- Record: Senate Floor
- Section type: Amendments
- Chamber: Senate
- Date: June 24, 2026
- Congress: 119th Congress
- Why this source matters: This section came from the Senate floor portion of the record.
SA 6188. Mr. WARNER submitted an amendment intended to be proposed by him to the bill S. 4784, to authorize appropriations for fiscal year 2027 for military activities of the Department of Defense, for military construction, and for defense activities of the Department of Energy, to prescribe military personnel strengths for such fiscal year, and for other purposes; which was ordered to lie on the table; as follows:
At the appropriate place, insert the following:
SEC. . PROHIBITION ON THE USE OF CERTAIN ARTIFICIAL
INTELLIGENCE MODELS ACROSS THE FEDERAL
GOVERNMENT.
(a) Definitions.—In this section:
(1) Administrator.—The term “Administrator” means the
Administrator of General Services.
(2) Appropriate congressional committees.—The term
“appropriate congressional committees” means the Committee
on Commerce, Science, and Transportation of the Senate, the
Committee on the Judiciary of the Senate, the Committee on
Homeland Security and Governmental Affairs of the Senate, the
Committee on Oversight and Government Reform of the House of
Representatives, the Committee on Energy and Commerce of the
House of Representatives, and the Committee on the Judiciary
of the House of Representatives.
(3) Artificial intelligence model.—The term “artificial
intelligence model” means a capability or combined series of
capabilities that can generate realistic image or video
outputs for a given set of objectives, prompts, or input.
(4) Artificial intelligence risk management framework.—The
term “Artificial Intelligence Risk Management Framework”
means the Artificial Intelligence Risk Management Framework,
or any successor document, and any associated guidance or
publications issued under section 22A of the National
Institute of Standards and Technology Act (15 U.S.C. 278h-1).
(5) Child pornography.—The term “child pornography” has
the meaning given the term in section 2256 of title 18,
United States Code.
(6) Child sexual abuse material.—The term “child sexual
abuse material”—
(A) means child pornography; and
(B) an intimate visual depiction of an individual who is
less than 18 years of age.
(7) Covered application.—The term “covered application”
means an artificial intelligence model that the Administrator
of General Services or the head of a Federal agency
determines—
(A) is not in compliance with—
(i) the standards document of the National Institute of
Standards and Technology National Institute of Standards and
Technology numbered “NIST AI 600-1” and entitled
“Artificial Intelligence Risk Management Framework:
Generative Artificial Intelligence Profile” with respect to
non-consensual intimate imagery or child sexual abuse
material within “obscene, degrading, and/or abusive
content”; or
(ii) a comparably robust successor standard or framework
with respect to synthetic child sexual abuse material or non-
consensual intimate images of adults;
(B) is subject to a determination by a Federal court that
the artificial intelligence model has generated content
depicting child pornography; or
(C) is subject to a determination by a Federal court that
the artificial intelligence model has generated non-
consensual intimate visual depictions of an identifiable
adult.
(8) Developer.—The term “developer” means a person that
develops an artificial intelligence model, including any
person that materially modifies and subsequently distributes
an artificial intelligence model.
(9) Federal agency.—The term “Federal agency” has the
meaning given the term “agency” in section 3502 of title
44, United States Code.
(10) Intimate visual depiction.—The term “intimate visual
depiction” has the meaning given the term in section 1309 of
the Violence Against Women Act Reauthorization Act of 2022
(15 U.S.C. 6851).
(11) Technical control.—The term “technical control”
means a technical control, or series of technical controls,
to prevent the ability of any publicly released version of an
artificial intelligence model to generate child pornography.
(b) Establishment of Performance Benchmarks.—
(1) Performance benchmark.—
(A) In general.—Not later than 90 days after the date of
enactment of this Act, the Director of the National Institute
of Standards and Technology shall initiate a process to
establish performance benchmarks, consistent with the
Artificial Intelligence Risk Management Framework Generative
Artificial Intelligence Profile, to prevent the generation of
obscene, degrading, and abusive content, including synthetic
child sexual abuse material and non-consensual intimate
images of adults.
(B) Updates.—The Director of the National Institute of
Standards and Technology shall update, on a periodic basis,
the performance benchmarks established under subparagraph (A)
to address changes in technology and circumvention practices.
(2) Testing program.—Not later than 180 days after the
date of the enactment of this Act, the Director of the
National Institute of Standards and Technology shall
establish a voluntary vendor test program consistent with the
performance benchmarks established under subparagraph (A).
(c) Prohibition on Federal Acquisition or Use of Covered
Applications.—
(1) In general.—The head of a Federal agency may not
procure a covered application or use such application on an
information technology system operated by such Federal agency
or by a contractor of such Federal agency.
(2) Implementation.—
(A) Initial removal.—Not later than 180 days after the
date of enactment of this Act, the head of each Federal
agency shall—
(i) remove any covered application from each information
technology system operated by the Federal agency; and
(ii) ensure that each contractor of the Federal agency
removes any covered application from each information
technology system operated by the contractor.
(B) Subsequent removals.—Not later than 180 days after the
date on which the Administrator or the head of a Federal
agency determines that an artificial intelligence model
constitutes a covered application, including as a result of a
review performed under paragraph (3), the head of each
Federal agency shall carry out the requirements of clauses
(i) and (ii) of subparagraph (A) with respect the covered
application.
(3) Continuous evaluation of available products and
services.—
(A) General services administration.—Effective on the date
that is 1 year after the date of enactment of this Act, and
not less frequently than every 90 days thereafter, the
Administrator shall review each product or service offered
within a contract vehicle or purchasing program maintained by
the General Services Administration to determine whether the
product or service includes a covered application.
(B) Agency procurement review.—Effective on the date that
is 1 year after the date of enactment of this Act, and not
less frequently than annually thereafter, the Chief
Acquisition Officer or a senior procurement executive of each
Federal agency shall review each product or service used by
the Federal agency to determine whether the product or
service constitutes a covered application.
(d) Safeguards.—
(1) In general.—If an artificial intelligence model that
is determined to constitute a covered application lacks a
vendor capable of making necessary technical modifications to
the artificial intelligence model in order to remove the
status of the artificial intelligence model as a covered
application, including for the purpose of subsection (e), the
head of each Federal agency may implement additional
technical and compliance safeguards, including those
described in Reducing Risks Posed by Synthetic Content (NIST
AI 100-4) or any successor publication, with respect to the
artificial intelligence model that effectively prevent the
use of the an artificial intelligence model for the
generation of child pornography or non-consensual intimate
visual depictions of an identifiable adult.
(2) Certification required.—With respect to the head of a
Federal agency who implements safeguards described in
paragraph (1) on a covered application, not later than 30
days after the date of such implementation, the head of the
Federal agency shall issue a public certification that those
safeguards are sufficient to prevent the misuse of the
covered application for the generation of child pornography
or non-consensual intimate visual depictions of an
identifiable adult.
(3) Congressional notification.—Not later than 7 days
after the date on which the head of a Federal agency issues a
certification under paragraph (2), the head of the Federal
agency shall submit to the appropriate congressional
committees a notification of the certification that
identifies the safeguards described in paragraph (1).
(e) Cure.—If the Administrator or the head of a Federal
agency determines that an artificial intelligence model
constitutes a covered application, the Administrator or the
head of the Federal agency may offer the vendor of the
artificial intelligence model an opportunity to modify the
artificial intelligence model in order to remove the status
of the artificial intelligence model as a covered application
at the cost of the vendor to avoid the removal required under
subsection (c)(2).
(f) Limited Safe Harbor.—
(1) Limited developer safe harbor.—
(A) In general.—Subject to paragraph (2), the developer of
an artificial intelligence model that possesses or produces
child pornography solely for the purpose of developing a good
faith technical control shall be deemed to not be in
violation of section 2251 or section 1466A of title 18,
United States Code.
(B) Limitations.—Any child pornography material possessed
or generated by the developer of an artificial intelligence
model, as described in subparagraph (A)—
(i) may not be retained longer than necessary to develop a
technical control and in no instance longer than—
(I) with respect to an electronic communication service
provider, 1 year; and
(II) with respect to any other entity, 30 days;
(ii) shall be reported to the CyberTipline of the National
Center for Missing and Exploited Children;
(iii) shall be handled in accordance with the guidelines
issued by the Attorney General under paragraph (2); and
(iv) may not be used for a purpose other than to develop a
technical control.
(2) Guidelines.—Not later than 90 days after the date of
enactment of this Act, the Attorney General shall issue
guidelines for compliance with paragraph (1) by developers of
artificial intelligence models that—
(A) define practices constituting good faith activity;
(B) define instances that are indicia a developer has not
acted in good faith, including—
(i) instances in which a technical control developed
pursuant to paragraph (1)(A) is not materially robust; and
(ii) instances in which a developer has refused or taken
materially ineffective measures to address circumvention
behavior described in paragraph (3); and
(C) clarify circumstances under which criminal liability
under section 2251 or section 1466A of title 18, United
States Code, may still apply, such as in instances of
reckless or negligent conduct.
(3) Prohibition on products and services for
circumvention.—No person may deliberately manufacture,
import, or offer to the public a technology, product,
service, device, component, or part thereof that—
(A) is primarily designed or produced and promoted for the
purpose of circumventing, removing or tampering with a
technical control;
(B) has only limited commercially significant or expressive
purpose or use other than to circumvent, remove or tamper
with a technical control and is promoted for a purpose
described in subparagraph (A); or
(C) is marketed by the person or another party acting in
concert with the person with the knowledge of the person for
use in circumventing, removing or tampering with a technical
control.
(4) Private right of action.—
(A) In general.—The following persons may commence a civil
action in an appropriate district court of the United States:
(i) An individual whose image or likeness is contained in
any child pornography and who is injured by a developer
mishandling such child pornography in violation of paragraph
(1).
(ii) An individual who has been injured by a developer
failing to implement sufficiently robust technical controls
to prevent their image or likeness from being used to
generate child pornography, or been injured by any person who
has generated child pornography with the image or likeness of
that individual, in violation of paragraph (3).
(iii) A developer whose technical controls are subverted by
a person in violation of paragraph (3).
(B) Powers of the court.—In an action brought under
subparagraph (A), the court—
(i) may grant temporary and permanent injunctions on such
terms as it determines reasonable to prevent or restrain a
violation, but in no event shall impose a prior restraint on
free speech or the press protected under the First Amendment
to the Constitution of the United States;
(ii) at any time while an action is pending, may order the
impounding, on such terms as it determines reasonable, of any
device or product that is in the custody or control of the
alleged violator and that the court has reasonable cause to
believe was involved in a violation;
(iii) may award damages under subparagraph (C);
(iv) in its discretion may allow the recovery of costs by
or against any party other than the United States or an
officer thereof;
(v) in its discretion may award reasonable attorney's fees
to the prevailing party; and
(vi) may, as part of a final judgment or decree finding a
violation, order the remedial modification or the destruction
of any device or product involved in the violation that is in
the custody or control of the violator or has been impounded
under clause (ii).
(C) Award of damages.—
(i) In general.—Except as otherwise provided in this
section, a person committing a violation of this section is
liable for either—
(I) the actual damages and any additional profits of the
violator, as provided in clause (ii), or
(II) statutory damages, as provided in clause (iii).
(ii) Actual damages.—In an action brought under this
paragraph, the court shall award to the complaining party the
actual damages suffered by the party as a result of the
violation, and any profits of the violator that are
attributable to the violation and are not taken into account
in computing the actual damages, if the complaining party
elects such damages at any time before final judgment is
entered.
(iii) Statutory damages.—At any time before final judgment
is entered in a case brought under this paragraph, a
complaining party may elect to recover an award of statutory
damages of $50,000.
(D) Repeated violations.—In any action brought under this
paragraph in which the injured party sustains the burden of
proving, and the court finds, that a person has violated this
section within 3 years after a final judgment was entered
against the person for another such violation, the court may
increase the award of damages up to triple the amount that
would otherwise be awarded, as the court considers just.
(E) Innocent violations.—In an action brought under this
paragraph, the court in its discretion may reduce or remit
the total award of damages in any case in which the violator
sustains the burden of proving, and the court finds, that the
violator was not aware and had no reason to believe that its
acts constituted a violation.