Model AI Legislation Framework

Tier 1 – Foundational Framework | Tier 2 – Technical Basis | Tier 3 – Adoption & Implementation

Tier 1 – Foundational Framework

Version 2.2 | December 2025

A risk-based legislative foundation for artificial intelligence oversight

Developed by AI Safety International

I. Purpose and Legislative Intent

A. Purpose

  • Establish a practical, risk-based framework for the evaluation and governance of artificial intelligence systems.
  • Provide a standardized failure-analysis method applicable across agencies and jurisdictions.
  • Enable oversight without prescribing specific technologies or architectures.

B. Legislative Intent

  • This framework is intended to:
    • Support innovation while mitigating identifiable harms
    • Avoid ideological, ethical, or speculative mandates
    • Emphasize measurable risk, documentation, and accountability
  • The legislature does not seek to:
    • Regulate speech, ideas, or research
    • Mandate surveillance of users
    • Freeze technological development

II. Scope and Applicability

A. Systems Covered

  • Artificial intelligence systems that:
    • Engage in direct human interaction
    • Influence decision-making, behavior, or emotional state
    • Are deployed at scale or within regulated environments

B. Systems Excluded

  • Non-interactive computational tools
  • Internal research systems not exposed to the public
  • Deterministic software without adaptive behavior

C. Tiered Applicability

  • Proportional requirements based on:
    • Risk classification
    • Deployment context
    • User exposure level

III. Definitions

A. Artificial Intelligence System

  • Functional definition based on behavior and deployment, not model type

B. Failure Mode

  • A specific, identifiable way an AI system may produce harm or unintended consequence

C. Risk Assessment

  • A structured evaluation of severity, likelihood, and detectability of failure modes

D. Operator / Deployer

  • The entity responsible for deployment, configuration, or public availability

IV. Risk-Based Assessment Requirement

A. Mandatory Risk Assessment

  • Covered systems must undergo a documented risk analysis prior to deployment

B. Assessment Methodology

  • Risk assessment shall:
    • Identify plausible failure modes
    • Score severity, occurrence, and detectability
    • Assign proportional mitigation requirements

C. Accepted Methodologies

  • Use of recognized engineering frameworks, including:
    • Failure Mode and Effects Analysis (FMEA) or equivalent structured methods

V. Documentation and Accountability

A. Required Documentation

  • Risk assessment summary
  • Mitigation strategies
  • Monitoring and review procedures

B. Record Retention

  • Documentation retained for a defined period
  • Available for regulatory or judicial review when required

C. Transparency Without Disclosure

  • No requirement to disclose proprietary models or training data
  • Focus on process and outcomes, not internals

VI. Oversight and Review Mechanisms

A. Designated Oversight Authority

  • Assignment to an existing agency or designated body
  • No creation of new surveillance structures by default

B. Periodic Review

  • Risk assessments updated when:
    • System behavior materially changes
    • Deployment context changes
    • New failure modes are identified

C. Incident Response

  • Defined procedures for responding to demonstrated harm

VII. Enforcement and Proportional Remedies

A. Enforcement Principles

  • Proportional, risk-based enforcement
  • Focus on correction, not punishment

B. Remedies

  • Required mitigation
  • Temporary deployment limitations
  • Documentation correction

C. Safe Harbor

  • Good-faith compliance with assessment requirements provides liability mitigation

VIII. Adaptability and Future Updates

A. Framework Evolution

  • Allows updates to assessment standards without statutory rewrite

B. Standards Referencing

  • Enables incorporation of updated technical standards over time

C. Sunset Review

  • Periodic legislative review of framework effectiveness

IX. Non-Preemption and Jurisdictional Coordination

A. Federal / State Compatibility

  • Framework designed to coexist with state or sector-specific laws

B. International Alignment

  • Compatible with international risk-based approaches without enforcing them

X. Effective Date and Transitional Provisions

A. Phased Implementation

  • Grace period for compliance
  • Pilot or voluntary adoption options

B. Guidance Period

  • Agencies may issue interpretive guidance during rollout

XI. Technical Appendix (Referenced, Not Codified)

A. Risk Assessment Models

  • Example AI-FMEA structures
  • Severity / Occurrence / Detection scales

B. Illustrative Use Cases

  • Conversational AI
  • Decision support systems
  • Emotional or behavioral influence systems

C. Non-Binding Nature

  • Appendix is explanatory, not statutory

Proceed to Tier 2: Technical Basis, which provides the detailed risk-assessment methodology, scoring logic, and operational structures referenced in this framework.

Tier 1 – Foundational Framework | Tier 2 – Technical Basis | Tier 3 – Adoption & Implementation

Printed or downloaded copies may not reflect the most current revision. The authoritative version is maintained at aisafetyinternational.com.

Model AI Legislation Framework Tier 1 v2.2Download
Scroll to Top