North Carolina 2025-2026 Regular Session

North Carolina Senate Bill S735 Compare Versions

Version 1 (Old)

Version 2 (New)

Old	New		Differences
1	1		GENERAL ASSEMBLY OF NORTH CAROLINA
2	2		SESSION 2025
3		-	S 1
4		-	SENATE BILL 735
	3	+	S D
	4	+	SENATE BILL DRS35250-MCa-139A
	5	+
5	6
6	7
7	8		Short Title: AI Innovation Trust Fund. (Public)
8	9		Sponsors: Senators Salvador, Garrett, and Murdock (Primary Sponsors).
9		-	Referred to: ~~Rules and Operations of the Senate~~
10		-	~~March 26, 2025~~
11		-	~~S735 -v-1~~
	10	+	Referred to:
	11	+
	12	+	DRS35250 -MCa-139A
12	13		A BILL TO BE ENTITLED 1
13	14		AN ACT TO ENACT THE ARTIFICIAL INTELLIGENCE INNOVATION TRUST FUND . 2
14	15		Whereas, recognizing the rapidly evolving nature of artificial intelligence and the 3
15	16		importance of responsible innovation, the General Assembly intends this Act to establish an 4
16	17		exploratory, iterative approach to AI governance, inviting stakeholder input and encouraging 5
17	18		collaborative development of appropriate and proportionate AI regulations; Now, therefore, 6
18	19		The General Assembly of North Carolina enacts: 7
19	20		SECTION 1. Article 10 of Chapter 143B of the General Statutes is amended by 8
20	21		adding a new Part to read: 9
21	22		"Part 18A. Artificial Intelligence Innovation. 10
22	23		"§ 143B-472.83A. Artificial Intelligence Innovation Trust Fund. 11
23	24		(a) Fund. – There is established a special, nonreverting fund to be known as the North 12
24	25		Carolina Artificial Intelligence Innovation Trust Fund. The Secretary of Commerce shall be the 13
25	26		trustee of the fund and shall expend money from the fund to (i) provide grants or other financial 14
26	27		assistance to companies developing or deploying artificial intelligence models in key industry 15
27	28		sectors or (ii) establish or promote artificial intelligence entrepreneurship programs, which may 16
28	29		include partnerships with research institutions in the State or other entrepreneur support 17
29	30		organizations. The fund shall consist of appropriations to the Department of Commerce to be 18
30	31		allocated to the fund, interest earned on money in the fund, and any other grants, premiums, gifts, 19
31	32		reimbursements or other contributions received by the State from any source for or in support of 20
32	33		the purposes described in this subsection. Funds in the fund are hereby appropriated to the 21
33	34		Department for the purposes set forth in this section, and, except as otherwise expressly provided, 22
34	35		the provisions of this section apply to persons receiving a grant or assistance from the fund. Funds 23
35	36		provided under this Part shall not support projects involving artificial intelligence intended for 24
36	37		mass surveillance infringing constitutional rights, unlawful social scoring, discriminatory 25
37	38		profiling based on protected characteristics, or generating deceptive digital content intended for 26
38	39		fraudulent or electoral interference purposes. 27
39	40		(b) Definitions. – The following definitions apply in this section: 28
40	41		(1) Advanced persistent threat. – An adversary with sophisticated levels of 29
41	42		expertise and significant resources that allow it, through the use of multiple 30
42	43		different attack vectors including, but not limited to, cyber, physical or 31
43	44		deception, to generate opportunities to achieve objectives including, but not 32
44	45		limited to, (i) establishing or extending its presence within the information 33
45	46		technology infrastructure of an organization for the purpose of exfiltrating 34
46		-	information; (ii) undermining or impeding critical aspects of a mission, 35 General Assembly Of North Carolina Session 2025
47		-	Page 2 Senate Bill 735-First Edition
	47	+	information; (ii) undermining or impeding critical aspects of a mission, 35
	48	+	FILED SENATE
	49	+	Mar 25, 2025
	50	+	S.B. 735
	51	+	PRINCIPAL CLERK General Assembly Of North Carolina Session 2025
	52	+	Page 2 DRS35250-MCa-139A
48	53		program or organization; or (iii) placing itself in a position to do so in the 1
49	54		future. 2
50	55		(2) Artificial intelligence. – An engineered or machine-based system that varies 3
51	56		in its level of autonomy and which may, for explicit or implicit objectives, 4
52	57		infer from the input it receives how to generate outputs that may influence 5
53	58		physical or virtual environments. 6
54	59		(3) Artificial intelligence safety incident. – An incident that demonstrably 7
55	60		increases the risk of a critical harm occurring by means of any of the 8
56	61		following: 9
57	62		a. A covered model or covered model derivative autonomously engaging 10
58	63		in behavior other than at the request of a user. 11
59	64		b. Theft, misappropriation, malicious use, inadvertent release, 12
60	65		unauthorized access or escape of the model weights of a covered 13
61	66		model or covered model derivative. 14
62	67		c. The critical failure of technical or administrative controls, including 15
63	68		controls limiting the ability to modify a covered model or covered 16
64	69		model derivative. 17
65	70		d. Unauthorized use of a covered model or covered model derivative to 18
66	71		cause or materially enable critical harm. 19
67	72		(4) Computing cluster. – A set of machines transitively connected by data center 20
68	73		networking of over 100 gigabits per second that has a theoretical maximum 21
69	74		computing capacity of at least 10
70	75
71	76		to the power of 20 integer or floating-point 22
72	77		operations per second and can be used for training artificial intelligence. 23
73	78		(4a) Covered entity. – The legally responsible organization, corporation, or entity 24
74	79		that directly oversees and controls the development, deployment, and ongoing 25
75	80		operations of a covered model or covered model derivative, including 26
76	81		responsibility for compliance with obligations under this Part 27
77	82		(5) Covered model. – An artificial intelligence model that, due to its scale, 28
78	83		application domain, or potential impact, is identified by the Secretary as 29
79	84		warranting proportionate regulatory oversight. Factors considered may 30
80	85		include, but are not limited to, computing power utilized, model training cost, 31
81	86		anticipated scope of application, and foreseeable risks to public safety or 32
82	87		individual rights. The Secretary may establish multiple tiers of covered 33
83	88		models with corresponding compliance frameworks scaled proportionately to 34
84	89		identified risk levels. 35
85	90		(6) Covered model derivative. – A copy of a covered model that: (i) is 36
86	91		unmodified; (ii) has been subjected to post-training modifications related to 37
87	92		fine-tuning; (iii) has been fine-tuned using a quantity of computing power not 38
88	93		exceeding 3 times 10
89	94
90	95		to the power of 25 or floating point operations, the cost 39
91	96		of which, as reasonably assessed by the developer, exceeds $10,000,000 if 40
92	97		calculated using the average market price of cloud compute at the start of 41
93	98		fine-tuning; or (iv) has been combined with other software. 42
94	99		(7) Critical harm. – A harm caused or materially enabled by a covered model or 43
95	100		covered model derivative including: (i) the creation or use in a manner that 44
96	101		results in mass casualties of a chemical, biological, radiological or nuclear 45
97	102		weapon; (ii) mass casualties or at least $500,000,000 of damage resulting from 46
98	103		cyberattacks on critical infrastructure by a model conducting, or providing 47
99	104		precise instructions for conducting, a cyberattack or series of cyberattacks on 48
100	105		critical infrastructure; (iii) mass casualties or at least $500,000,000 of damage 49
101	106		resulting from an artificial intelligence model engaging in conduct that acts 50
102	107		with limited human oversight, intervention or supervision and results in death, 51 General Assembly Of North Carolina Session 2025
103		-	~~Senate Bill 735-First Edition~~ Page 3
	108	+	DRS35250-MCa-139A Page 3
104	109		great bodily injury, property damage or property loss, and would, if committed 1
105	110		by a human, constitute a crime specified in any general or special law that 2
106	111		requires intent, recklessness or gross negligence, or the solicitation or aiding 3
107	112		and abetting of such a crime; or (iv) other grave harms to public safety that 4
108	113		are of comparable severity to the harms described herein as determined by the 5
109	114		attorney general. 6
110	115		The term does not include harms caused or materially enabled by information 7
111	116		that a covered model or covered model derivative outputs if the information 8
112	117		is otherwise reasonably publicly accessible by an ordinary person from 9
113	118		sources other than a covered model or covered model derivative; (ii) harms 10
114	119		caused or materially enabled by a covered model combined with other 11
115	120		software, including other models, if the covered model did not materially 12
116	121		contribute to the other software's ability to cause or materially enable the 13
117	122		harm; or (iii) harms that are not caused or materially enabled by the 14
118	123		developer's creation, storage, use or release of a covered model or covered 15
119	124		model derivative; provided further, that monetary harm thresholds established 16
120	125		pursuant to this section shall be adjusted for inflation annually, not later than 17
121	126		January 31, by the growth rate of the inflation index over the preceding 12 18
122	127		months; and provided further, that the inflation index shall consist of the per 19
123	128		cent change in inflation as measured by the per cent change in the consumer 20
124	129		price index for all urban consumers for the Raleigh metropolitan area as 21
125	130		determined by the bureau of labor statistics of the United States Department 22
126	131		of Labor. 23
127	132		(8) Critical infrastructure. – Assets, systems and networks, whether physical or 24
128	133		virtual, the incapacitation or destruction of which would have a debilitating 25
129	134		effect on physical security, economic security, public health or safety in the 26
130	135		State. 27
131	136		(8a) Department. – The Department of Commerce. 28
132	137		(9) Developer. – A person that performs the initial training of a covered model 29
133	138		by: (i) training a model using a sufficient quantity of computing power and 30
134	139		cost; or (ii) fine-tuning an existing covered model or covered model derivative 31
135	140		using a quantity of computing power and cost sufficient to qualify as a covered 32
136	141		model. 33
137	142		(10) Fine-tuning. – Adjusting the model weights of a trained covered model or 34
138	143		covered model derivative by exposing such model to additional data. 35
139	144		(11) Full shutdown. – The cessation of operation of: (i) the training of a covered 36
140	145		model; (ii) a covered model controlled by a developer; and (iii) all covered 37
141	146		model derivatives controlled by a developer. 38
142	147		(11a) Fund. – The Artificial Intelligence Innovation Trust Fund, as established in 39
143	148		this section. 40
144	149		(12) Model weight. – A numerical parameter in an artificial intelligence model that 41
145	150		is adjusted through training and that helps determine how inputs are 42
146	151		transformed into outputs. 43
147	152		(13) Person. – An individual, proprietorship, firm, partnership, joint venture, 44
148	153		syndicate, business trust, company, corporation, limited liability company, 45
149	154		association, committee or any other nongovernmental organization or group 46
150	155		of persons acting in concert. 47
151	156		(14) Post-training modification. – Modifying the capabilities of a covered model 48
152	157		or covered model derivative by any means including, but not limited to, 49
153	158		fine-tuning, providing such model with access to tools or data, removing 50 General Assembly Of North Carolina Session 2025
154		-	Page 4 ~~Senate Bill 735-First Edition~~
	159	+	Page 4 DRS35250-MCa-139A
155	160		safeguards against hazardous misuse or misbehavior of such model or 1
156	161		combining such model with, or integrating such model into, other software. 2
157	162		(15) Safety and security protocol. – Documented, technical, and organizational 3
158	163		protocols that: (i) are used to manage the risks of developing and operating 4
159	164		covered models or covered model derivatives across their life cycle, including 5
160	165		risks posed by causing or enabling or potentially causing or enabling the 6
161	166		creation of covered model derivatives; and (ii) specify that compliance with 7
162	167		such protocols is required in order to train, operate, possess or provide external 8
163	168		access to the developer's covered model or covered model derivatives. 9
164	169		(16) Secretary. – The Secretary of Commerce. 10
165	170		(c) Oversight. – The Secretary may convene an AI Innovation and Safety Advisory Panel 11
166	171		composed of representatives from industry, academia, civil liberties and consumer advocacy 12
167	172		groups, and relevant state agencies. This Panel may provide recommendations, best practices, 13
168	173		and advice regarding AI technologies, compliance proportionality, and ethical AI-human 14
169	174		collaboration. Recommendations of this Panel shall be publicly accessible and may inform future 15
170	175		regulatory proposals. 16
171	176		(d) Standards. – The Secretary may consider relevant provisions, guidelines, frameworks, 17
172	177		and standards established by the U.S. National Institute of Standards and Technology (NIST), 18
173	178		and comparable frameworks, such as the EU AI Act, when developing proposals and 19
174	179		recommendations pursuant to this Part. 20
175	180		"§ 143B-472.83B. Requirements for developers of covered models. 21
176	181		(a) Reserved. 22
177	182		(b) Reserved. 23
178	183		(c) Before beginning to train a covered model, a developer shall do all of the following: 24
179	184		(1) Implement reasonable administrative, technical and physical cybersecurity 25
180	185		protections to prevent unauthorized access to, misuse of or unsafe 26
181	186		post-training modifications of the covered model and all covered model 27
182	187		derivatives controlled by the developer that are appropriate in light of the risks 28
183	188		associated with the covered model, including from advanced persistent threats 29
184	189		or other sophisticated actors. 30
185	190		(2) Implement the capability to promptly enact a full shutdown. 31
186	191		(3) Implement a written and separate safety and security protocol that: (i) 32
187	192		specifies protections and procedures that, if successfully implemented, would 33
188	193		comply with the developer's duty to take reasonable care to avoid producing 34
189	194		a covered model or covered model derivative that poses an unreasonable risk 35
190	195		of causing or materially enabling a critical harm; (ii) states compliance 36
191	196		requirements in an objective manner and with sufficient detail and specificity 37
192	197		to allow the developer or a third party to readily ascertain whether the 38
193	198		requirements of the safety and security protocol have been followed; (iii) 39
194	199		identifies a testing procedure which takes safeguards into account as 40
195	200		appropriate to reasonably evaluate if a covered model poses a substantial risk 41
196	201		of causing or enabling a critical harm and if any covered model derivatives 42
197	202		pose a substantial risk of causing or enabling a critical harm; (iv) describes in 43
198	203		detail how the testing procedure assesses the risks associated with 44
199	204		post-training modifications; (v) describes in detail how the testing procedure 45
200	205		addresses the possibility that a covered model or covered model derivative 46
201	206		may be used to make post-training modifications or create another covered 47
202	207		model in a manner that may cause or materially enable a critical harm; (vi) 48
203	208		describes in detail how the developer will fulfill their obligations under this 49
204	209		chapter; (vii) describes in detail how the developer intends to implement any 50
205	210		safeguards and requirements referenced in this section; (viii) describes in 51 General Assembly Of North Carolina Session 2025
206		-	~~Senate Bill 735-First Edition~~ Page 5
	211	+	DRS35250-MCa-139A Page 5
207	212		detail the conditions under which a developer would enact a full shutdown 1
208	213		account for, as appropriate, the risk that a shutdown of the covered model, or 2
209	214		particular covered model derivatives, may cause disruptions to critical 3
210	215		infrastructure; and (ix) describes in detail the procedure by which the safety 4
211	216		and security protocol may be modified. 5
212	217		(4) Ensure that the safety and security protocol is implemented as written, 6
213	218		including by designating senior personnel to be responsible for ensuring 7
214	219		compliance by employees and contractors working on a covered model or any 8
215	220		covered model derivatives controlled by the developer, monitoring and 9
216	221		reporting on implementation. 10
217	222		(5) Retain an unredacted copy of the safety and security protocol for not less than 11
218	223		five years after the covered model is no longer made available for commercial, 12
219	224		public or foreseeably public use,, including records and dates of any updates 13
220	225		or revisions. 14
221	226		(6) Conduct an annual review of the safety and security protocol to account for 15
222	227		any changes to the capabilities of the covered model and industry best 16
223	228		practices and, if necessary, make modifications to such policy. 17
224	229		(7) Conspicuously publish a redacted copy of the safety and security protocol and 18
225	230		transmit a copy of said redacted safety and security protocol to the attorney 19
226	231		general; provided, however, that (i) a redaction in the safety and security 20
227	232		protocol may be made only if the redaction is reasonably necessary to protect 21
228	233		public safety, trade secrets, or confidential information pursuant to any 22
229	234		general, special, or federal law; (ii) the developer shall grant to the attorney 23
230	235		general access to the unredacted safety and security protocol upon request; 24
231	236		(iii) a safety and security protocol disclosed to the attorney general shall not 25
232	237		be a public record; and (iv) if the safety and security protocol is materially 26
233	238		modified, the developer shall conspicuously publish and transmit to the 27
234	239		attorney general an updated redacted copy of such protocol within 30 days of 28
235	240		the modification. 29
236	241		(8) Take reasonable care to implement other appropriate measures to prevent 30
237	242		covered models and covered model derivatives from posing unreasonable 31
238	243		risks of causing or materially enabling critical harms. 32
239	244		(d) Before using a covered model or covered model derivative for a purpose not 33
240	245		exclusively related to the training or reasonable evaluation of the covered model for compliance 34
241	246		with State or federal law or before making a covered model or covered model derivative available 35
242	247		for commercial, public or foreseeably public use, the developer of a covered model shall do all 36
243	248		of the following: 37
244	249		(1) Assess whether the covered model is reasonably capable of causing or 38
245	250		materially enabling a critical harm. 39
246	251		(2) Record, as and when reasonably possible, and retain for not less than five 40
247	252		years after the covered model is no longer made available for commercial, 41
248	253		public or foreseeably public use, information on any specific tests and test 42
249	254		results used in said assessment which provides sufficient detail for third 43
250	255		parties to replicate the testing procedure. 44
251	256		(3) Take reasonable care to implement appropriate safeguards to prevent the 45
252	257		covered model and covered model derivatives from causing or materially 46
253	258		enabling a critical harm. 47
254	259		(4) Take reasonable care to ensure, to the extent reasonably possible, that the 48
255	260		covered model's actions and the actions of covered model derivatives, as well 49
256	261		as critical harms resulting from their actions, may be accurately and reliably 50
257	262		attributed to such model or model derivative. 51 General Assembly Of North Carolina Session 2025
258		-	Page 6 ~~Senate Bill 735-First Edition~~
	263	+	Page 6 DRS35250-MCa-139A
259	264		(e) A developer shall not use a covered model or covered model derivative for a purpose 1
260	265		not exclusively related to the training or reasonable evaluation of the covered model for 2
261	266		compliance with State or federal law or make a covered model or a covered model derivative 3
262	267		available for commercial, public or foreseeably public use if there is an unreasonable risk that 4
263	268		the covered model or covered model derivative will cause or materially enable a critical harm. 5
264	269		(f) A developer of a covered model shall annually reevaluate the procedures, policies, 6
265	270		protections, capabilities and safeguards implemented pursuant to this section. 7
266	271		(g) A developer of a covered model shall annually retain a third-party that conducts 8
267	272		investigations consistent with best practices for investigators to perform an independent 9
268	273		investigation of compliance with the requirements of this section. 10
269	274		(1) The investigator shall conduct investigations consistent with regulations 11
270	275		issued by the Secretary. The investigator shall be granted access to unredacted 12
271	276		materials as necessary to comply with the investigator's obligations contained 13
272	277		herein. The investigator shall produce an investigation report including, but 14
273	278		not limited to: (i) a detailed assessment of the developer's steps to comply with 15
274	279		the requirements of this section; (ii) if applicable, any identified instances of 16
275	280		noncompliance with the requirements of this section and any 17
276	281		recommendations for how the developer can improve its policies and 18
277	282		processes for ensuring compliance with the requirements of this section; (iii) 19
278	283		a detailed assessment of the developer's internal controls, including 20
279	284		designation and empowerment of senior personnel responsible for ensuring 21
280	285		compliance by the developer and any employees or contractors thereof; and 22
281	286		(iv) the signature of the lead investigator certifying the results contained 23
282	287		within the investigation report; and provided further, that the investigator shall 24
283	288		not knowingly make a material misrepresentation in said report. 25
284	289		(2) Covered entities shall transmit to the Attorney General a confidential copy of 26
285	290		any independent investigator's report conducted under this section. An 27
286	291		executive summary outlining compliance status and risk mitigation actions 28
287	292		shall be made publicly available, with proprietary, sensitive, or 29
288	293		security-related information redacted as necessary. 30
289	294		(h) A developer of a covered model shall annually, until such time that the covered model 31
290	295		and any covered model derivatives controlled by the developer cease to be in or available for 32
291	296		commercial or public use, submit to the attorney general a statement of compliance signed by the 33
292	297		developer's chief technology officer, or a more senior corporate officer, that shall specify or 34
293	298		provide, at a minimum: (i) an assessment of the nature and magnitude of critical harms that the 35
294	299		covered model or covered model derivatives may reasonably cause or materially enable and the 36
295	300		outcome of the assessment required by this section; (ii) an assessment of the risk that compliance 37
296	301		with the safety and security protocol may be insufficient to prevent the covered model or covered 38
297	302		model derivatives from causing or materially enabling critical harms; and (iii) a description of 39
298	303		the process used by the signing officer to verify compliance with the requirements of this section, 40
299	304		including a description of the materials reviewed by the signing officer, a description of testing 41
300	305		or other evaluation performed to support the statement and the contact information of any third 42
301	306		parties relied upon to validate compliance. 43
302	307		A developer shall submit such statement to the attorney general not later than 30 days after 44
303	308		using a covered model or covered model derivative for a purpose not exclusively related to the 45
304	309		training or reasonable evaluation of the covered model for compliance with State or federal law 46
305	310		or making a covered model or covered model derivative available for commercial, public or 47
306	311		foreseeably public use; provided, however, that no such initial statement shall be required for a 48
307	312		covered model derivative if the developer submitted a compliant initial statement and any 49
308	313		applicable annual statements for the covered model from which the covered model derivative is 50
309	314		derived. 51 General Assembly Of North Carolina Session 2025
310		-	~~Senate Bill 735-First Edition~~ Page 7
	315	+	DRS35250-MCa-139A Page 7
311	316		(i) A developer of a covered model shall report each artificial intelligence safety incident 1
312	317		affecting the covered model or any covered model derivatives controlled by the developer to the 2
313	318		attorney general within 72 hours of the developer learning of the artificial intelligence safety 3
314	319		incident or facts sufficient to establish a reasonable belief that an artificial intelligence safety 4
315	320		incident has occurred. 5
316	321		(j) This section shall apply to the development, use or commercial or public release of a 6
317	322		covered model or covered model derivative for any use that is not the subject of a contract with 7
318	323		a federal government entity, even if that covered model or covered model derivative was 8
319	324		developed, trained or used by a federal government entity; provided, however, that this section 9
320	325		shall not apply to a product or service to the extent that compliance would strictly conflict with 10
321	326		the terms of a contract between a federal government entity and the developer of a covered model. 11
322	327		(k) The Secretary may develop and propose a tiered compliance framework 12
323	328		differentiating obligations based on computing scale, intended applications, societal impact, and 13
324	329		organizational size. This framework shall be developed through stakeholder consultations and 14
325	330		presented to the General Assembly with recommendations for potential adoption. 15
326	331		(l) A developer or covered entity may remain responsible for foreseeable critical harms 16
327	332		arising from misuse or unintended use of a covered model or derivative, irrespective of whether 17
328	333		such misuse involved fine-tuning. Covered entities may conduct and document pre-deployment 18
329	334		risk assessments to identify and reasonably mitigate foreseeable misuse risks. 19
330	335		(m) Covered entities funded under this Act developing AI systems that significantly 20
331	336		impact individuals' rights or access to critical services such as employment, housing, education, 21
332	337		or financial products may conduct exploratory algorithmic fairness assessments to detect and 22
333	338		mitigate potential bias. These assessments may be shared with stakeholders and the Department 23
334	339		to inform future policy development. 24
335	340		(n) Covered entities may voluntarily explore methods for disclosing to end-users when 25
336	341		they are interacting with an artificial intelligence system, particularly where the nature of 26
337	342		interaction is not immediately obvious. Such entities may also explore labeling content generated 27
338	343		by funded AI systems where there is potential for it to be mistaken for human-generated content. 28
339	344		Findings from these explorations may be reported to the Department to inform future 29
340	345		transparency guidelines. 30
341	346		"§ 143B-472.83C. Requirements for computer resource operators training covered models. 31
342	347		(a) A person that operates a computing cluster shall implement written policies and 32
343	348		procedures to do all of the following when a customer utilizes computer resources which would 33
344	349		be sufficient to train a covered model: 34
345	350		(1) Obtain the prospective customer's basic identifying information and business 35
346	351		purpose for utilizing the computing cluster including, but not limited to: (i) 36
347	352		the identity of the prospective customer; (ii) the means and source of payment, 37
348	353		including any associated financial institution, credit card number, account 38
349	354		number, customer identifier, transaction identifiers or virtual currency wallet 39
350	355		or wallet address identifier; and (iii) the email address and telephone number 40
351	356		used to verify the prospective customer's identity. 41
352	357		(2) Assess whether the prospective customer intends to utilize the computing 42
353	358		cluster to train a covered model. 43
354	359		(3) Maintain logs of significant access and administrative actions consistent with 44
355	360		commercially reasonable cybersecurity practices. 45
356	361		(4) Maintain for not less than seven years, and provide to the attorney general 46
357	362		upon request, appropriate records of actions taken under this section, 47
358	363		including policies and procedures put into effect. 48
359	364		(5) Implement the capability to promptly enact a full shutdown of any resources 49
360	365		being used to train or operate a covered model under the customer's control. 50 General Assembly Of North Carolina Session 2025
361		-	Page 8 ~~Senate Bill 735-First Edition~~
	366	+	Page 8 DRS35250-MCa-139A
362	367		If a customer repeatedly utilizes computer resources that would be sufficient to train a 1
363	368		covered model, the operator of the computer cluster shall validate said basic identifying 2
364	369		information and assess whether such customer intends to utilize the computing cluster to train a 3
365	370		covered model prior to each utilization. 4
366	371		(b) A person that operates a computing cluster shall consider industry best practices and 5
367	372		applicable guidance from the National Institute of Standards and Technology, including the 6
368	373		United States Artificial Intelligence Safety Institute, and other reputable standard-setting 7
369	374		organizations. 8
370	375		(c) In complying with the requirements of this section, a person that operates a computing 9
371	376		cluster may impose reasonable requirements on customers to prevent the collection or retention 10
372	377		of personal information that the person operating such computing cluster would not otherwise 11
373	378		collect or retain, including a requirement that a corporate customer submit corporate contact 12
374	379		information rather than information that would identify a specific individual. 13
375	380		"§ 143B-472.83D. Enforcement. 14
376	381		(a) The attorney general shall have the authority to enforce the provisions of this Part. 15
377	382		Except as specifically provided in this Part, nothing in this Part shall be construed as creating a 16
378	383		new private right of action or serving as the basis for a private right of action that would not 17
379	384		otherwise have had a basis under any other law but for the enactment of this Part. This Part 18
380	385		neither relieves any party from any duties or obligations imposed nor alters any independent 19
381	386		rights that individuals have under State or federal laws, the North Carolina Constitution or the 20
382	387		United States Constitution. 21
383	388		The attorney general may initiate a civil action in the superior court against an entity in the 22
384	389		name of the State or on behalf of individuals for a violation of this chapter. The attorney general 23
385	390		may seek: 24
386	391		(1) Against a developer of a covered model or covered model derivative for a 25
387	392		violation that causes death or bodily harm to another human, harm to property, 26
388	393		theft or misappropriation of property, or that constitutes an imminent risk or 27
389	394		threat to public safety that occurs on or after January 1, 2026, a civil penalty 28
390	395		in an amount not exceeding (i) for a first violation, five percent (5%) of the 29
391	396		cost of the quantity of computing power used to train the covered model to be 30
392	397		calculated using the average market prices of cloud compute at the time of 31
393	398		training or (ii) for any subsequent violation, 15 percent (15%) of the cost of 32
394	399		the quantity of computing power used to train the covered model as calculated 33
395	400		herein. 34
396	401		(2) Against an investigator for a violation of this Part, including an investigator 35
397	402		who intentionally or with reckless disregard violates any of such investigator's 36
398	403		responsibilities , or for a person that operates a computing cluster in violation 37
399	404		of this Part, a civil penalty in an amount not exceeding (i) twenty-five 38
400	405		thousand dollars ($25,000) for a first offense; (ii) fifty thousand dollars 39
401	406		($50,000) for any subsequent violation; and (iii) five million dollars 40
402	407		($5,000,000) in the aggregate for related violations. 41
403	408		(3) Injunctive or declaratory relief. 42
404	409		(4) Such monetary or punitive damages as the court may allow. 43
405	410		(5) Attorney's fees and costs. 44
406	411		(6) Any other relief that the court deems appropriate. 45
407	412		(b) In determining whether a developer exercised reasonable care in the creation, use, or 46
408	413		deployment of a covered model or covered model derivative, the attorney general shall consider 47
409	414		all of the following: 48
410	415		(1) The quality of such developer's safety and security protocol. 49
411	416		(2) The extent to which the developer faithfully implemented and followed its 50
412	417		safety and security protocol. 51 General Assembly Of North Carolina Session 2025
413		-	~~Senate Bill 735-First Edition~~ Page 9
	418	+	DRS35250-MCa-139A Page 9
414	419		(3) Whether, in quality and implementation, the developer's safety and security 1
415	420		protocol was comparable to those of developers of models trained using a 2
416	421		comparable amount of compute resources. 3
417	422		(4) The quality and rigor of the developer's investigation, documentation, 4
418	423		evaluation and management of risks of critical harm posed by its model. 5
419	424		(c) A provision within a contract or agreement that seeks to waive, preclude, or burden 6
420	425		the enforcement of liability arising from a violation of this Part, or to shift such liability to any 7
421	426		person or entity in exchange for their use or access of, or right to use or access, a developer's 8
422	427		product or services, including by means of a contract or adhesion, shall be deemed to be against 9
423	428		public policy and void. 10
424	429		Notwithstanding any corporate formalities, the court shall impose joint and several liability 11
425	430		on affiliated entities for purposes of effectuating the intent of this section to the maximum extent 12
426	431		permitted by law if the court concludes all of the following: 13
427	432		(1) The affiliated entities, in the development of the corporate structure among 14
428	433		such affiliated entities, took steps to purposely and unreasonably limit or avoid 15
429	434		liability. 16
430	435		(2) As a result of any such steps, the corporate structure of the developer or 17
431	436		affiliated entities would frustrate recovery of penalties, damages, or injunctive 18
432	437		relief under this section. 19
433	438		(d) Penalties collected pursuant to this section by the attorney general shall be deposited 20
434	439		into the General Fund and subject to appropriation. 21
435	440		"§ 143B-472.83E. Cooperation with Attorney General. 22
436	441		(a) For purposes of this section, the following definitions apply: 23
437	442		(1) Contractor or subcontractor. – A firm, corporation, partnership or association 24
438	443		and its responsible managing officer, as well as any supervisors, managers or 25
439	444		officers found by the attorney general or director to be personally and 26
440	445		substantially responsible for the rights and responsibilities of employees under 27
441	446		this section. 28
442	447		(2) Employee. – Any person who performs services for wages or salary under a 29
443	448		contract of employment, express or implied, for an employer, including: 30
444	449		a. Contractors or subcontractors and unpaid advisors involved with 31
445	450		assessing, managing or addressing the risk of critical harm from 32
446	451		covered models or covered model derivatives. 33
447	452		b. Corporate officers. 34
448	453		(b) A developer of a covered model or a contractor or subcontractor of the developer shall 35
449	454		not: 36
450	455		(1) Prevent an employee from disclosing information to the attorney general or 37
451	456		any other public body, including through terms and conditions of employment 38
452	457		or seeking to enforce terms and conditions of employment, if the employee 39
453	458		has reasonable cause to believe the information indicates that (i) the developer 40
454	459		is out of compliance with the requirements of this section or (ii) an artificial 41
455	460		intelligence model, including a model that is not a covered model or a covered 42
456	461		model derivative, poses an unreasonable risk of causing or materially enabling 43
457	462		critical harm, even if the employer is not out of compliance with any State or 44
458	463		federal law. 45
459	464		(2) Retaliate against an employee for disclosing such information to the attorney 46
460	465		general or any other public body. 47
461	466		(3) Make false or materially misleading statements related to its safety and 48
462	467		security protocol in any manner that would constitute an unfair or deceptive 49
463	468		trade practice. 50 General Assembly Of North Carolina Session 2025
464		-	Page 10 ~~Senate Bill 735-First Edition~~
	469	+	Page 10 DRS35250-MCa-139A
465	470		(c) An employee harmed by a violation of this section may petition the court for 1
466	471		appropriate relief. 2
467	472		(d) The attorney general may publicly release any complaint, or a summary of such 3
468	473		complaint, filed pursuant to this section if the attorney general concludes that doing so will serve 4
469	474		the public interest; provided, however, that any information that is confidential, qualifies as a 5
470	475		trade secret, or is determined by the attorney general to likely pose an unreasonable risk to public 6
471	476		safety if disclosed shall be redacted from the complaint prior to disclosure. 7
472	477		(e) A developer shall provide a clear notice to all employees working on covered models 8
473	478		and covered model derivatives of their rights and responsibilities under this section, including 9
474	479		the rights of employees of contractors and subcontractors to utilize the developer's internal 10
475	480		process for making protected disclosures pursuant to subsection (f). A developer is presumed to 11
476	481		be in compliance with the requirements of this subsection if the developer: 12
477	482		(1) At all times posts and displays within all workplaces maintained by the 13
478	483		developer a notice to all employees of their rights and responsibilities under 14
479	484		this section, ensures that all new employees receive equivalent notice and 15
480	485		ensures that employees who work remotely periodically receive an equivalent 16
481	486		notice; or 17
482	487		(2) At least annually, provides written notice to all employees of their rights and 18
483	488		responsibilities under this section and ensures that such notice is received and 19
484	489		acknowledged by all of those employees. 20
485	490		(f) A developer shall provide a reasonable internal process through which an employee, 21
486	491		contractor, subcontractor or employee of a contractor or subcontractor working on a covered 22
487	492		model or covered model derivative may anonymously disclose information to the developer if 23
488	493		the employee believes, in good faith, that the developer has violated any provision of this chapter 24
489	494		or any other general or special law, has made false or materially misleading statements related to 25
490	495		its safety and security protocol or has failed to disclose known risks to employees. The developer 26
491	496		shall conduct an investigation related to any information disclosed through such process and 27
492	497		provide, at a minimum, a monthly update to the person who made the disclosure regarding the 28
493	498		status of the developer's investigation of the disclosure and the actions taken by the developer in 29
494	499		response to the disclosure. 30
495	500		Any disclosure and response created pursuant to this subsection shall be maintained for not 31
496	501		less than seven years from the date when the disclosure or response is created. Each disclosure 32
497	502		and response shall be shared with officers and directors of the developer whose acts or omissions 33
498	503		are not implicated by the disclosure or response not less than once per quarter. In the case of a 34
499	504		report or disclosure regarding alleged misconduct by a contractor or subcontractor, the developer 35
500	505		shall notify the officers and directors of the contractor or subcontractor whose acts or omissions 36
501	506		are not implicated by the disclosure or response about the status of their investigation not less 37
502	507		than once per quarter. 38
503	508		"§ 143B-472.83. Reporting and regulation. 39
504	509		The Secretary shall file an annual report not later than January 31 with the General Assembly 40
505	510		containing: (i) statistical information on the current workforce population in the business of the 41
506	511		development of artificial intelligence and in adjacent technology sectors; (ii) any known 42
507	512		workforce shortages in the development or deployment of artificial intelligence; (iii) summary 43
508	513		information related to the efficacy of existing workforce development programs in artificial 44
509	514		intelligence and related sectors, if any; (iv) summary information related to the availability of 45
510	515		relevant training programs available in the State, including any known gaps in such programs 46
511	516		generally available to members of the public; and (iv) any plans, including recommendations for 47
512	517		legislation, if any, to remedy any such known workforce shortages. 48
513	518		The Secretary shall promulgate regulations for the implementation, administration and 49
514	519		enforcement of this Part; provided, however, that the Secretary may convene an advisory board 50
515	520		for the purposes of: (i) studying the impact of artificial intelligence on the State, including with 51 General Assembly Of North Carolina Session 2025
516		-	~~Senate Bill 735-First Edition~~ Page 11
	521	+	DRS35250-MCa-139A Page 11
517	522		respect to its employees, constituents, private business and higher education institutions; (ii) 1
518	523		conducting outreach and collecting input from stakeholders and experts; (iii) studying current 2
519	524		and emerging capability for critical harms made possible by artificial intelligence developed or 3
520	525		deployed in the State; or (iv) advising the Governor and General Assembly on recommended 4
521	526		legislation or regulations related to the growth of the artificial intelligence industry and 5
522	527		prevention of critical harms. 6
523	528		Not less than annually, the Secretary shall do all of the following: 7
524	529		(1) Update, by regulation, the initial compute threshold and the fine-tuning 8
525	530		compute threshold that an artificial intelligence model shall meet to be 9
526	531		considered a covered model, taking into account: (i) the quantity of computing 10
527	532		power used to train models that have been identified as being reasonably likely 11
528	533		to cause or materially enable a critical harm; (ii) similar thresholds used in 12
529	534		federal law, guidance or regulations for the management of artificial 13
530	535		intelligence models with reasonable risks of causing or enabling critical 14
531	536		harms; and (iii) input from stakeholders, including academics, industry, the 15
532	537		open-source community and government entities. 16
533	538		(2) Update, by regulation, binding investigation requirements applicable to 17
534	539		investigations conducted pursuant to this Part to ensure the integrity, 18
535	540		independence, efficiency and effectiveness of the investigation process, taking 19
536	541		into account: (i) relevant standards or requirements imposed under federal or 20
537	542		State law or through self-regulatory or standards-setting bodies; (ii) input from 21
538	543		stakeholders, including academic, industry and government entities, including 22
539	544		from the open-source community; and (iii) consistency with guidance issued 23
540	545		by the National Institute of Standards and Technology, including the United 24
541	546		States Artificial Intelligence Safety Institute. 25
542	547		(3) Issue guidance for preventing unreasonable risks of covered models and 26
543	548		covered model derivatives causing or materially enabling critical harms, 27
544	549		including, but not limited to, more specific components of, or requirements 28
545	550		under, the duties required under this Part. Such guidance shall be consistent 29
546	551		with guidance issued by the National Institute of Standards and Technology, 30
547	552		including the United States Artificial Intelligence Safety Institute." 31
548	553		SECTION 2. There is appropriated from the General Fund to the Department of 32
549	554		Commerce the nonrecurring sum of seven hundred fifty thousand dollars ($750,000) for the 33
550	555		2025-2026 fiscal year to accomplish the purposes of this act. 34
551	556		SECTION 3. This act becomes effective July 1, 2025. 35