Kentucky Revised Statutes Title VI. Financial Administration § 42.731.Duties of Artificial Intelligence Governance Committee; duties of Commonwealth Office of Technology regarding artificial intelligence systems; establishment of policies and operating standards on use of artificial intelligence by state agencies; report; administrative regulations

Current as of January 01, 2025 | Updated by Findlaw Staff

(1) The Commonwealth Office of Technology shall create an Artificial Intelligence Governance Committee to govern the use of artificial intelligence systems by state departments, state agencies, and state administrative bodies by:

(a) Developing policy standards and guiding principles to mitigate risks and protect data and privacy of Kentucky citizens and businesses that adhere to the latest version of Standard ISO/IEC 42001 of the International Organization for Standardization;

(b) Establishing technology standards to provide protocols and requirements for the use of generative artificial intelligence and high-risk artificial intelligence systems;

(d) Maintaining a centralized registry to include current inventory of generative artificial intelligence systems and high-risk artificial intelligence systems; and

(e) Developing an approval process to include a registry of application, use case, and decision rationale aimed at mitigation of risks.

(2) The Artificial Intelligence Governance Committee shall develop policies and procedures to ensure that any department, program, cabinet, agency, or administrative body that utilizes and accesses the Commonwealth's information technology and technology infrastructure shall:

(a) Verify the use and development of generative artificial intelligence systems and high-risk artificial intelligence systems; and

(b) Act in compliance with responsible, ethical, and transparent procedures to implement the use of artificial intelligence technologies by:

1. Ensuring artificial intelligence models have comprehensive and complete documentation that is available for review and inspection;

2. Requiring review and intervention by humans dependent on the use case and potential risk for all outcomes from generative and high-risk artificial intelligence systems; and

3. Ensuring the use of generative artificial intelligence and high-risk artificial intelligence systems are resilient, accountable, and explainable.

(3) The Commonwealth Office of Technology shall prioritize personal privacy and the protection of the data of individuals and businesses as the state develops, implements, employs, and procures artificial intelligence systems, generative artificial intelligence systems, and high-risk artificial intelligence systems by ensuring all departments, agencies, and administrative bodies:

(a) Allow only the use of necessary data in artificial intelligence systems;

(b) Do not allow unrestricted access to personal data controlled by the Commonwealth; and

(4) To maintain and secure the technology infrastructure, information technology, information resources, and personal information, all departments, agencies, and administrative bodies shall be subject to review of generative artificial intelligence systems or high-risk artificial intelligence systems.

(5) At a minimum, the executive director of the Commonwealth Office of Technology shall consider and document:

(a) How the artificial intelligence system will not result in unlawful discrimination against any individual or group of individuals;

(b) How the use of generative artificial intelligence or other artificial intelligence capabilities will benefit the citizens of the Commonwealth and serve the objectives of the department or agency;

(d) The potential risks, including cybersecurity, data protection and privacy, and health and safety of individuals and businesses, and a mitigation strategy to any identified or potential risk; and

(e) The proper control and management for all data possessed by the Commonwealth to maintain security and data quality.

(6)(a) A department, agency, or administrative body shall disclose to the public, through a clear and conspicuous disclaimer, when generative artificial intelligence, artificial intelligence systems, or other artificial intelligence-related capabilities are used:

1. To render any decision regarding individual citizens or businesses within the state;

2. In any process, or to produce materials used by the system or humans, to inform a decision or create an output; or

3. To produce information or outputs accessible by citizens and businesses.

(b) When an artificial intelligence system makes external decisions related to citizens of the Commonwealth, a department, agency, or administrative body shall:

1. Disclose how artificial intelligence is used in the decision-making process;

2. Provide the extent of human involvement in validating and oversight of any decision made; and

3. Make readily available options for individuals to appeal a consequential decision that involves artificial intelligence.

(c) Any disclaimer under paragraph (a) of this subsection shall also provide information regarding third-party artificial intelligence products or programs, including but not limited to information as to how the high-risk artificial intelligence system or generative artificial intelligence system works, such as system cards or other documented information provided by developers.

(7) The Commonwealth Office of Technology shall establish policies to encompass legal and ethical frameworks to ensure that any artificial intelligence systems shall align with existing laws, administrative regulations, and guidelines, which shall be updated at least annually to maintain compliance as technology and industry best practices evolve.

(8)(a) Operating standards for utilization of high-risk artificial intelligence systems shall prohibit the use of a high-risk artificial intelligence system to render a consequential decision without the design and implementation of a risk management policy and program for high-risk artificial intelligence systems. The risk management policy shall:

1. Specify principles, process, and personnel that shall be utilized to maintain the risk management program; and

2. Identify, mitigate, and document any bias or potential bias that is a potential consequence of use in making a consequential decision.

(b) Each risk management policy designed and implemented shall at a minimum adhere to the latest version of Standard ISO/IEC 42001 of the International Organization for Standardization or another national or internationally recognized risk management framework for artificial intelligence systems, and consider the:

1. Size and complexity of the deployer;

2. Nature, scope, and intended use of the high-risk artificial intelligence system and its deployer; and

3. Sensitivity and volume of data processed.

(9) This section and KRS 42.722 and 42.726 shall not be construed to require the disclosure of trade secrets, confidential or proprietary information about the design or use of an artificial intelligence system, or any information which would create a security risk.

(10) The Commonwealth Office of Technology shall provide education and training of employees about the benefits and risks of artificial intelligence and allowable use policies.

(11)(a) The Commonwealth Office of Technology shall transmit reports to the Legislative Research Commission and the Interim Joint Committee on State Government by December 1, 2025, and annually every year thereafter. The reports shall include:

1. The artificial intelligence registry, which shall include the current inventory and use case of artificial intelligence utilized in state government;

2. Applications received for use of artificial intelligence, including the decision and rationale in approving or disapproving a request in compliance with subsection (5)(c) of this section; and

3. Third-party artificial intelligence developers, system administrators, providers, and contractors submitted for review in compliance with subsection (5) of this section.

(b) To facilitate the report in paragraph (a) of this subsection, the Commonwealth Office of Technology shall receive from each department, agency, and administrative body a report examining and identifying potential use cases for the deployment of generative artificial intelligence systems and high-risk artificial intelligence systems, including a description of the benefits and risks to individuals, communities, government, and government employees.

(12) The Commonwealth Office of Technology shall promulgate administrative regulations in accordance with KRS Chapter 13A to implement this section and KRS 42.726 by December 1, 2025.

Previous Part of Code Next Part of Code

Back to Chapter List

Cite this article: FindLaw.com - Kentucky Revised Statutes Title VI. Financial Administration § 42.731.Duties of Artificial Intelligence Governance Committee; duties of Commonwealth Office of Technology regarding artificial intelligence systems; establishment of policies and operating standards on use of artificial intelligence by state agencies; report; administrative regulations - last updated January 01, 2025 | https://codes.findlaw.com/ky/title-vi-financial-administration/ky-rev-st-sect-42-731/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Search all Kentucky Codes

Welcome to FindLaw's Cases & Codes

Latest Blog Posts

For Legal Professionals

Learn About The Law

Need to Find an Attorney?