HomeLawsState Artificial Intelligence Laws in the USNY Raise Act

NY Raise Act

New York’s RAISE Act, signed into law in December 2025, establishes strict safety and transparency rules for developers of powerful AI models—especially those spending over $100 million in compute. It’s the first state law in the U.S. to target “frontier” AI systems.

🧠 What Is the RAISE Act?

RAISE stands for Responsible AI Safety and Education Act. It amends New York’s General Business Law to regulate the development and deployment of frontier AI models, defined as:

  • Models trained using over 10²⁶ computational operations or costing more than $100 million in compute.
  • Models derived from such systems via knowledge distillation.

🏛️ Who Must Comply?

The law applies to “large developers” who:

  • Have trained at least one qualifying frontier model.
  • Spent over $100 million in aggregate compute costs on frontier model training.
  • Academic institutions are exempt.

What is a frontier model?

Under the New York RAISE Act, a “frontier AI model” is defined as an extremely large‑scale, high‑compute artificial intelligence system—specifically one trained using more than 10^{26} computational operations (FLOPs) or costing over $100 million in compute, including any smaller model created through knowledge distillation from such a system.

Below is a clear breakdown so you can see exactly what qualifies.

🧠 What Counts as a Frontier AI Model Under the RAISE Act?

  1. Compute Threshold

A model is considered a frontier model if it was trained using:

  • More than 10^{26} computational operations (FLOPs)
  • AND/OR compute costs exceeding $100 million

This threshold targets only the most advanced, resource‑intensive AI systems—roughly the scale of cutting‑edge large language models and multimodal models.

🔁 2. Knowledge‑Distilled Models Also Count

Even if a developer trains a smaller or cheaper model, it is still considered a frontier model if:

  • It was produced through knowledge distillation
  • And the teacher model meets the frontier compute thresholds

This prevents companies from bypassing regulation by training a massive model once and then distributing lighter versions.

🏢 3. Who Is Covered?

The Act applies to “large developers,” defined as entities that:

  • Have trained at least one frontier model
  • Have spent over $100 million in aggregate compute costs on frontier model training

(Planned 2026 amendments will shift this to a $500M annual revenue threshold, aligning with California’s law.)

🎓 4. Academic Exemption

Accredited universities are exempt as long as they do not transfer IP to commercial entities.

 

🔐 Key Requirements

Developers covered by the RAISE Act must:

  • Publish a written safety and security protocol.
  • Retain unredacted testing records for the model’s lifetime plus five years.
  • Prevent deployment if it poses an “unreasonable risk of critical harm” (e.g., mass casualty, billion-dollar losses).
  • Report safety incidents within 72 hours of discovery or reasonable suspicion.
  • Protect whistleblowers who raise AI safety concerns in good faith.

🛡️ Required Elements of the Written Safety & Security Protocol

The RAISE Act requires every large developer of a frontier model to prepare, maintain, and publish a written protocol before deployment. These requirements are drawn from the statutory text and legal analyses.

  1. Protections Against “Critical Harm”

The protocol must:

  • Specify reasonable protections and procedures designed to reduce the risk of “critical harm.”
  • “Critical harm” includes events such as mass casualties, catastrophic infrastructure failures, or major financial losses.
  1. Cybersecurity Safeguards

The protocol must describe:

  • Administrative, technical, and physical cybersecurity measures
  • Controls to prevent unauthorized access, misuse, or model exfiltration
  • Measures specifically aimed at preventing misuse that could lead to critical harm
  1. Testing & Evaluation Documentation

Developers must:

  • Maintain unredacted copies of all testing records
  • Keep these records for the life of the model + 5 years
  • Ensure testing covers safety, misuse risks, and model capability evaluations
  1. Publication & Reporting Requirements

The Act requires developers to:

  • Publish a redacted version of the safety and security protocol
  • Transmit the redacted version to:
    • The New York Attorney General
    • The New York Division of Homeland Security and Emergency Services
  • Provide full access to the unredacted protocol upon request
  1. Deployment Restrictions

A frontier model cannot be deployed unless the written protocol is complete and the developer determines that deployment does not pose an unreasonable risk of critical harm.

 

🛡️ What Counts as a Safety Incident Under the RAISE Act?

A “safety incident” under the New York RAISE Act is any event where a frontier AI model causes or is reasonably believed to have caused a risk of “critical harm,” and it must be reported to the state within 72 hours. This includes both confirmed incidents and situations where a developer has enough evidence to suspect one occurred.

 

A safety incident is defined as:

  1. Any event where a frontier AI model causes or materially enables a risk of “critical harm.”

Critical harm includes catastrophic outcomes such as:

  • Death or serious injury of 100+ people
  • At least $1 billion in property or economic damage
  • Harm caused through creation or use of chemical, biological, radiological, or nuclear weapons
  • AI systems taking actions with no meaningful human intervention that would constitute a crime under NY Penal Law (intent, recklessness, or gross negligence)
  1. Events where the developer has a reasonable belief that such harm may have occurred.

The law does not require certainty.
If facts suggest an incident might have happened, it must be reported.

  1. Misuse, malfunction, or security breaches that could lead to critical harm.

Examples include:

  • Unauthorized access or model exfiltration
  • Model outputs that materially assist in catastrophic wrongdoing
  • Failures in safety guardrails that expose high‑risk capabilities

⏱️ Reporting Requirement

Developers must report a safety incident within 72 hours of:

  • Learning of the incident, or
  • Having facts that establish a reasonable belief that an incident occurred

This is stricter than California’s SB 53, which allows 15 days.

 

 

⚠️ Implications for Businesses

  • Most New York companies are not directly regulated, but may face indirect compliance pressure through vendor risk management.
  • The law may affect smaller developers using distilled models from frontier systems

Other Similar Laws in the United States

California’s SB 53 (TFAIA) is the most similar law to New York’s RAISE Act, both targeting frontier AI models with strict safety and transparency rules. Other states like Colorado and Utah have passed narrower AI laws, while federal proposals aim to override state-level efforts.

🏛️ Closest Match: California SB 53 (TFAIA)

Transparency in Frontier Artificial Intelligence Act (SB 53), signed in September 2025, shares many features with New York’s RAISE Act: