|
HOUSE OF REPRESENTATIVES |
H.B. NO. |
2152 |
|
THIRTY-SECOND LEGISLATURE, 2024 |
|
|
|
STATE OF HAWAII |
|
|
|
|
|
|
|
|
||
|
|
||
A BILL FOR AN ACT
relating to artificial intelligence.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. The legislature finds that artificial intelligence has the potential to improve the quality, efficiency, and accessibility of government services. However, the legislature also recognizes that the use of artificial intelligence poses certain concerns. Any state uses of artificial intelligence must carefully guard against bioterrorism, cyberattacks, deception, disinformation, discrimination or biases, violations of privacy, and other risks. If the State adopts artificial intelligence technology for government purposes, an initial risk assessment and ongoing monitoring are needed to ensure the technology's efficient and ethical use.
Accordingly, the purpose of this Act is to establish a plan for the use of generative artificial intelligence in state agencies, departments, and government branches.
SECTION 2. The Hawaii Revised Statutes is amended by adding a new chapter to be appropriately designated and to read as follows:
"Chapter
ARTIFICIAL INTELLIGENCE
§ -1 Definitions. As used in this chapter, unless the context otherwise requires:
"Automated decision system" means a computational process derived from machine learning, statistical modeling, data analytics, or artificial intelligence that issues simplified output, including a score, classification, or recommendation, that is used to assist or replace human discretionary decision making and materially impacts natural persons. "Automated decision system" does not include spam email filters, firewalls, antivirus software, identity and access management tools, calculators, databases, datasets, or other compilations of data.
"Electronic communication" has the same meaning as defined in section 378-71.
"Generative artificial intelligence" means the class of artificial intelligence models that emulate the structure and characteristics of input data to generate derived synthetic content, including images, videos, audio, text, and other digital content.
"High-risk automated decision system" or "high-risk use" means an automated decision system that is used to assist or replace human discretionary decisions that have a legal or similarly significant effect, including decisions that materially impact access to, or approval for, housing or accommodations, education, employment, credit, health care, and criminal justice.
"Person" means a natural person.
§ -2 General risk and use assessment. No later than twenty days prior to the regular session of 2025, and as often thereafter as is necessary to address new technology, risks, or benefits, the office of enterprise technology services shall submit to the legislature a report on the potential risks and benefits of using generative artificial intelligence for state purposes, including:
(1) An examination of the most significant, and potentially beneficial, uses for the deployment of generative artificial intelligence tools by the State;
(2) An explanation of the potential risks to individuals, communities, and government workers, of the uses described in paragraph (1), with a focus on high-risk uses, including the use of artificial intelligence to make consequential decisions affecting access to goods and services;
(3) An explanation of the specific risks posed by bad actors if a governmental system is breached, including the potential impacts on democratic processes, legal proceedings, public health, public safety, and the state economy; and
(4) Any updates or changes in the risks, benefits, or potential uses of generative artificial intelligence for the State, based on emerging technology;
provided that the office of enterprise technology services may consult with academic and industry experts and other state departments or agencies for the purposes of preparing the report.
§ -3 Risk assessment for critical infrastructure. (a) No later than twenty days prior to the regular session of 2025, and as often thereafter as is necessary to address new technology, risks, or vulnerabilities, the chief information officer; chief data officer; and cybersecurity, economic, education, and infrastructure security coordinator shall perform a joint risk analysis and submit to the legislature a report on the risks that the State's uses, or potential uses, of generative artificial intelligence pose to critical infrastructure in the State, including risks that could lead to mass casualty events or environmental emergencies.
(b) The office of enterprise technology services may consult with academic and industry experts and other state departments or agencies for the purposes of preparing the report.
§ -4 Procurement guidelines. (a) The office of enterprise technology services, in coordination with the state procurement office, shall develop, maintain, and periodically update guidelines for the public sector procurement of artificial intelligence technology, including allowable uses of the technology and required trainings for the use of generative artificial intelligence.
(b) The guidelines required by this section shall build on guidance from the White House publication entitled "Blueprint for an Al Bill of Rights," and the National Institute of Standards and Technology's Al Risk Management Framework, and shall address topics including safety, algorithmic discrimination, data privacy, high-risk uses, and the provision of notice when materials are generated by generative artificial intelligence.
(c) In developing the guidelines required by this section, the office of enterprise technology services shall consult with organizations that represent state government employees and with industry experts, including trust and safety experts, academic researchers, and research institutions.
§ -5 Guidelines for assessing impacts on vulnerable communities. (a) The office of enterprise technology services, in coordination with the department of human services, shall develop, maintain, and periodically update guidelines for state agencies, departments, and branches of the government to use in assessing the impact that adopting a generative artificial intelligence tool may have on vulnerable communities, including criteria to evaluate equitable outcomes when considering a high‑risk use.
(b) The guidelines required by this section shall inform whether and how a state agency, department, or branch of the government deploys a particular generative artificial intelligence tool.
(c) In developing the guidelines required by this section, the office of enterprise technology services shall consult with organizations that represent state government employees and industry experts, including trust and safety experts, academic researchers, and research institutions.
§ -6 Inventory of high-risk uses. (a) To assist the office of enterprise technology services in preparing and periodically updating the guidelines, risk assessments, and reports required by this chapter, each state agency, department, and branch of the government shall prepare, maintain, and make accessible to the office of enterprise technology services an inventory of all current high-risk uses of generative artificial intelligence within the agency, department, or branch.
(b) Each state agency, department, and branch of the government shall appoint senior-level personnel to maintain and update the inventory required by subsection (a).
§
-7 Pilot projects. (a) Any state agency,
department, or branch of the government may propose to the legislature pilot
projects to test new uses of generative artificial intelligence, including uses
to:
(1) Improve access to government services; and
(2) Support state employees in performing the employees' job duties.
(b)
Risk and impact assessments shall be carried out pursuant to
sections -2, -3, and
-5 prior to the establishment of any generative artificial intelligence
pilot project.
§
-8 Training; ethical and effective
use. (a) The office of
enterprise technology services, in coordination with the department of human
resources development, shall
consult with each state agency, department, and branch of the government, and
with organizations that represent state employees, to establish criteria for
evaluating the impact of generative artificial intelligence on the state
workforce.
(b) Based
on the consultations, the office of enterprise technology services shall create guidelines to help
each agency, department, and branch best support its employees in using
generative artificial intelligence effectively and adapting to ongoing technological
advancements.
(c) The
office of enterprise technology services
shall make available training courses for state government workers on the
ethical and effective use of generative artificial intelligence, including
training on:
(1) Using artificial intelligence tools to achieve equitable outcomes;
(2) Identifying and mitigating potential output inaccuracies from generative artificial intelligence, including fabricated texts and inaccuracies based on biases;
(3) Protecting public privacy; and
(4) Complying with all laws, administrative rules, and guidelines applicable to the use of artificial intelligence.
§
-9 Communication
requirements. Any state agency, department, or
branch of the government that uses generative artificial intelligence to communicate
with a person via a form of electronic communication shall:
(1) Clearly identify to the person that the
person's interaction with the agency, department, or branch is being
communicated through artificial intelligence; and
(2) Provide
on the agency, department, or branch's official webpage clear instructions
informing the public how to bypass artificial intelligence to communicate
directly with a person from the agency, department, or branch.
§ -10 Automated decision systems. (a) Any automated decision system used by a state agency, department, or branch, prior to its adoption, shall:
(1) Receive appropriate consultation, testing, risk identification, and risk mitigation consistent with this chapter; and
(2) Be approved by the chief information officer.
(b) Any high-risk automated decision system used by a state agency, department, or branch of the government shall receive ongoing monitoring and oversight by the office of enterprise technology services.
§ -11 Administrative rules. The department of accounting and general services may adopt rules pursuant to chapter 91 to carry out the purposes of this chapter.
SECTION 3. Section 27-43, Hawaii Revised Statutes, is amended by amending subsection (a) to read as follows:
"(a) There is
established within the department of accounting and general services the office
of enterprise technology services, which shall be headed by a full-time chief
information officer to organize, manage, and oversee statewide information
technology governance. The chief
information officer shall be appointed by the governor as provided in section
26-34. The chief information officer
shall report directly to the governor and shall:
(1) Develop, implement, and manage statewide information
technology governance;
(2) Develop, implement, and manage the state information
technology strategic plans;
(3) Develop and implement statewide technology standards[;],
including standards and guidelines for the State's use of generative artificial
technology pursuant to chapter ;
(4) Work with each executive branch department and agency to
develop and maintain its respective multi-year information technology strategic
and tactical plans and road maps that are part of the State's overall
information technology strategic plans, road maps, and directions;
(5) Coordinate each executive branch department and agency's
information technology budget request, forecast, and procurement purchase to
ensure compliance with the department or agency's strategic plan and road map
and with the office of enterprise technology services' information technology
governance processes and enterprise architecture policies and standards,
including policies and standards for systems, services, hardware, software, and
security management;
(6) Report annually to the governor and the legislature on the
status and implementation of the state information technology strategic plan;
(7) Update the state information technology strategic plan every
four years;
(8) Perform other necessary or desirable functions to facilitate
the intent of this section;
(9) Employ persons exempt from chapters 76 and 89;
(10) Provide centralized computer information management and
processing services, coordination in the use of all information processing
equipment, software, facilities, and services in the executive branch of the
State, and consultation and support services in the use of information
processing and management technologies to improve the efficiency,
effectiveness, and productivity of state government programs;
(11) Establish, coordinate, and manage a program to provide a means for public access to public information and develop and operate an information network in conjunction with overall plans for establishing a communication backbone for state government; and
(12) Adopt rules, pursuant to chapter 91, necessary for the purposes of this part."
SECTION 4. Section 128B-1, Hawaii Revised Statutes, is amended by amending subsection (d) to read as follows:
"(d) Notwithstanding any law to the contrary, the coordinator, through its various partnerships, shall develop the requirements and methods for:
(1) Improving cyber resiliency within the State through the development of a structure that shall include education, cybersecurity, and critical infrastructure protection;
(2) Improving the State's critical infrastructure network and resiliency, including identifying interdependencies of critical infrastructures, points of connection between critical infrastructures, the most critical nodes, and the cascading effects of a cyber-attack on these points of connection between critical infrastructure;
(3) Improving the State's cybersecurity by using existing resources within the State;
(4) Examining specific requirements and actions to accelerate the growth of the cybersecurity industry in the State;
(5) Defining the requirements and opportunities to secure state, federal, and private moneys for cybersecurity activities and related educational programs;
(6) Forming
partnerships to implement cyber resiliency structures and protocol to identify
and share information about possible cyber-attacks and mitigate damage and
recover quickly and efficiently from cyber‑attacks; [and]
(7) Carrying out
joint risk assessments of the State's uses of generative artificial
intelligence that potentially affect critical infrastructure, pursuant to
section -3; and
[(7)] (8) Expanding
the State's cybersecurity and cyber resiliency understanding and workforce
through education."
SECTION 5. Statutory material to be repealed is bracketed and stricken. New statutory material is underscored.
SECTION 6. This Act shall take effect upon its approval.
|
INTRODUCED BY: |
_____________________________ |
|
|
|
Report Title:
ETS; AI;
Guidelines; Risk Assessments; Reports
Description:
Establishes a plan for the use of generative artificial intelligence in state agencies, departments, and government branches. Requires the Office of Enterprise Technology Services to carry out risk assessments and to prepare guidelines for state uses. Requires reports to the Legislature.
The summary description
of legislation appearing on this page is for informational purposes only and is
not legislation or evidence of legislative intent.