New York RAISE Act 2026: Frontier AI Compliance Guide
New York's Responsible AI Safety and Education Act only reaches a small tier of frontier model developers, but for the companies it covers, the safety-protocol, incident-reporting, and attorney-general enforcement provisions are among the strictest AI-specific rules any state has passed.
A Narrow Law, Aimed at the Very Top of the Market
Most AI-specific state laws passed since 2024 regulate how AI is used against consumers — hiring, lending, insurance, profiling. RAISE is different. It regulates how frontier models are built and released in the first place, and it only applies to "large developers": companies that have trained a model using more than 10^26 computational operations and spent more than $100 million doing it. That threshold excludes essentially every company outside a small handful of the world's largest AI labs.
If your company fine-tunes an open-weight model, builds a wrapper product on top of a commercial API, or trains smaller task-specific models, RAISE almost certainly does not apply to you as a developer. It could still matter to you as a downstream signal — if the labs you depend on are subject to RAISE's safety-protocol and incident disclosure requirements, that changes what documentation and incident history you can reasonably expect to obtain from them.
What Large Developers Have to Do
Publish a safety and security protocol
Before deploying a frontier model, a covered developer must write and publish a protocol describing how it assesses and mitigates the risk of critical harm — and keep it current as the model changes.
Retain compliance records
Developers must retain records showing they actually followed their published protocol, not just that one exists on paper.
Report safety incidents quickly
Incidents involving unreasonable risk of critical harm must be reported to the state within a short window, following the same fast-disclosure model as California's SB 53.
Avoid deploying unreasonably risky models
The statute prohibits deploying a frontier model that creates an unreasonable risk of critical harm, defined around mass-casualty and critical-infrastructure scenarios rather than everyday product risk.
RAISE vs. California SB 53
New York was not the first state to legislate frontier AI safety — California's SB 53 set the template earlier the same year, after the state's broader SB 1047 proposal was vetoed in 2024. RAISE follows the same structural playbook: a compute-and-spend threshold that narrows scope to the largest labs, a published safety protocol, fast incident reporting, and attorney-general enforcement instead of a private right of action. A frontier lab already building an SB 53 program should treat RAISE as an extension of that work — additional filings and state-specific reporting channels layered onto a compliance foundation that mostly already exists, rather than a second program built from scratch.
RAISE Act Compliance Checklist
- ☐Confirm whether any model you have trained crosses the 10^26 computational-operations threshold
- ☐Confirm whether training spend on that model exceeded $100 million
- ☐Reassess scope for each new frontier-scale training run, not just once
- ☐Draft and publish a safety and security protocol before deploying a covered model
- ☐Cover critical-harm risk categories the statute contemplates, not just general product safety
- ☐Build an internal process for keeping the published protocol current as models are updated
- ☐Stand up a fast internal escalation path for potential critical-harm incidents
- ☐Identify the state reporting channel and required timeline in advance, not during an incident
- ☐Coordinate New York reporting with any parallel obligations under California SB 53 or federal frameworks
- ☐If you build on top of a frontier model rather than training one, ask your model provider whether they are RAISE-covered and what documentation they can share
- ☐Track incident disclosures from your upstream model providers as part of your own vendor risk process
- ☐Don't assume RAISE inapplicability to you as a developer means it's irrelevant to your compliance posture
See where your AI product is exposed
RatedWithAI helps SaaS and platform teams surface compliance and trust gaps across their web properties. Start with a free scan to understand how your product presents to users and regulators alike.
Scan Your Product for Free →Frequently Asked Questions
Is RAISE relevant to a typical AI SaaS startup?
Directly, almost never — the compute and spend thresholds are set well above what any but the largest frontier labs reach. Indirectly, it matters if your product depends on a model from a covered developer, since that developer's safety protocol and incident history become part of your own vendor risk picture.
Does RAISE give consumers a private right of action?
No. Like California's SB 53, RAISE routes enforcement through the state attorney general rather than allowing individual consumers to sue directly, which is consistent with how most frontier-AI-safety statutes (as opposed to consumer-privacy statutes) have been structured so far.
Will other states follow New York and California with their own frontier AI laws?
Several states have introduced similar frontier-model safety proposals modeled on the SB 53 / RAISE approach. Companies operating at frontier scale should expect the compute-and-spend threshold model to keep spreading state by state rather than assume New York and California will remain the only two.