Establishes operating standards for developers and deployers of high-risk AI systems, including mandatory risk management and impact assessments. Requires disclosures of potential algorithmic discrimination risks.
Analysis summaries, actor details, and coverage mappings were LLM-classified and may contain errors.
This is a binding legislative act with mandatory requirements, civil penalties for non-compliance, and enforcement by the Attorney General. The document uses mandatory language throughout ('shall') and establishes specific legal obligations for developers and deployers of high-risk AI systems.
The document has good coverage of approximately 6-7 subdomains, with strong focus on unfair discrimination (1.1), privacy compromise (2.1), security vulnerabilities (2.2), false information (3.1), lack of transparency (7.4), and lack of robustness (7.3). Coverage is concentrated in discrimination/toxicity, privacy/security, and AI system safety domains.
The document governs AI use across multiple sectors through its definition of 'consequential decisions' which explicitly covers employment, education, financial services, healthcare, housing, insurance, and legal services. The law applies broadly to any sector where high-risk AI systems make decisions affecting consumers in these areas.
The document covers multiple lifecycle stages with primary focus on deployment and operational monitoring. It addresses design through risk management requirements, validation through impact assessments, deployment through disclosure requirements, and ongoing monitoring through post-deployment oversight obligations.
The document explicitly defines and covers AI systems and AI models, with specific focus on high-risk AI systems. It addresses general-purpose AI models and generative AI systems. There is no explicit mention of frontier AI, task-specific AI, foundation models, predictive AI, open-weight models, or specific compute thresholds.
General Assembly of Virginia
The document is a bill enacted by the General Assembly of Virginia to amend the Code of Virginia, establishing this legislative body as the proposer of the governance instrument.
Attorney General of Virginia
The document grants exclusive enforcement authority to the Attorney General of Virginia, who has powers to issue civil investigative demands, bring injunctive actions, and impose civil penalties.
Attorney General of Virginia
The Attorney General has monitoring authority through civil investigative demands and the power to require disclosure of risk management policies, impact assessments, and other documentation relevant to investigations.
Developers and deployers of high-risk artificial intelligence systems doing business in the Commonwealth of Virginia
The document explicitly targets two categories of entities: developers who create or substantially modify high-risk AI systems, and deployers who use such systems to make consequential decisions affecting Virginia consumers.
9 subdomains (3 Good, 6 Minimal)