N.Y.
General Business Law Section 1422
Reporting
1.
The office shall establish a mechanism to be used by a frontier developer or a member of the public to report a critical safety incident that includes all of the following:(a)
the date of the critical safety incident;(b)
the reasons the incident qualifies as a critical safety incident;(c)
a short and plain statement describing the critical safety incident; and(d)
whether the incident was associated with internal use of a frontier model.2.
(a) A large frontier developer shall transmit to the office a summary of any assessment of catastrophic risk resulting from internal use of its frontier models every three months or pursuant to another reasonable schedule requested by the large frontier developer, communicated in writing to the office with written updates, as appropriate, and agreed upon by the office. The office shall establish a mechanism to be used by a large frontier developer to confidentially submit summaries of any assessments of the potential for catastrophic risk resulting from internal use of its frontier models.(b)
The office shall take all reasonable precautions to limit access to any reports related to internal use of frontier models to only personnel authorized to know the information and to protect the reports from unauthorized access.3.
(a) Subject to paragraph (b) of this subdivision, a frontier developer shall report any critical safety incident pertaining to one or more of its frontier models to the office within seventy-two hours from a determination that a critical safety incident has occurred or within seventy-two hours of the frontier developer learning facts sufficient to establish a reasonable belief that a critical safety incident has occurred.(b)
If a frontier developer discovers that a critical safety incident poses an imminent risk of death or serious physical injury, the frontier developer shall disclose that incident within twenty-four hours to an authority, including any law enforcement agency or public safety agency with jurisdiction, that is appropriate based on the nature of that incident and as required by law.(c)
A frontier developer that discovers information about a critical safety incident after filing the initial report required by this subdivision may file an amended report.4.
The office shall review critical safety incident reports submitted by frontier developers and may review reports submitted by members of the public.5.
(a) The office may transmit reports of critical safety incidents or summaries of any assessments of catastrophic risk from internal use of frontier models to other governmental entities at their discretion, considering for example and without limitation the following: the severity of any such incident, potential ongoing risks, legal or regulatory obligations, the need for coordinating with other governmental agencies or other entities and the availability of information. The office shall consider transmitting such reports or summaries to the office of the attorney general, as appropriate. Any report transmitted from the office to another governmental entity shall be exempt from disclosure under article six of the public officers law.(b)
The office may consider, at its discretion, any risks related to trade secrets, public safety, cybersecurity of a frontier developer, or national security when transmitting reports.6.
A report of a critical safety incident submitted to the office pursuant to this section and a report of assessments of catastrophic risk from internal use pursuant to section fourteen hundred twenty-one of this article, are exempt from disclosure under article six of the public officers law.7.
(a) Beginning January first, two thousand twenty-eight, and annually thereafter, the office shall produce a report, that includes the following:(i)
anonymized and aggregated information about critical safety incidents that have been reviewed by the office since the preceding report;(ii)
any information that the office deems relevant to frontier model safety;(iii)
recommended updates to this article, if any; and(iv)
any developments relevant to the purposes of this article.(b)
The office shall not include information in a report pursuant to this subdivision that would compromise the trade secrets or cybersecurity of a frontier developer, public safety, or the national security of the United States or that would be prohibited by any federal or state law.(c)
The office shall transmit a report pursuant to this subdivision to the governor, the temporary president and minority leader of the senate, the speaker and minority leader of the assembly, the chair and ranking member of the senate committee on internet and technology, and the chair and ranking member of the assembly committee on science and technology.8.
The office may adopt regulations designating one or more federal laws, regulations, or guidance documents that meet all of the following conditions for the purposes of subdivision nine of this section:(a)
(i) the law, regulation, or guidance document imposes or states standards or requirements for critical safety incident reporting that are substantially equivalent to, or stricter than, those required by subdivision three of this section; and(ii)
the law, regulation, or guidance document described in subparagraph (i) of this paragraph does not need to require critical safety incident reporting to the state of New York; and(b)
the law, regulation, or guidance document is intended to assess, detect, or mitigate the catastrophic risk.9.
(a) A frontier developer that intends to comply with subdivision three of this section by complying with the requirements of, or meeting the standards stated by, a federal law, regulation, or guidance document designated pursuant to subdivision eight of this section shall declare its intent to do so to the office.(b)
After a frontier developer has declared its intent pursuant to paragraph (a) of this subdivision, the following shall apply:(i)
the frontier developer shall be deemed in compliance with subdivision three of this section to the extent that the frontier developer meets the standards of, or complies with the requirements imposed or stated by, the designated federal law, regulation, or guidance document until the frontier developer declares the revocation of that intent to the office or the office revokes a relevant regulation pursuant to subdivision ten of this section;(ii)
the failure by a frontier developer to meet the standards of, or comply with the requirements stated by, the federal law, regulation, or guidance document designated pursuant to subdivision eight of this section shall constitute a violation of this article; and(iii)
frontier developers who comply with subdivision three of this section by meeting such federal standards shall send copies of any critical safety incident reports required by such federal standards to the office concurrently with sending them to federal authorities.10.
The office shall revoke a regulation adopted under subdivision eight of this section if the requirements of subdivision eight of this section are no longer met. * NB Effective January 1, 2027
Source:
Section 1422 — Reporting, https://www.nysenate.gov/legislation/laws/GBS/1422 (updated Apr. 3, 2026; accessed Jun. 18, 2026).
