This bill tells the National Institute of Standards and Technology (NIST) to create voluntary guidelines to check how safe and reliable AI systems are, both by a company’s own team and by outside reviewers. NIST must publish these guidelines within a year and keep them updated, and they should cover things like protecting people’s privacy, reducing harms, checking data quality, clear documentation, and strong governance. The guidelines cannot force any specific tech solutions and must protect sensitive information. NIST has to get public input and make drafts available online . The bill also defines key roles like “developer,” “deployer,” and what counts as internal and external AI assurance and an independent third-party reviewer .

An advisory committee will recommend what skills and independence outside AI reviewers should have, drawing on real-world case studies. It must publish recommendations within a year, and then the committee ends. Members will include people from universities, AI builders and users, safety groups, consumer groups, and more . The Commerce Department must also study the market for AI assurance—looking at staff, tools, infrastructure, safeguards for confidential data, and demand—and report back within a year. It will also consider using existing accredited labs for outside reviews .

Key points

• Who is affected: Companies that build or use AI systems; independent AI evaluators; consumers who rely on safer AI tools .
• What changes: New voluntary guidelines for testing and reviewing AI; public input on drafts; recommendations on reviewer qualifications; a federal study of the assurance market and capabilities .
• When: NIST publishes guidelines within 1 year and updates them at least every 2 years; the advisory committee starts within 90 days of the guidelines and reports within 1 year; the market study begins within 90 days of the guidelines and reports within 1 year .