II
118THCONGRESS
1
STSESSION S. 3050
To require a report on artificial intelligence regulation in the financial services
industry, to establish artificial intelligence bug bounty programs, to re-
quire a vulnerability analysis study for artificial intelligence-enabled mili-
tary applications, and to require a report on data sharing and coordina-
tion, and for other purposes.
IN THE SENATE OF THE UNITED STATES
OCTOBER17, 2023
Mr. R
OUNDS(for himself, Mr. SCHUMER, Mr. YOUNG, and Mr. HEINRICH)
introduced the following bill; which was read twice and referred to the
Committee on Armed Services
A BILL
To require a report on artificial intelligence regulation in
the financial services industry, to establish artificial intel-
ligence bug bounty programs, to require a vulnerability
analysis study for artificial intelligence-enabled military
applications, and to require a report on data sharing
and coordination, and for other purposes.
Be it enacted by the Senate and House of Representa-1
tives of the United States of America in Congress assembled, 2
SECTION 1. SHORT TITLE. 3
This Act may be cited as the ‘‘Artificial Intelligence 4
Advancement Act of 2023’’. 5
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00001 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 2
•S 3050 IS
SEC. 2. DEFINITIONS. 1
In this Act: 2
(1) C
ONGRESSIONAL DEFENSE COMMITTEES .— 3
The term ‘‘congressional defense committees’’ has 4
the meaning given such term in section 101 of title 5
10, United States Code. 6
(2) F
OUNDATIONAL ARTIFICIAL INTELLIGENCE 7
MODEL.—The term ‘‘foundational artificial intel-8
ligence model’’ means an adaptive generative model 9
that is trained on a broad set of unlabeled data sets 10
that can be used for different tasks, with minimal 11
fine-tuning. 12
SEC. 3. REPORT ON ARTIFICIAL INTELLIGENCE REGULA-13
TION IN FINANCIAL SERVICES INDUSTRY. 14
(a) I
NGENERAL.—Not later than 90 days after the 15
date of enactment of this Act, each of the Board of Gov-16
ernors of the Federal Reserve System, the Federal Deposit 17
Insurance Corporation, the Office of the Comptroller of 18
the Currency, the National Credit Union Administration, 19
and the Bureau of Consumer Financial Protection shall 20
submit to the Committee on Banking, Housing and Urban 21
Affairs of the Senate and the Committee on Financial 22
Services of the House of Representatives a report on its 23
gap in knowledge relating to artificial intelligence, includ-24
ing an analysis on— 25
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00002 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 3
•S 3050 IS
(1) which tasks are most frequently being as-1
sisted or completed with artificial intelligence in the 2
institutions the agency regulates; 3
(2) current governance standards in place for 4
artificial intelligence use at the agency and current 5
standards in place for artificial intelligence oversight 6
by the agency; 7
(3) potentially additional regulatory authorities 8
required by the agency to continue to successfully 9
execute its mission; 10
(4) where artificial intelligence may lead to 11
overlapping regulatory issues between agencies that 12
require clarification; 13
(5) how the agency is currently using artificial 14
intelligence, how the agency plans to use such artifi-15
cial intelligence the next 3 years, and the expected 16
impact, including fiscal and staffing, of those plans; 17
and 18
(6) what resources, monetary or other re-19
sources, if any, the agency requires to both adapt to 20
the changes that artificial intelligence will bring to 21
the regulatory landscape and to adequately adopt 22
and oversee the use of artificial intelligence across 23
its operations described in paragraph (5). 24
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00003 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 4
•S 3050 IS
(b) RULE OFCONSTRUCTION.—Nothing in this sec-1
tion may be construed to require an agency to include con-2
fidential supervisory information or pre-decisional or delib-3
erative non-public information in a report under this sec-4
tion. 5
SEC. 4. ARTIFICIAL INTELLIGENCE BUG BOUNTY PRO-6
GRAMS. 7
(a) P
ROGRAM FOR FOUNDATIONAL ARTIFICIALIN-8
TELLIGENCEPRODUCTSBEINGINCORPORATED BY DE-9
PARTMENT OFDEFENSE.— 10
(1) D
EVELOPMENT REQUIRED .—Not later than 11
180 days after the date of the enactment of this Act 12
and subject to the availability of appropriations, the 13
Chief Data and Artificial Intelligence Officer of the 14
Department of Defense shall develop a bug bounty 15
program for foundational artificial intelligence mod-16
els being integrated into Department of Defense 17
missions and operations. 18
(2) C
OLLABORATION.—In developing the pro-19
gram required by paragraph (1), the Chief may col-20
laborate with the heads of other government agen-21
cies that have expertise in cybersecurity and artifi-22
cial intelligence. 23
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00004 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 5
•S 3050 IS
(3) IMPLEMENTATION AUTHORIZED .—The 1
Chief may carry out the program developed pursu-2
ant to subsection (a). 3
(4) C
ONTRACTS.—The Secretary of Defense 4
shall ensure, as may be appropriate, that whenever 5
the Department of Defense enters into any contract, 6
the contract allows for participation in the bug 7
bounty program developed pursuant to paragraph 8
(1). 9
(5) R
ULE OF CONSTRUCTION .—Nothing in this 10
subsection shall be construed to require— 11
(A) the use of any foundational artificial 12
intelligence model; or 13
(B) the implementation of the program de-14
veloped pursuant to paragraph (1) in order for 15
the Department to incorporate a foundational 16
artificial intelligence model. 17
(b) B
RIEFING.—Not later than one year after the 18
date of the enactment of this Act, the Chief shall provide 19
the congressional defense committees a briefing on— 20
(1) the development and implementation of bug 21
bounty programs the Chief considers relevant to the 22
matters covered by this section; and 23
(2) long-term plans of the Chief with respect to 24
such bug bounty programs. 25
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00005 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 6
•S 3050 IS
SEC. 5. VULNERABILITY ANALYSIS STUDY FOR ARTIFICIAL 1
INTELLIGENCE-ENABLED MILITARY APPLICA-2
TIONS. 3
(a) S
TUDYREQUIRED.—Not later than one year 4
after the date of the enactment of this Act, the Chief Dig-5
ital and Artificial Intelligence Officer (CDAO) of the De-6
partment of Defense shall complete a study analyzing the 7
vulnerabilities to the privacy, security, and accuracy of, 8
and capacity to assess, artificial intelligence-enabled mili-9
tary applications, as well as research and development 10
needs for such applications. 11
(b) E
LEMENTS.—The study required by subsection 12
(a) shall cover the following: 13
(1) Research and development needs and transi-14
tion pathways to advance explainable and interpret-15
able artificial intelligence-enabled military applica-16
tions, including the capability to assess the under-17
lying algorithms and data models of such applica-18
tions. 19
(2) Assessing the potential risks to the privacy, 20
security, and accuracy of underlying architectures 21
and algorithms of artificial intelligence-enabled mili-22
tary applications, including the following: 23
(A) Individual foundational artificial intel-24
ligence models, including the adequacy of exist-25
ing testing, training, and auditing for such 26
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00006 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 7
•S 3050 IS
models to ensure models can be properly as-1
sessed over time. 2
(B) The interactions of multiple artificial 3
intelligence-enabled military applications, and 4
the ability to detect and assess new, complex, 5
and emergent behavior amongst individual 6
agents, as well as the collective impact, includ-7
ing how such changes may affect risk to pri-8
vacy, security, and accuracy over time. 9
(C) The impact of increased agency in arti-10
ficial intelligence-enabled military applications 11
and how such increased agency may affect the 12
ability to detect and assess new, complex, and 13
emergent behavior, as well risks to the privacy, 14
security, and accuracy of such applications over 15
time. 16
(3) Assessing the survivability and traceability 17
of decision support systems that are integrated with 18
artificial intelligence-enabled military applications 19
and used in a contested environment, including— 20
(A) potential benefits and risks to Depart-21
ment of Defense missions and operations of im-22
plementing such applications; and 23
(B) other technical or operational con-24
straints to ensure such decision support sys-25
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00007 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 8
•S 3050 IS
tems that are integrated with artificial intel-1
ligence-enabled military applications are able to 2
adhere to the Department of Defense Ethical 3
Principles for Artificial Intelligence. 4
(4) Identification of existing artificial intel-5
ligence metrics, developmental, testing and audit ca-6
pabilities, personnel, and infrastructure within the 7
Department of Defense, including test and evalua-8
tion facilities, needed to enable ongoing identifica-9
tion and assessment under paragraphs (1) through 10
(3), and other factors such as— 11
(A) implications for deterrence systems 12
based on systems warfare; and 13
(B) vulnerability to systems confrontation 14
on the system and system-of-systems level. 15
(5) Identification of gaps or research needs to 16
sufficiently respond to the elements outlined in this 17
subsection that are not currently, or not sufficiently, 18
funded within the Department of Defense. 19
(c) C
OORDINATION.—In carrying out the study re-20
quired by subsection (a), the Chief Digital and Artificial 21
Intelligence Officer shall coordinate with the following: 22
(1) The Director of the Defense Advanced Re-23
search Projects Agency (DARPA). 24
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00008 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 9
•S 3050 IS
(2) The Under Secretary of Defense for Re-1
search and Evaluation. 2
(3) The Under Secretary of Defense for Policy. 3
(4) The Director for Operational Test and 4
Evaluation (DOT&E) of the Department. 5
(5) As the Chief Digital and Artificial Intel-6
ligence Officer considers appropriate, the following: 7
(A) The Secretary of Energy. 8
(B) The Director of the National Institute 9
of Standards and Technology. 10
(C) The Director of the National Science 11
Foundation. 12
(D) The head of the National Artificial In-13
telligence Initiative Office of the Office of 14
Science and Technology Policy. 15
(E) Members and representatives of indus-16
try. 17
(F) Members and representatives of aca-18
demia. 19
(d) I
NTERIMBRIEFING.—Not later than 180 days 20
after the date of the enactment of this Act, the Chief Dig-21
ital and Artificial Intelligence Officer shall provide the 22
congressional defense committees a briefing on the interim 23
findings of the Chief Digital and Artificial Intelligence Of-24
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00009 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 10
•S 3050 IS
ficer with respect to the study being conducted pursuant 1
to subsection (a). 2
(e) F
INALREPORT.— 3
(1) I
N GENERAL.—Not later than one year 4
after the date of the enactment of this Act, the 5
Chief Digital and Artificial Intelligence Officer shall 6
submit to the congressional defense committees a 7
final report on the findings of the Chief Digital and 8
Artificial Intelligence Officer with respect to the 9
study conducted pursuant to subsection (a). 10
(2) F
ORM.—The final report submitted pursu-11
ant to paragraph (1) shall be submitted in unclassi-12
fied for, but may include a classified annex. 13
SEC. 6. REPORT ON DATA SHARING AND COORDINATION. 14
(a) I
NGENERAL.—Not later than 180 days after the 15
date of the enactment of this Act, the Secretary of Defense 16
shall submit to the congressional defense committees a re-17
port on ways to improve data sharing, interoperability, 18
and quality, as may be appropriate, across the Depart-19
ment of Defense. 20
(b) C
ONTENTS.—The report submitted pursuant to 21
subsection (a) shall include the following: 22
(1) A description of policies, practices, and cul-23
tural barriers that impede data sharing and inter-24
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00010 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 11
•S 3050 IS
operability, and lead to data quality issues, among 1
components of the Department. 2
(2) The impact a lack of appropriate levels of 3
data sharing, interoperability, and quality has on 4
Departmental collaboration, efficiency, interoper-5
ability, and joint-decisionmaking. 6
(3) A review of current efforts to promote ap-7
propriate data sharing, including to centralize data 8
management, such as the AVANA program. 9
(4) A description of near-, mid-, and long-term 10
efforts that the Office of the Secretary of Defense 11
plans to implement to promote data sharing and 12
interoperability, including efforts to improve data 13
quality. 14
(5) A detailed plan to implement a data sharing 15
and interoperability strategy that supports effective 16
development and employment of artificial intel-17
ligence-enabled military applications. 18
(6) A detailed assessment of the implementa-19
tion of the Department of Defense Data Strategy 20
issued in 2020, as well as the use of data decrees 21
to improve management rigor in the Department 22
when it comes to data sharing and interoperability. 23
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00011 Fmt 6652 Sfmt 6201 E:\BILLS\S3050.IS S3050 12
•S 3050 IS
(7) Any recommendations for Congress with re-1
spect to assisting the Department in these efforts. 2
Æ
VerDate Sep 11 2014 03:38 Oct 18, 2023 Jkt 049200 PO 00000 Frm 00012 Fmt 6652 Sfmt 6301 E:\BILLS\S3050.IS S3050