Logo
New York’s RAISE Act Turns Frontier AI Safety Into a 72-Hour Countdown

New York’s RAISE Act Turns Frontier AI Safety Into a 72-Hour Countdown

Hochul signs a “frontier model” transparency regime—while Washington tries to shut states down

Today: Wall Street Journal frames it as defiance

Overview

New York just told the biggest AI labs: if something goes seriously wrong, you don’t get to bury it. Under the RAISE Act, large “frontier AI” developers must publish a safety approach and report “critical harm” incidents to the state within 72 hours after determining one occurred.

This isn’t just a New York story. It’s the next escalation in a state-led push to set de facto national AI rules—colliding head-on with a White House campaign to preempt state AI laws before Congress passes anything meaningful.

11 Sources:
+5
Office of Governor Kathy Hochul The Wall Street Journal Axios LegiScan The Washington Post The Verge Office of Governor Gavin Newsom Reuters The Associated Press The American Prospect LegiScan

Key Indicators

72 hours
Incident reporting window
Companies must notify the state quickly once they determine a qualifying incident occurred.
$1M / $3M
Civil penalty caps (first vs. subsequent violations)
Attorney General enforcement includes penalties for failing to report or making false statements.
1 new office
New DFS oversight unit
A new office inside New York’s financial regulator becomes the AI transparency referee.
2027-01-01
Reported compliance start date
Coverage indicates key obligations phase in starting January 1, 2027.
$500M+
Reported “largest company” threshold
Major coverage describes applicability tied to very large-company scale.

People Involved

Kathy Hochul
Kathy Hochul
Governor of New York (Signed the RAISE Act; implementation now shifts to state agencies)
Alex Bores
Alex Bores
New York State Assemblymember; RAISE Act sponsor (Leading voice for a state-driven frontier-AI safety template)
Andrew Gounardes
Andrew Gounardes
New York State Senator; RAISE Act sponsor (Architect of the Senate push to force frontier-lab transparency)
Letitia James
Letitia James
New York Attorney General (Empowered to enforce RAISE Act through civil actions and penalties)
Kaitlin Asrow
Kaitlin Asrow
Acting Superintendent, New York Department of Financial Services (Publicly supportive of DFS role in responsible AI standards)
Donald Trump
Donald Trump
President of the United States (Signed an executive order pressuring states to halt AI regulation)
Gavin Newsom
Gavin Newsom
Governor of California (Signed California’s SB 53; effectively created the template New York builds on)

Organizations Involved

New York State Department of Financial Services (DFS)
New York State Department of Financial Services (DFS)
State financial regulator
Status: Home of the new frontier-AI oversight office created by the RAISE Act

DFS is New York’s hard-nosed regulator, now drafted to supervise frontier-AI transparency.

New York State Office of the Attorney General (OAG)
New York State Office of the Attorney General (OAG)
State law enforcement agency
Status: Primary enforcement authority for civil actions under the RAISE Act

OAG is the enforcement backstop that can turn AI transparency failures into penalties.

White House
White House
Federal executive branch
Status: Pushing for federal preemption; pressuring states to stop AI regulation

Washington is trying to prevent a patchwork of state AI laws—by force if needed.

California Office of Emergency Services (Cal OES)
California Office of Emergency Services (Cal OES)
State emergency management agency
Status: Receives frontier-AI critical safety incident reports under California SB 53

Cal OES became an unusual hub for AI safety reporting after California’s SB 53.

Timeline

  1. Wall Street Journal frames it as defiance

    Media

    WSJ spotlights New York’s move despite the federal push for preemption.

  2. Hochul signs the RAISE Act

    Legal

    New York enacts frontier-AI safety frameworks and 72-hour incident reporting.

  3. Parents push Hochul to sign

    Public Pressure

    A parent-led coalition urges Hochul to enact RAISE without weakening edits.

  4. White House tries to freeze the states

    Rule Changes

    Trump signs an order aimed at blocking restrictive state AI laws.

  5. RAISE reaches Hochul’s desk

    Legal

    Legislature delivers the enrolled bill to the governor.

  6. California sets the template

    Legal

    Newsom signs SB 53, a frontier-AI transparency and incident-reporting law.

  7. Albany passes RAISE

    Legal

    New York Senate and Assembly pass RAISE after amendments.

  8. RAISE lands in the Senate

    Legal

    Senator Andrew Gounardes introduces the Senate companion bill.

  9. RAISE lands in the Assembly

    Legal

    Assemblymember Alex Bores introduces the RAISE Act’s Assembly bill.

  10. California veto sparks the “what’s feasible” debate

    Legal

    Newsom vetoes SB 1047, rejecting the toughest frontier-AI safety plan.

Scenarios

1

“The New Standard”: Big AI labs quietly comply nationwide

Discussed by: The Wall Street Journal; Axios; California and New York officials citing “unified benchmarks”

DFS stands up the new oversight office, companies publish frameworks, and incident reporting becomes routine—because the biggest developers decide it’s cheaper to standardize than to fight. Other tech-heavy states copy the model, and “frontier-AI transparency” becomes the default expectation for top-tier labs even where it’s not legally required.

2

“Preemption Showdown”: DOJ sues, states counter-sue, courts decide who’s boss

Discussed by: The Washington Post; The Wall Street Journal; state-level officials openly challenging the executive order

The federal government escalates from threats to litigation, arguing state AI laws obstruct national policy. New York and allies respond with federalism arguments and injunction requests. The practical result is limbo: companies prepare compliance plans while waiting to see whether courts uphold state authority or bless federal preemption via executive power.

3

“RAISE, But Softer”: Reporting happens, but the law becomes mostly a transparency paperwork regime

Discussed by: The American Prospect; industry arguments about feasibility and trade secret exposure

Industry pressure shifts from “kill the bill” to “minimize the impact.” Regulators interpret obligations narrowly, redactions expand, and incident reporting becomes highly standardized and low-detail. New York still gets a reporting pipeline and leverage, but the public learns less than advocates hoped—and the biggest wins move to quieter enforcement settlements.

4

“Congress Finally Moves”: A federal framework overrides the state patchwork

Discussed by: Major tech-industry lobbying coalitions; national political coverage framing patchwork risk

After enough states adopt divergent AI rules—and enough companies complain—Congress passes a federal framework that partially preempts states while borrowing the core idea: mandatory safety frameworks and incident reporting for frontier developers. New York’s law becomes the prototype that helped write the national statute, even if parts are superseded.

Historical Context

NYDFS Cybersecurity Regulation (23 NYCRR 500)

2017–present

What Happened

New York’s financial regulator imposed detailed cybersecurity obligations and incident reporting requirements on covered entities. Even outside New York, many firms treated it as a de facto baseline because compliance programs don’t scale well state-by-state.

Outcome

Short term: Companies built formal reporting and governance processes to avoid NYDFS penalties.

Long term: New York proved a state regulator can set national compliance norms in practice.

Why It's Relevant

RAISE repeats the same playbook: make reporting mandatory, then make it enforceable.

GDPR and the “Brussels effect” in privacy

2016–2018 (adoption to enforcement)

What Happened

Europe passed a privacy regime with strong disclosure and breach notification rules. Global companies often chose worldwide compliance rather than running separate systems by geography.

Outcome

Short term: Companies rewired privacy operations, contracts, and incident response for GDPR timelines.

Long term: Privacy expectations shifted globally, even in places without identical laws.

Why It's Relevant

New York and California are trying to create an American version of that compliance gravity.

California Consumer Privacy Act (CCPA)

2018–2020 (passage to early enforcement)

What Happened

California passed a sweeping consumer privacy law that forced national brands to update disclosures and data practices. Many firms rolled out CCPA-style controls nationally to simplify operations.

Outcome

Short term: National compliance teams treated California as the design constraint.

Long term: State policy became the launchpad for broader U.S. privacy regulation.

Why It's Relevant

RAISE aims for the same dynamic—one big state sets the rulebook everyone else follows.