The Unexpected AI Regulators
The axiom that legislators legislate and regulators regulate is typically applied to centers of government, like Washington D.C. or Brussels, where there can be a default instinct to create guardrails and restrictions whenever a new societal challenge is identified. But in a perceived accountability vacuum around artificial intelligence, states are seriously considering policies to get ahead of potential risks. California, Texas and New York have already passed legislation that would provide regulatory frameworks applicable to large AI developers. Now, legislators in Utah are swiftly progressing a bill that would provide a comparable level of oversight.
H.B. 286 Artificial Intelligence Transparency Amendments
Stepping carefully in light of White House directives for states not to impede AI progress and Utah’s own pro-business reputation, the sponsors of H.B. 286 (Representative Doug Fiefia and Senator Mike McKell) are proposing a framework intended to mitigate child safety and large-scale, catastrophic risks through registration and reporting requirements. Specifically, the bill creates a new AI Transparency Act, which would apply to a category of “large frontier developers,” defined as AI companies that have foundation level computational power of 10²⁶ FLOPs (a threshold used in other contexts that captures the largest AI companies) and over $500 million in revenues.
For companies falling into this category, the bill has the following key features:
-
Mandatory Safety & Child Protection Plans: Developers must write, implement, and host public safety plans (to address catastrophic risks like cyberattacks or chemical weapons assistance) and child protection plans (detailing how they mitigate harms to minors and incorporate national safety standards).
-
Risk Assessment & Incident Reporting: Companies are required to publish summaries of their internal risk assessments and must report “critical safety incidents”—such as the unauthorized release of model weights or AI-driven bodily harm—to Utah’s new Office of Artificial Intelligence Policy.
-
Whistleblower Protections: The bill establishes legal safeguards for employees of AI companies who report safety concerns or violations, prohibiting retaliatory “adverse actions” by the developer.
-
Truth in Safety Labeling: It explicitly prohibits developers from making “materially false or misleading statements” regarding their safety plans or the risks posed by their models, allowing for civil penalties if a company claims to have safety measures that don’t actually exist.
-
Enforcement Mechanisms: Violations are subject to civil penalties, and the bill creates an enforcement fund to ensure the state has the resources to oversee these large entities.
Disclosure Framework
It’s worth emphasizing that the bill would only regulate the largest of AI companies (i.e., not start-ups or companies in other spaces building out AI applications). And even at that level, it doesn’t restrict development but rather requires a level of “check in” and reporting with the state. Presumably, much would need to be worked out over time through rulemaking by the Office of AI Policy to provide specifics regarding the details of both what an adequate safety plan would entail and what results should they report to the state their model’s ability to cause harm.
How the Bill fits into Utah’s Approach to AI
In December, Utah held an AI summit, hosted by Governor Cox. State leaders were vocal about their desire to get ahead of emerging technologies that pose threats to mental health and to minors. As an alternative, they proposed a Pro Human AI initiative that would incentivize development that promotes human flourishing while being watchful. Last year, the State implemented an AI sandbox which has already authorized novel applications like an AI tool empowered to issue prescriptions for chronic illnesses. H.B. 286 would fit into the protective side of the equation.
