A Federal AI Authority

Artificial intelligence already drives consequential decisions in employment, housing, health, and credit. Oversight rests on voluntary corporate commitments and a thin patchwork of state law. That is not enough. I will work to charter a single federal Artificial Intelligence Authority with the power to write rules, investigate, subpoena, audit, impose civil penalties, and block or withdraw any deployment.

The Authority would adopt an improved version of the European Union’s tiered approach: a set of prohibited uses, a defined class of high-risk uses bound by mandatory obligations, and transparency requirements for everything else.1 The National Institute of Standards and Technology’s AI risk framework, now offered only as voluntary guidance, would become a binding minimum standard.2

How It Would Work

A commission would govern the Authority. Members would serve fixed, staggered terms and be removable only for inefficiency, neglect of duty, or malfeasance. Its rules and enforcement decisions would not pass through White House or budget office review, and it would hold independent litigating authority. That insulation would be calibrated to the removal doctrine in force when the Authority is chartered. Where the doctrine bars shielding, the Authority’s independence would rest instead on dedicated funding, staggered terms, binding decisional standards, and a parallel tier of state regulators.

Frontier models above a set threshold of computing power or capability, and high-risk systems in regulated domains, would require approval before release. Developers would carry the burden of proof through safety cases. The Authority could approve a model, attach conditions, require a staged rollout, or deny approval outright. Approvals would remain revocable, so a system already in use could be suspended, restricted, or recalled. Large developers would publish binding safety and security protocols, then abide by them, and report critical incidents within a fixed window, as New York and California already require.34 A mandatory reporting system would log failures across every deployed system. Public enforcement would be matched by an express private right of action, under which platforms answer for the AI output they generate themselves.

Who Pays, and What It Covers

A dedicated, ring-fenced tax on developers, on frontier computing power, and on the energy and water consumed by data centers would fund the Authority outside annual appropriations, with registration fees added. Any surplus would flow to a public return fund, such as for Universal Basic Income.

The Authority’s reach would extend across civil rights, consumer protection, election integrity, the environment, health, labor, and market concentration. Worker-management systems, for example, would fall within the high-risk class and pass through pre-deployment approval, the same standard I propose for algorithmic management. Where the Authority overlaps existing regulators, it would set cross-cutting standards and coordinate through binding, non-displacing interagency agreements rather than seizing their jobs. Federal rules would set a floor, leaving states free to go further.

References

  1. EU Artificial Intelligence Act. “Implementation Timeline” (risk tiers and obligations). artificialintelligenceact.eu 

  2. National Institute of Standards and Technology. “AI Risk Management Framework.” nist.gov 

  3. New York State Senate. “RAISE Act, S6953B / A6453B” (signed December 19, 2025). nysenate.gov 

  4. California Legislature. “SB 53, Transparency in Frontier Artificial Intelligence Act” (signed September 29, 2025). leginfo.legislature.ca.gov 

Poulos for Massachusetts
jason@poulos.house

Paid for by Poulos for Massachusetts

Typography by Matthew Hinders-Anderson