STATE OF NEW YORK
________________________________________________________________________
6656
2025-2026 Regular Sessions
IN ASSEMBLY
March 6, 2025
___________
Introduced by M. of A. RAJKUMAR -- read once and referred to the Commit-
tee on Consumer Affairs and Protection
AN ACT to amend the general business law, in relation to responsible
capability scaling policies
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. The general business law is amended by adding a new section
2 390-f to read as follows:
3 § 390-f. Responsible capability scaling. 1. For the purposes of this
4 section the following terms shall have the following meanings:
5 (a) "Artificial intelligence" shall mean any set of computer program-
6 ming instructions for the purpose of creating technology that performs
7 its own decision making.
8 (b) "Chief information officer" shall mean the individual or office
9 established pursuant to executive order no. 117 issued on January twen-
10 ty-eighth, two thousand two by Governor Pataki, or any successor indi-
11 vidual or office designated by the governor or provided for in statute,
12 or an individual or office designated by the governor or provided for in
13 statute to regulate artificial intelligence. Such term may also be used
14 to refer to the office of the "chief cyber officer" appointed by the
15 governor.
16 (c) "Responsible capability scaling policy" shall mean a set of best
17 practices that identify, monitor, and rectify or mitigate risk of harm.
18 2. (a) Every person, firm, partnership, association or corporation
19 doing business or offering products to consumers in New York state shall
20 develop a responsible capability scaling policy for the use and develop-
21 ment of artificial intelligence by such entity.
22 (b) Each such entity shall file an annual certification of compliance
23 with this section with the chief information officer.
24 (c) The chief information officer may issue waivers or designate cate-
25 gories of entities that are covered or exempt from the requirements of
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD07117-02-5
A. 6656 2
1 this section. Such information shall be available on the secretary of
2 state's website.
3 (d) The attorney general, in consultation with the chief information
4 officer, shall have the power to audit the policies filed by entities
5 under this section.
6 3. If an entity also has to file any certification of cybersecurity
7 compliance with the department of financial services, such filings shall
8 be done jointly.
9 4. The chief information officer shall promulgate rules and regu-
10 lations for the implementation of the provisions of this section.
11 § 2. This act shall take effect on the ninetieth day after it shall
12 have become a law. Effective immediately, the addition, amendment and/or
13 repeal of any rule or regulation necessary for the implementation of
14 this act on its effective date are authorized to be made and completed
15 on or before such effective date.
