Key points:
- New York’s RAISE Act makes the state the second to enact comprehensive AI safety legislation.
- The law borrows heavily from California’s frontier AI framework but tightens reporting timelines.
- Legal experts say states appear intent on avoiding a fragmented AI compliance landscape.
New York has taken another step into artificial intelligence regulation, becoming the second U.S. state to adopt a consumer-focused AI safety law. Gov. Kathy Hochul signed the Responsible AI Safety & Education Act in December, positioning the state alongside California as lawmakers attempt to fill the regulatory vacuum left by Congress. Details of the legislation were first reported by Legaltech News.
The RAISE Act, which takes effect on Jan. 1, 2027, targets developers of so-called frontier AI models—systems trained with exceptionally high levels of computing power. Covered developers must document safety protocols, assess how their systems could cause “critical harm” to people or property, implement mitigation safeguards, and publish disclosures describing those efforts.
A key compliance obligation is rapid incident reporting. Developers must notify New York regulators within 72 hours of determining that a critical safety incident has occurred. That timeline is significantly shorter than the 15-day window allowed under California’s Transparency in Frontier AI Act, the statute that served as a template for New York’s approach.
Melissa Faragasso, an associate at Cleary Gottlieb Steen & Hamilton, said the law reflects an effort by states to avoid repeating the fragmented rollout seen in consumer privacy regulation. With roughly 20 states now enforcing their own privacy statutes, compliance has become increasingly complex for large enterprises operating nationwide.
State-level AI safety legislation is unlikely to stop with New York. Adam Aft, a partner at Baker McKenzie, told Legaltech News that policymakers remain focused on public safety risks tied to advanced AI development and the scale of investment flowing into the technology.
While aligned in concept, the New York and California regimes diverge in scope and penalties. New York’s law defines large developers partly by compute spending—$100 million or more—while California relies on an annual revenue threshold of $500 million. Penalties also differ. New York authorizes fines of up to $1 million for a first violation and $3 million for subsequent violations, whereas California caps penalties at $1 million per violation.
Aft said those differences are unlikely to derail compliance planning, noting that both laws were drafted with scalability in mind. He added that many developers are already motivated to meet emerging standards, regardless of enforcement uncertainty, to preserve trust with users, investors, and business partners.
Enforcement, however, may hinge on high-profile failures. Marcela Robledo, a partner at Cleary Gottlieb, told Legaltech News that several companies already publish safety disclosures voluntarily, suggesting regulators may intervene primarily after significant harm becomes public.
