HomeBrowse Bills

Industries

HealthcareHR & HiringFinancial ServicesEducationGovernmentAgribusiness

Guides

Indiana AI LawsAI Hiring LawsCompliance ChecklistIllinois AI Act

Compliance

Framework GuideSOC 2ISO 27001ISO 42001NIST AI RMFCompare FrameworksCost ComparisonVendor VettingLawmakersData CentersGovernanceAbout
Risk Check
FederalIn Committee

HR 8819

To require Federal agencies to use the Artificial Intelligence Risk Management Framework developed by the National Institute of Standards and Technology with respect to the use of artificial intelligence.

Low Risk

Informational. No immediate compliance impact.

TL;DR

Rep. Ted Lieu's bill would force every federal agency to adopt NIST's AI Risk Management Framework when they build, buy, or use AI systems. It's an internal government mandate, not a rule for private companies, but it would push the NIST framework toward becoming the de facto national standard for AI risk management.

Read the Full Bill Text

How This Might Impact Your Business

Federal contractors selling AI tools to agencies (think Palantir, Microsoft, AWS, Google Cloud, smaller AI vendors) would need to align their products and documentation with the NIST AI Risk Management Framework to stay competitive in government bids.

Government procurement language would likely incorporate NIST AI RMF compliance as a baseline requirement, similar to how FedRAMP became standard for cloud services.

AI vendors in regulated sectors (defense, healthcare, financial regulators, IRS, SSA) should expect agency customers to demand evidence of risk assessments, bias testing, and governance documentation tied to NIST categories.

No direct compliance burden on private companies that don't sell to the federal government; the bill creates no fines or penalties for the private sector.

Consulting, audit, and GRC software firms (Deloitte, KPMG, Credo AI, Holistic AI) would see expanded demand for NIST AI RMF readiness assessments.

Timeline is uncertain: the bill is sitting in House Science Committee with no hearing scheduled, and similar standalone AI bills have stalled.

Even if this specific bill dies, the NIST framework is already referenced in the White House AI executive orders, so the practical direction is the same.

What Should You Do

1

If you sell AI products or services to federal agencies, ask your product and compliance teams to map your existing controls to the NIST AI Risk Management Framework (AI RMF 1.0) now.

2

Have your sales team review active and pipeline federal contracts for any emerging NIST AI RMF language so you can flag gaps early.

3

If you're a private-sector buyer of AI, consider adopting NIST AI RMF voluntarily; it's becoming the reference standard regulators and enterprise customers point to.

4

Track the bill via the House Science, Space, and Technology Committee; set a calendar reminder to recheck status in 90 days.

5

Brief your legal and procurement leads that NIST AI RMF alignment is shifting from 'nice to have' to 'expected' in federal and large enterprise deals.

Who It Affects

Government
Federal ContractorsEnterprise AI SoftwareCloud ServicesCybersecurity and GRCDefense TechnologyConsulting and Audit Services

Sponsors

Rep. Lieu, Ted [D-CA-36] (D)

Status Timeline

committee

Referred to the House Committee on Science, Space, and Technology.

May 14, 2026

AI-generated analysis for informational purposes only. Not legal advice. Always consult a qualified attorney for legal guidance.

Need help preparing your team for AI compliance?

Talk to LaunchReady about AI Training

Get the Weekly AI Law Roundup

Plain-English summaries of the AI laws that matter for your business. Every Monday. Free.

No spam. Unsubscribe anytime.