H.R. 8283: Deterring American AI Model Theft Act of 2026

H.R. 8283 sets up a federal process to identify foreign actors that try to copy or rebuild American closed-source AI models. The bill defines a "closed-source AI model" as one whose key technical information, such as model weights, is proprietary and not made public, where access is controlled by terms of service or contracts, and where use is typically offered through an API or consumer-facing interface without letting outside users host or modify the model on their own servers unless authorized. That definition matters because the bill is focused on model makers that keep the core system private and only let outsiders use it through controlled access.

The bill gives the Secretary of State, the Secretary of Commerce, and members of the Operating Committee for Export Policy 180 days after enactment to complete an initial assessment of model extraction attacks, and 210 days after enactment to submit a report. After that, reporting continues annually for 3 years following the initial report. The assessment must identify "entities of concern" carrying out attacks or serving as fraudulent account network providers, describe the methods used, including the physical location of provider offices and data centers, and determine how many attempted attacks happened in the previous 2 calendar years. The Secretary of State would also maintain a public AI Model Extraction Attackers List naming people or companies found to have conducted or directed attacks in the past year, and those names could stay on a public State Department website for up to 5 years.

The bill casts a wide net over who could be targeted. A "country of concern" automatically includes the People's Republic of China, including Hong Kong and Macau, and the Russian Federation. It also includes any country in Country Group D:5 in Supplement No. 1 to part 740 of the Export Administration Regulations as of January 1, 2026 if designated by the Secretary of State, plus any other country the Secretary designates through the bill's assessment process. An "entity of concern" can be a foreign person or company located or headquartered in one of those countries, a company with an ultimate parent there, a firm operating under the direction or control of an entity in a country of concern, or a foreign actor that conducts or attempts a model extraction attack against a U.S.-owned model outside authorized training practices.

The enforcement side is the sharpest part of the bill. Within 210 days of enactment, the Under Secretary of Commerce for Industry and Security must determine, by majority vote of the End-User Review Committee, whether identified attackers or their affiliates should be added to the Bureau of Industry and Security's Entity List. The affiliate rule is triggered at 50 percent or more direct or indirect ownership. Separately, the President may block all transactions in property and interests in property of entities of concern when that property is in the United States or under the control of a U.S. person. There are carveouts for the 1947 UN Headquarters Agreement, humanitarian aid such as food, medicine, medical devices, and related financial transactions, and authorized U.S. intelligence, law enforcement, or national security work. Violations would carry the penalties already available under section 206 of the International Emergency Economic Powers Act, codified at 50 U.S.C. 1705, giving the bill real legal teeth even though it does not create a brand-new penalty schedule.