Sponsors (13)
The bill strengthens U.S. defenses, definitions, and government tools to protect American AI models and IP—improving national security and enforcement—but does so at the cost of greater compliance burdens, concentrated executive authority, potential diplomatic friction, and risks of chilling legitimate research and collaboration.
Owners and operators of U.S. closed-source AI models (tech companies, researchers, model maintainers) will receive coordinated federal assistance, definitions, and response support to detect, deter, and respond to model-extraction attacks.
U.S. companies and model owners get clearer legal definitions for 'closed-source' models, 'model extraction,' and export/reexport terms, reducing legal uncertainty and aiding IP enforcement and compliance.
The government can use export controls and Entity List-style restrictions to block access to U.S. software, components, and services for actors that conduct model-extraction attacks, limiting foreign adversaries' ability to acquire advanced AI capabilities.
Researchers, engineers, and legitimate interoperability testers will face chilling effects from broad or vague definitions and aggressive countermeasures, reducing beneficial research, interoperability testing, and innovation.
Small businesses, startups, and model owners will incur increased compliance, reporting, and potential surveillance costs from consultations, voluntary sharing, enforcement activities, and regulatory complexity.
Concentrating designation and enforcement authority in executive-branch processes and cross-referenced statutes could produce opaque, fast-moving foreign-policy and economic impacts with limited congressional review.
Based on analysis of 5 sections of legislative text.
Directs federal assessments, a public attackers list, best‑practice guidance, export‑control review, and possible sanctions to deter foreign model‑extraction attacks on U.S. closed‑source AI models.
Introduced April 15, 2026 by Bill Huizenga · Last progress April 15, 2026
Creates a government effort to identify, report on, and punish foreign actors who steal capabilities from U.S. closed‑source AI models by means like model extraction attacks. It directs State and Commerce to assess attackers and fraudulent account providers, publish guidance and an attackers list, set up confidential reporting and information sharing, and requires Commerce to consider adding offending parties to the Entity List and authorizes the President to block property and transactions under IEEPA. Sets deadlines (180–210 days) for initial assessments, reports, and guidance, establishes technical definitions and who counts as an "entity of concern," and includes procedures and exceptions for enforcement actions and sanctions.