A PYMNTS Company

The New York Responsible AI Safety and Education (RAISE) Act – What you need to know

By  |  February 13, 2026

By: Marc B. Collier, Annmarie Giblin, Ethan Glenn, Isabela Pena-Gonzalez & Charlotte Swart (Norton Rose Fulbright)

    Get the Full Story

    Complete the form to unlock this article and enjoy unlimited free access to all PYMNTS content — no additional logins required.

    yesSubscribe to our daily newsletter, PYMNTS Today.

    By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions.

    In this piece for the Inside Legal Tech blog, authors Marc B. Collier, Annmarie Giblin, Ethan Glenn, Isabela Pena-Gonzalez & Charlotte Swart (Norton Rose Fulbright) explore New York’s newly signed Responsible AI Safety and Education (RAISE) Act, which takes effect on March 19, 2026. The legislation targets “large developers” of “frontier models”—defined as entities that have spent over $100 million in aggregate on compute costs to train AI models using greater than 10^26 computational operations or distilled models derived from them costing over $5 million. The Act applies to frontier models developed, deployed, or operating in whole or in part in New York, casting a wide jurisdictional net where even partial operational touchpoints may trigger compliance requirements.

    The RAISE Act imposes comprehensive obligations on covered developers before deploying frontier models, including implementing written safety and security protocols, retaining unredacted copies for the model’s deployment duration plus five years, publishing redacted versions to the New York Attorney General and Division of Homeland Security and Emergency Services, and maintaining detailed testing records. Developers must conduct annual protocol reviews, implement safeguards to prevent unreasonable risk of “critical harm” (defined as death or serious injury to 100+ people or $1 billion+ in property damage), and refrain from deployments creating such unreasonable risks. The Act also requires disclosure of “safety incidents” within 72 hours of discovery.

    Developer liability for harms inflicted by intervening human actors is limited unless three conditions are met: the developer’s activities were a substantial factor in causing harm, the intervening conduct was reasonably foreseeable, and the harm could have been prevented through alternative design or security measures. The RAISE Act includes only public enforcement mechanisms—no private right of action exists—with the Attorney General authorized to seek civil penalties up to $10 million for first violations and $30 million for subsequent violations, plus injunctive or declaratory relief.

    The authors recommend that companies potentially qualifying as large developers immediately assess whether they meet the definitions by evaluating training compute costs and New York connections, then develop compliant safety and security protocols with detailed testing methodologies, prepare publication and transmission procedures with defensible redactions, establish incident response protocols meeting the 72-hour reporting deadline, and implement annual review processes to ensure ongoing compliance with the Act’s requirements…

    CONTINUE READING…