On December 19, 2025, New York Governor Kathy Hochul signed the Responsible AI Safety and Education Act, better known as the RAISE Act, into law.

The Act places New York near the front of state-level AI regulation in the United States. With no comprehensive federal AI law in place, states are beginning to shape the first wave of enforceable AI governance. New York’s approach focuses on frontier AI models, meaning the most powerful and expensive systems being built by a small number of developers.

The RAISE Act applies to large developers of frontier models that are developed, deployed, or operated in whole or in part in New York. It defines covered frontier models through high thresholds: models trained using more than 10^26 computational operations, models with compute costs exceeding $100 million, and certain distilled models when the distilled model’s compute cost exceeds $5 million.

These thresholds keep the law focused on the largest model developers. The Act is not aimed at every AI tool, every startup, or every company using automated systems. It targets the systems most likely to create broad, difficult-to-contain risks.

Covered developers must create written safety and security protocols before deployment. They must publish redacted versions of those protocols. They must preserve testing records so that safety procedures and results can be reviewed. They must conduct annual safety reviews. They must also report safety incidents within 72 hours to the New York State Attorney General and the New York State Division of Homeland Security and Emergency Services.

These provisions create documentation, reporting, and enforcement obligations in a field that has often relied on company-led safety commitments. They give regulators a record to review and a path to act when developers fail to comply.

The central question is whether those obligations are enough to build public trust.

Trust in AI governance has several layers. Technical safeguards are one layer. Institutional oversight is another. Public participation and individual rights are a third.

The first layer is algorithmic trust. This asks whether the law creates meaningful safeguards around the AI system itself. That includes safety testing, documentation, transparency, privacy protection, explainability, and bias mitigation.

The second layer is institutional trust. This asks whether the law creates credible oversight. That includes enforcement authority, monitoring capacity, incident response, and technical expertise inside public institutions.

The third layer is civic trust. This asks whether people have a meaningful role in the governance process. That includes notice, explanation, public participation, redress mechanisms, and access to human review when AI systems affect important decisions.

The RAISE Act performs best on the first layer, partially on the second, and weakly on the third.

Under this framework, the Act scores 3 out of 6. It earns 2 out of 2 for algorithmic trust because of its safety protocols, redacted disclosures, testing records, annual reviews, and incident reporting. It earns 1 out of 2 for institutional trust because enforcement is clearly assigned to the Attorney General, but the law does not create a dedicated technical oversight body. It earns 0 out of 2 for civic trust because it does not create public participation rights, individual notice rights, explanation rights, or human-review mechanisms.

That score shows where the Act is strongest and where it needs more work. It advances frontier AI safety, but it does not fully address the public-facing side of trust.

The RAISE Act’s biggest contribution is that it turns frontier AI safety into a legal obligation.

Covered developers must write down their safety practices before deployment. They must preserve evidence of testing. They must review safety procedures every year. They must report incidents quickly. These requirements create a formal record, and that record gives regulators something to enforce.

That is an important shift. Frontier AI safety has often depended on internal processes, voluntary commitments, and public statements from companies. The RAISE Act moves part of that work into law. It makes safety documentation and incident reporting part of the cost of building and deploying frontier models in New York.

The law also creates a clear enforcement channel through the New York State Attorney General. Oversight becomes stronger when there is a defined authority responsible for enforcement. By giving the Attorney General authority to pursue penalties and injunctive relief, the Act gives the state a way to respond when developers fail to meet their obligations.

The Act also keeps its scope narrow. That may frustrate those who want broader AI regulation, but it reflects a practical choice. By focusing on the largest frontier developers, New York avoids placing sweeping compliance burdens on smaller companies and ordinary AI users while still addressing systems that may carry the most significant risks.

The Act gives the Attorney General enforcement authority, but enforcement alone does not create full oversight capacity.

Frontier AI systems are technically complex and change quickly. Monitoring these systems requires specialized expertise, staffing, and institutional memory. A legal enforcement office can respond to violations, but it may not be designed to continuously evaluate model safety, audit technical claims, or track emerging risks over time.

Other AI laws place more emphasis on dedicated institutional capacity. The EU AI Act creates the EU AI Office and the AI Board, giving the European Union a standing structure for implementation and coordination. California SB 53 also puts more emphasis on state-level oversight infrastructure for frontier AI safety, including incident reporting channels and public compute planning.

New York’s RAISE Act does not create a dedicated AI oversight body. That is why it receives only partial credit for institutional trust. The law creates a clear enforcement path, but it does not yet build the technical infrastructure needed for long-term AI governance.

This gap will become more important as frontier systems become harder to evaluate from the outside. A state that wants to regulate powerful AI systems will need more than legal authority. It will need people and institutions capable of understanding the systems being regulated.

The RAISE Act’s largest weakness is civic trust.

The Act does not require public comment. It does not create a community notification process. It does not give individuals a right to know when AI systems are being used in consequential decisions. It does not give people a right to an explanation. It does not guarantee human review. It does not create a direct redress pathway for people affected by AI systems.

In practice, the law treats trust as something managed between developers and regulators. Developers disclose information to the state. The state enforces the law. Experts, journalists, and civil society groups may interpret redacted safety protocols. Ordinary people remain mostly outside the process.

That design creates a public trust problem. People are more likely to trust a governance system when they can see how it works, understand what protections exist, and use clear channels when they are affected.

Colorado SB 205 offers a useful contrast. It focuses on high-risk AI systems used in consequential decisions, including employment, housing, and banking. It requires notice when AI is used. It requires explanations for adverse decisions. It gives affected people access to human review or appeal.

Those rights make AI governance more concrete. A person does not need to interpret a redacted safety protocol to know they have been affected by an automated system. They are told the system was used. They can ask for an explanation. They can seek review.

The RAISE Act does not provide that kind of civic pathway.

The difference becomes clearer when the RAISE Act is compared with other AI laws under the same trust framework.

New York’s RAISE Act scores 3 out of 6. The EU AI Act scores 5 out of 6. California SB 53 scores 4 out of 6. Colorado SB 205 scores 5 out of 6.

Each law emphasizes a different part of AI governance.

The EU AI Act is stronger on institutional design, with dedicated oversight structures and regulatory sandboxes. California SB 53 is stronger on frontier AI oversight capacity. Colorado SB 205 is stronger on civic trust because it creates direct rights for affected individuals.

New York’s law is strongest on frontier safety protocols. That is a valuable contribution, especially given the absence of federal legislation. But the comparison shows the limits of a model that focuses primarily on developers and regulators. New York has created one of the clearest state-level safety frameworks for frontier models, but it has not yet created a strong public-facing trust framework.

Pew Research Center found that 62 percent of Americans have little or no confidence in the U.S. government’s ability to regulate AI effectively. That should shape how lawmakers think about AI governance. Many people are already skeptical that public institutions can keep up with AI development.

In that environment, safety protocols and redacted disclosures may not be enough. The public needs visible oversight. People need information they can understand. They need channels for participation. They need rights when AI systems affect important parts of their lives.

A law can be technically serious and still feel remote. It can improve safety procedures while leaving the public unsure of where they fit. It can give regulators more authority while leaving individuals without a clear way to ask questions or seek review.

The RAISE Act should be understood as a foundation. The next step is to make that foundation more visible, participatory, and accessible.

The RAISE Act shows that AI regulation is entering a more concrete phase. Governments are moving from broad principles to enforceable duties. That progress matters, especially in the absence of federal legislation.

The next challenge is designing laws that people can trust. That requires technical safeguards, credible institutions, and civic mechanisms that give people a meaningful role.

New York has taken an important first step. It has created one of the clearest state-level frameworks for frontier AI safety in the United States. It has placed legal obligations on major AI developers. It has created a pathway for enforcement.

The next version should bring the public further into the process. People need to know when AI systems affect them. They need explanations they can understand. They need access to human review. They need institutions with enough technical capacity to oversee powerful systems over time.

Trust will depend on whether people can see, understand, question, and challenge the systems being governed. The RAISE Act starts that conversation. New York now has a chance to build the civic layer that will make the law more durable.

The AI Collective is built by volunteers across 180+ chapters in 40 countries.

Thank you to the thousands of volunteers around the world who make this work possible. We truly could not do this without you.