Sponsors (13)
The bill strengthens federal tools, definitions, and export controls to protect U.S. AI models and IP from extraction attacks—improving national security and clarity for owners—while imposing new compliance costs, raising civil‑liberty and research‑chill risks, and concentrating designation authority in the executive branch.
Owners of U.S. closed‑source AI models and their tech teams will get coordinated federal assistance (detection, deterrence, response) and an interagency process to act more quickly against model‑extraction attacks.
U.S. companies and researchers gain clearer legal definitions of 'closed‑source' models, 'model extraction attacks', and owner rights, reducing legal uncertainty and helping enforcement of IP and export rules.
The bill strengthens export‑control options (including adding malicious actors to restricted lists) to block access to U.S. software and components for entities that steal model capabilities, protecting U.S. AI IP and market position.
U.S. companies (especially smaller firms) will face increased compliance, reporting, consultation, and information‑sharing burdens that raise costs and divert resources from product development.
Broad or aggressive definitions and enforcement of 'model extraction' and related restrictions could chill legitimate research, defensive interoperability testing, and international scientific collaboration.
Foreign individuals, immigrants, and benign organizations risk being labeled 'entities of concern' or 'fraudulent account network providers,' leading to collateral restrictions and reputational harms.
Based on analysis of 5 sections of legislative text.
Directs State and Commerce to identify and report foreign actors who perform model-extraction attacks on U.S. closed-source AI, publish attacker lists and guidance, and allow Entity List additions and IEEPA blocking sanctions.
Introduced April 15, 2026 by Bill Huizenga · Last progress April 15, 2026
Creates a federal program to identify, report, and punish foreign actors who steal capabilities from U.S. closed-source AI models through "model extraction" attacks. The law directs State and Commerce to assess attackers and fraudulent account networks, publish an attackers list and best-practice guidance, enable confidential reporting by model owners, and allows Commerce to add offending firms to the Entity List and the President to block property and transactions under IEEPA, with timelines for initial reports and reviews within 180–210 days of enactment.