H.R. 9720, AI Incident Reporting and Security Enhancement Act

H.R. 9720 would require the National Institute of Standards and Technology (NIST) to establish common definitions and identify characteristics of security vulnerabilities of artificial intelligence (AI) that would make the National Vulnerability Database inappropriate for managing those vulnerabilities. The bill also would require NIST to support the development of standards and guidance for technical vulnerability management processes related to AI and to update the database and associated vulnerability management processes. Finally, H.R. 9720 would require NIST to work with interested parties to develop and then report to the Congress on a process to voluntarily collect, report, and track substantial AI security incidents.

Based on the cost of similar requirements, CBO expects that NIST will need three employees, at an average annual cost of $250,000 per person in 2025, to carry out the requirements of H.R. 9720. Accounting for anticipated inflation, CBO estimates that implementing the bill would cost $3 million over the 2025-2029 period. Any related spending would be subject to the availability of appropriated funds.