5 Things To Know
- Bipartisan House bill directing the FTC to set AI model disclosure rules
- Applies to large foundation models, not to most businesses using AI
- Names system cards and model cards as a way to satisfy the requirements
- Fully open-source models are exempt
- Creates no new penalties; violations are enforced under the existing FTC Act
| Quick Facts | |
|---|---|
| Full title | AI Foundation Model Transparency Act of 2026 |
| Bill number | H.R. 8094, 119th Congress |
| Status | Referred to House Energy and Commerce, March 26, 2026 |
| Sponsor | Rep. Don Beyer (D-VA) |
| Applies to | Large foundation model developers meeting one of three thresholds |
| Primary focus | Training data, documentation, testing, and model operations disclosure |
| Enforcing agency | Federal Trade Commission |
| Open-source models | Fully exempt |
| ConductAtlas status | Monitoring affected platforms |
Related legislation in this series
H.R. 8094 is one of several federal AI proposals moving through Congress in 2026. For the broader framework covering frontier developer obligations, independent audits, and state preemption, see The Great American AI Act, Explained.
What the Bill Is
On March 26, 2026, Representative Don Beyer of Virginia introduced the AI Foundation Model Transparency Act, a sixteen page bill numbered H.R. 8094. It was referred to the House Committee on Energy and Commerce the same day. Cosponsors include Mike Lawler of New York, Sara Jacobs of California, and Brian Fitzpatrick of Pennsylvania, giving the bill support from both parties.
The bill takes a narrow approach compared to broader AI legislation. It does not regulate what AI systems may do. It regulates what their developers must say about them. The mechanism is disclosure, and the referee is the Federal Trade Commission.
Within one year of enactment, the FTC would be required to write regulations, consulting the Director of the National Institute of Standards and Technology, the Secretary of Commerce, the Director of the Office of Science and Technology Policy, and outside stakeholders including standards bodies, academia, technology experts, and advocates for civil rights and consumers.
Who It Applies To
The bill uses the term covered entity. A covered entity is any person, partnership, or corporation subject to FTC regulation, including common carriers and non-profits, that offers a foundation model meeting at least one of three thresholds.
The first threshold is risk based. A model qualifies if it poses significant risks to security, civil rights, or public health. The second is scale based. A model qualifies if it has more than ten million monthly users or downloads. The third is compute based. A model qualifies if it was trained using more than ten to the twenty sixth computational operations.
Meeting any one threshold is enough. In practice this captures the large foundation models most people have heard of, and leaves out most of the models that businesses build internally or license at smaller scale.
Fully open-source models are exempt from the regulations entirely.
Why Businesses Should Care
Most companies using AI would not be covered entities. If you build a product on a foundation model API, the bill regulates the model provider, not you.
The bill does reach downstream in one specific way. Models built on top of covered foundation models would be required to link to the base model's transparency disclosures, and to comply with FTC regulations for any significant changes or retraining they introduce. If you fine tune a covered model and ship it, some obligations follow the model.
Beyond that direct reach, the bill would change the information environment. Foundation model providers would publish structured disclosures about training data, limitations, and benchmark performance in high risk areas. Those disclosures become inputs to procurement decisions, vendor risk assessments, and compliance reviews. Companies that already ask their AI vendors these questions would get standardized answers. Companies that do not ask would find the answers published anyway.
What It Requires
The FTC would define the specifics through rulemaking. The bill supplies the list the regulations must cover.
| Disclosure category | What must be described |
|---|---|
| Training data sources | Where data came from, how it was collected, and whether data is collected and retained during inference |
| Training data composition | Size and composition, including demographic, language, and other attribute information, accounting for privacy |
| Purpose and risk | Intended purposes, foreseen limitations and risks, past model edits, version and release date |
| Knowledge cutoff | The cutoff date of the model's training data |
| Incident handling | Adverse incident monitoring and response procedures |
| Languages | Languages the model supports |
| Standards alignment | Efforts to align with the NIST AI Risk Management Framework, a comparable federally approved standard, or the developer's own model specification |
| Benchmark performance | Evaluation results, self-driven or through audit, on public or industry standard benchmarks, including precautions in high risk areas: medical and health questions, biological, chemical, radiological and nuclear weapons, national security, and cybersecurity |
Two structural requirements sit alongside the list. The information must be published in a human-readable and consumer-friendly format, and it must also be available in a machine-readable format. Some information goes on the company's own website. Substantially similar information goes into a central location on a website hosted by the FTC. Sensitive material, including personally identifiable data and anything that would compromise model cybersecurity, is submitted to the Commission without public display.
Covered entities may redact information to protect cybersecurity, model security, public safety, or national security. Any redaction must be briefly identified and justified.
System Cards
H.R. 8094 identifies system cards as one method organizations may use to satisfy certain transparency and documentation requirements. The bill directs the FTC to provide an option for a covered entity to be deemed in compliance with some or all of the Act if it publishes the necessary information as part of a larger document, including a system card or model card.
These documents describe a model's capabilities, limitations, intended uses, testing methodology, and known risks. Frontier AI developers publish them alongside major model releases.
Why it matters. System cards have largely been voluntary documents published by frontier AI companies on their own terms and on their own schedule. Their appearance in proposed federal legislation signals growing recognition of standardized model documentation as a governance tool. A document format that emerged from research practice would become, if the bill passes, a compliance instrument with an agency behind it.
Key Definitions
Foundation model: A large AI model trained on broad data and adaptable to many downstream tasks. The bill defines the term precisely for enforcement purposes.
Covered entity: An organization subject to FTC regulation that offers a foundation model meeting at least one of the bill's three thresholds. Includes common carriers and non-profits.
System card / model card: A published document describing a model's capabilities, limitations, intended uses, testing methodology, and known risks. Named in the bill as a possible compliance vehicle.
NIST AI Risk Management Framework: A voluntary framework published by the National Institute of Standards and Technology for identifying and managing AI risk. The bill asks covered entities to describe their alignment with it.
Inference: The stage at which a trained model produces output in response to a user. The bill asks whether data is collected and retained at this stage, not only during training.
Enforcement
The bill creates no new penalty regime. A violation of the FTC's regulations would be treated as a violation of the Federal Trade Commission Act, enforced through the Commission's existing authority over unfair or deceptive practices.
The regulations would take effect ninety days after promulgation, and the FTC would review and update them at least annually. New entities receive a three month grace period before penalties apply, with technical assistance available during that period. Entities would receive at least fourteen days notice before an enforcement action.
The FTC would also publish a resources page recommending transparency practices for developers and downstream deployers who fall outside the definition of covered entity.
Criticism and Open Questions
Supporters argue
- Users cannot evaluate whether to trust a model without knowing its limitations, training data, and failure modes. Rep. Beyer has framed the bill as helping users identify limitations on data, potential biases, or misleading results that could contribute to harmful outcomes such as rejections for housing or loan applications.
- Industry has asked the federal government to lead on transparency requirements so developers have one standard to comply with rather than separate rules in California, New York, and Colorado.
- Disclosure is a lighter regulatory tool than restriction. The bill does not tell developers what to build. It requires them to describe what they have built.
- Machine-readable disclosure creates a public record that researchers, journalists, and procurement teams can query.
Critics argue
- The FTC's rulemaking approach draws skepticism. Neil Chilson, a former chief technologist at the agency who now leads AI policy at the Abundance Institute, has noted that companies may welcome a federal standard while remaining wary of the Commission's process, particularly given criticisms of agency politicization.
- Mandatory disclosure may expand litigation exposure. Joshua Levine of the Foundation for American Innovation has argued the measure creates further avenues for litigation against the technology rather than advancing transparency, and that it runs counter to the current administration's stated goals.
- OpenAI, Anthropic, and Meta already face legal challenges alleging unauthorized use of copyrighted works in training. Compelled disclosure of training data sources intersects directly with that litigation.
- The open-source exemption creates a boundary question. A model released with open weights under a restrictive license may not qualify as fully open-source, and the line will be drawn by regulation rather than statute.
Many of these questions would ultimately depend on agency rulemaking, judicial interpretation, and any amendments before final passage.
What Happens Next
The bill sits with the House Committee on Energy and Commerce, where it was referred on the day of introduction. It has not received a committee vote. Bills referred to committee frequently stop there.
The wider context matters more than the individual bill. H.R. 8094 echoes themes in California's Transparency in Frontier Artificial Intelligence Act, signed in September 2025, which also requires large AI developers to publish information about model risk and evaluation. Congress is simultaneously considering the Great American AI Act, a broader framework covering frontier developer obligations, independent audits, and preemption of state AI development law.
Whether H.R. 8094 passes in its current form, is folded into a larger package, or informs future rulemaking, the direction it describes is consistent across federal and state proposals. Disclosure requirements for large models are arriving. The open questions are which agency writes them, what they cover, and whether existing voluntary documentation will be deemed sufficient.
ConductAtlas Monitoring
If enacted, ConductAtlas will monitor:
- Changes to AI governance policies and usage terms
- New transparency reports and their revisions
- System card and model card publications
- Responsible AI documentation and safety frameworks
- Audit and evaluation disclosures
- Terms of Service updates across AI platforms
- Government procurement requirements for AI vendors
Primary Sources
OpenAI governance documents (ConductAtlas)
Anthropic governance documents (ConductAtlas)
Meta governance documents (ConductAtlas)
Google Gemini governance documents (ConductAtlas)
The Great American AI Act, Explained (ConductAtlas)