N.Y.
General Business Law Section 1421
Transparency requirements
1.
A large frontier developer shall write, implement, comply with, and clearly and conspicuously publish on its internet website a frontier AI framework that applies to the large frontier developer’s frontier models and describes in detail how the large frontier developer handles all of the following:(a)
incorporating national standards, international standards, and industry consensus best practices into its frontier AI framework;(b)
defining and assessing thresholds used by the large frontier developer to identify and assess whether a frontier model has capabilities that could pose a catastrophic risk, which may include multiple-tiered thresholds;(c)
applying mitigations to address the potential for catastrophic risks based on the results of assessments undertaken pursuant to paragraph (b) of this subdivision;(d)
reviewing assessments and adequacy of mitigations as part of the decision to deploy a frontier model or use it extensively internally;(e)
using third parties to assess the potential for catastrophic risks and the effectiveness of mitigations of catastrophic risks;(f)
revisiting and updating the frontier AI framework, including any criteria that trigger updates and how the large frontier developer determines when its frontier models are substantially modified enough to require disclosures pursuant to subdivision three of this section;(g)
cybersecurity practices to secure unreleased model weights from unauthorized modification or transfer by internal or external parties;(h)
identifying and responding to critical safety incidents;(i)
instituting internal governance practices to ensure implementation of these processes; and(j)
assessing and managing catastrophic risk resulting from the internal use of its frontier models, including risks resulting from a frontier model circumventing oversight mechanisms.2.
(a) A large frontier developer shall review and, as appropriate, update its frontier AI framework at least once per year.(b)
If a large frontier developer makes a material modification to its frontier AI framework, the large frontier developer shall clearly and conspicuously publish the modified frontier AI framework and a justification for that modification within thirty days.3.
(a) Before, or concurrently with, deploying a new frontier model or a substantially modified version of an existing frontier model, a frontier developer shall clearly and conspicuously publish on its internet website a transparency report containing all of the following:(i)
the internet website of the frontier developer;(ii)
a mechanism that enables a natural person to communicate with the frontier developer;(iii)
the release date of the frontier model;(iv)
the languages supported by the frontier model;(v)
the modalities of output supported by the frontier model;(vi)
the intended uses of the frontier model; and(vii)
any generally applicable restrictions or conditions on uses of the frontier model.(b)
Before, or concurrently with, deploying a new frontier model or a substantially modified version of an existing frontier model, a large frontier developer shall include in the transparency report required by paragraph (a) of this subdivision, summaries of all of the following:(i)
assessments of catastrophic risks from the frontier model conducted pursuant to the large frontier developer’s frontier AI framework;(ii)
the results of the assessments under subparagraph (i) of this paragraph;(iii)
the extent to which third-party evaluators were involved; and(iv)
other steps taken to fulfill the requirements of the frontier AI framework with respect to the frontier model.(c)
A frontier developer that publishes the information described in paragraph (a) or (b) of this subdivision as part of a larger document, including a system card or model card, shall be deemed in compliance with the applicable paragraph.4.
(a) (i) A frontier developer shall not make a materially false or misleading statement about catastrophic risk from its frontier models or its management of catastrophic risk.(ii)
A large frontier developer shall not make a materially false or misleading statement about its implementation of, or compliance with, its frontier AI framework.(b)
This subdivision shall not apply to a statement that was made in good faith and was reasonable under the circumstances.5.
(a) When a frontier developer publishes documents to comply with this section, such frontier developer may make redactions to such documents that are necessary to protect such frontier developer’s trade secrets, such frontier developer’s cybersecurity, public safety, or the national security of the United States or to comply with any federal or state law.(b)
If a frontier developer redacts information in a document pursuant to this subdivision, such frontier developer shall describe the character and justification of such redaction in any published version of such document to the extent permitted by the concerns that justify redaction and shall retain the unredacted information for five years. * NB Effective January 1, 2027
Source:
Section 1421 — Transparency requirements, https://www.nysenate.gov/legislation/laws/GBS/1421 (updated Apr. 3, 2026; accessed Jun. 18, 2026).
