Amd §§1420 & 1428, ren §§1425 - 1429 to be §§1426 - 1430, add §1425, Gen Bus L; amd §87, Pub Off L
Requires third party verification of compliance with transparency and safety requirements for developers of artificial intelligence models; requires publication of such compliance reports
STATE OF NEW YORK
________________________________________________________________________
10373
IN SENATE
May 15, 2026
___________
Introduced by Sen. GOUNARDES -- read twice and ordered printed, and when
printed to be committed to the Committee on Internet and Technology
AN ACT to amend the general business law and the public officers law, in
relation to third party verification of compliance with transparency
and safety requirements for developers of artificial intelligence
models
The People of the State of New York, represented in Senate and Assem-bly, do enact as follows:
1 Section 1. Section 1420 of the general business law is amended by
2 adding a new subdivision 17 to read as follows:
3 17. "Third party verifier" means a person, other than an affiliate of
4 a large frontier developer, who is retained, contracted, or otherwise
5 engaged by a large frontier developer to verify such developer's compli-
6 ance with such developer's frontier AI framework.
7 § 2. Sections 1425, 1426, 1427, 1428 and 1429 of the general business
8 law are renumbered sections 1426, 1427, 1428, 1429 and 1430 respective-
9 ly, and a new section 1425 is added to read as follows:
10 § 1425. Third party verification. 1. A large frontier developer shall
11 annually retain, contract, or otherwise engage a third party verifier to
12 produce a report assessing the following:
13 (a) whether a large frontier developer has complied with its frontier
14 AI framework as well as any instances of noncompliance with such frame-
15 work;
16 (b) where such AI framework may require additional clarity and detail
17 in order to better assess compliance;
18 (c) whether any redactions made by the large frontier developer pursu-
19 ant to subdivision five of section fourteen hundred twenty-one of this
20 article are in compliance with such subdivision;
21 (d) whether any statements made by the large frontier developer to the
22 public, office, attorney general, or to other governmental entities
23 regarding catastrophic risk from such developer's frontier model, such
24 developer's management of such risk, and/or such developer's compliance
25 with such developer's frontier AI framework are inconsistent with the
26 findings of the third party verifier's report.
EXPLANATION--Matter in italics (underscored) is new; matter in brackets
[] is old law to be omitted.
LBD15827-02-6
S. 10373 2
1 2. A large frontier developer shall grant the third party verifier
2 access to:
3 (a) All materials submitted to the office pursuant to this article;
4 (b) Unredacted versions of all documents published by the large fron-
5 tier developer pursuant to section fourteen hundred twenty-one of this
6 article; and
7 (c) Any other materials reasonably necessary to perform the assessment
8 provided in subdivision one of this section.
9 3. In retaining, contracting, or otherwise engaging a third party
10 verifier, a large frontier developer shall not condition any payment or
11 form of compensation to a third party verifier upon the results of such
12 verifier's assessment.
13 4. Prior to January first, two thousand twenty-nine, a large frontier
14 developer may retain, contract, or otherwise engage a third party veri-
15 fier of their choosing, provided that such developer may not retain,
16 contract, or otherwise engage a third party verifier with a financial
17 stake in such developer, nor may they retain, contract, or otherwise
18 engage a third party verifier in which such developer has a financial
19 stake.
20 5. A large frontier developer shall retain the third party verifier's
21 report provided in subdivision one of this section for a minimum of five
22 years and shall allow the office or the attorney general to inspect an
23 unredacted version of such report upon request.
24 6. The third party verifier shall conspicuously publish a summary of
25 the verifier's report within sixty days of such report's completion.
26 Such publication shall not contain any information that would jeopardize
27 the large frontier developer's trade secrets, cybersecurity, public
28 safety, or the national security of the United States.
29 7. A large frontier developer shall clearly and conspicuously publish
30 a link on its internet website to the summary provided in subdivision
31 six of this section within fifteen days of a third party verifier's
32 publication of such summary.
33 8. No later than July first, two thousand twenty-eight, the office
34 shall adopt regulations to:
35 (a)(i) Establish a process by which the office accredits third party
36 verifiers under this section. Such accreditation shall be conditioned
37 upon:
38 (A) sufficient expertise amongst the personnel retained, contracted,
39 or otherwise engaged by the third party verifier to verify frontier
40 developers' compliance with such developers' frontier AI frameworks,
41 including expertise in corporate compliance and technical expertise in
42 foundation and frontier model safety; and
43 (B) the verifier's ability to address potential conflicts of interest
44 that may undermine the integrity, quality, and/or independence of such
45 verification.
46 (ii) Such regulations shall also prescribe the circumstances under
47 which and procedure by which the office may revoke accreditation.
48 (iii) The office may place requirements on accredited third party
49 verifiers as they deem reasonably necessary to ensure the integrity,
50 quality, and/or independence of the verification process, including
51 prohibiting the employees of the third party verifier from being
52 employed by a frontier developer for a period of time after such employ-
53 ees' employment with the third party verifier;
54 (b) Stipulate the level of access that large frontier developers must
55 provide to third party verifiers to enable a meaningful assessment of
56 compliance with such developers' frontier AI frameworks;
S. 10373 3
1 (c) Ensure the protection of a large frontier developer's trade
2 secrets and cybersecurity;
3 (d) Stipulate the minimum amount of information that a third party
4 verifier must include in its report of compliance assessment; and
5 (e) Stipulate the required content and permissible redactions of
6 summaries provided pursuant to subdivision six of this section.
7 9. On and after January first, two thousand twenty-nine, a large fron-
8 tier developer may retain, contract, or otherwise engage no third party
9 verifier for the annual report required in subdivision one of this
10 section other than a third party verifier who has been accredited by the
11 office pursuant to regulations promulgated under subdivision eight of
12 this section.
13 10. The office shall review the regulations promulgated under this
14 section on an annual basis. Where the office deems necessary, the office
15 shall update such regulations to account for changes in the third party
16 verifier market, any verification gaps that have been identified over
17 the course of implementation, and/or changes to scientific understanding
18 of catastrophic risk that have developed since the last update to such
19 regulations.
20 § 3. Subdivision 1 of section 1428 of the general business law, as
21 added by chapter 96 of the laws of 2026, and such section as renumbered
22 by section two of this act, is amended to read as follows:
23 1. The attorney general may bring a civil action to recover a civil
24 penalty in an amount not to exceed one million dollars for a first
25 violation and in an amount not to exceed three million dollars per
26 subsequent violation, determined based on the severity of the violation
27 where a large frontier developer fails to publish or transmit a compli-
28 ant document required to be published or transmitted under this article,
29 makes a statement in violation of subdivision four of section fourteen
30 hundred twenty-one of this article, fails to report an incident as
31 required by section fourteen hundred twenty-two of this article, [or]
32 fails to comply with its own frontier AI framework, or fails to comply
33 with section fourteen hundred twenty-five of this article.
34 § 4. Subdivision 2 of section 87 of the public officers law is amended
35 by adding a new paragraph (w) to read as follows:
36 (w) is a report produced by a third party verifier under section four-
37 teen hundred twenty-five of the general business law.
38 § 5. Severability. If any clause, sentence, paragraph, subdivision,
39 section or part of this act shall be adjudged by any court of competent
40 jurisdiction to be invalid, such judgment shall not affect, impair, or
41 invalidate the remainder thereof, but shall be confined in its operation
42 to the clause, sentence, paragraph, subdivision, section, or part there-
43 of directly involved in the controversy in which such judgment shall
44 have been made.
45 § 6. This act shall take effect on the thirtieth day after it shall
46 have become a law; provided, however, that if article 44-B of the gener-
47 al business law, as added by chapter 96 of the laws of 2026, shall not
48 have taken effect on or before such date then this act shall take effect
49 thirty days after such article takes effect.
