm his or her votes before the voter casts his or 21
her ballot that: 22
(a) Allows the voter to verify the voter's ballot choices before the casting of the 23
voter's ballot; 24
(b) Is not retained by the voter; 25
(c) Does not contain individual voter information; 26
(d) Is produced on paper that is sturdy, clean, and resistant to degradation; and 27 UNOFFICIAL COPY 25 RS BR 1157
Page 23 of 24
XXXX 2/18/2025 1:20 PM Jacketed
(e) Is readable in a manner that makes the voter's ballot choices obvious to the 1
voter or any person without the use of computer or electronic code. 2
SECTION 5. A NEW SECTION OF KRS CHAPTER 117 IS CREATED TO 3
READ AS FOLLOWS: 4
(1) Any election officer or candidate for any elected office whose appearance, action, 5
or speech is altered through the use of synthetic media in an electioneering 6
communication may: 7
(a) Seek injunctive or other equitable relief against the sponsor of the 8
electioneering communication prohibiting the publication of that synthetic 9
media; and 10
(b) Bring an action for damages against the sponsor of the electioneering 11
communication. The court may also award a prevailing party reasonable 12
attorney's fees and costs. This paragraph does not limit or preclude a 13
plaintiff from securing or recovering any other available remedy. 14
(2) It is an affirmative defense for any action brought under subsection (1) of this 15
section that the electioneering communication containing synthetic media 16
includes a disclosure that is clear and conspicuous and included in, or alongside 17
and associated with, the content in a manner that is likely to be noticed by the 18
user. 19
(3) Any action brought under subsection (1) of this section shall be filed in the 20
Circuit Court of the county in which the plaintiff resides. 21
(4) In any action brought under subsection (1) of this section, the plaintiff bears the 22
burden of establishing the use of synthetic media by clear and convincing 23
evidence. 24
(5) In any action brought under subsection (1) of this section: 25
(a) The sponsor of the electioneering communication may be held liable; and 26
(b) The medium disseminating the electioneering communication and the 27 UNOFFICIAL COPY 25 RS BR 1157
Page 24 of 24
XXXX 2/18/2025 1:20 PM Jacketed
advertising sales representative of such medium shall not be held liable, 1
except as provided in subsection (6) of this section. 2
(6) Except when a licensee, programmer, or operator of a federally licensed 3
broadcasting station transmits an electioneering communication that is subject to 4
47 U.S.C. sec. 315, a medium or its advertising sales representative may be held 5
liable in a cause of action brought under subsection (1) of this section if: 6
(a) The person intentionally removes any disclosure described in subsection (2) 7
of this section from the electioneering communication it disseminates and 8
does not remove the electioneering communication or replace the disclosure 9
when notified; or 10
(b) Subject to affirmative defenses described in subsection (2) of this section, 11
the person changes the content of an electioneering communication in a 12
manner that results in it qualifying as synthetic media. 13
(7) (a) A provider or user of an interactive computer service shall not be treated as 14
the publisher or speaker of any information provided by another 15
information content provider. 16
(b) An interactive computer service may be held liable in accordance with 17
subsection (6) of this section. 18
(8) Courts are encouraged to determine matters under this section expediently. 19
Section 6. Whereas implementing governance to maximize the opportunities for 20
the responsible and ethical use of artificial intelligence is vitally important to combat the 21
critical impact artificial intelligence can have on the security of data and information in 22
the Commonwealth and it is critically important to protect candidates and election 23
officers from fraudulent misrepresentations of themselves and their issues, an emergency 24
is declared to exist, and this Act takes effect upon its passage and approval by the 25
Governor or upon its otherwise becoming a law. 26