Back to South Carolina

S963 • 2026

Artificial intelligence, consumer protection

Artificial intelligence, consumer protection

Active

The official status still shows this bill as active or still awaiting another formal step.

Sponsor
Senator Leber
Last action
2026-02-26
Official status
Referred to Committee on Banking and Insurance ( Senate Journal-page 4 )
Effective date
Not listed

Plain English Breakdown

Using official source text because the generated explanation was unavailable or could not be confirmed against the official bill text.

Artificial intelligence, consumer protection

Artificial intelligence, consumer protection

What This Bill Does

  • Artificial intelligence, consumer protection

Limits and Unknowns

  • This entry is temporarily using official source text because the generated explanation could not be confirmed against the official bill text during the last sync.

Bill History

  1. 2026-02-26 Senate

    Introduced and read first time ( Senate Journal-page 4 )

  2. 2026-02-26 Senate

    Referred to Committee on Banking and Insurance ( Senate Journal-page 4 )

Official Summary Text

Artificial intelligence, consumer protection

Current Bill Text

Read the full stored bill text
2025-2026 Bill 963: Artificial intelligence, consumer protection - South Carolina Legislature Online

South Carolina General Assembly
126th Session, 2025-2026
Download
This Bill
in Microsoft Word Format
Indicates Matter Stricken
Indicates New Matter
S. 963
STATUS INFORMATION
General Bill
Sponsors: Senator Leber
Document Path: LC-0369HDB26.docx
Introduced in the Senate on February 26, 2026
Currently residing in the Senate Committee on
Banking and Insurance
Summary: Artificial intelligence, consumer protection
HISTORY OF LEGISLATIVE ACTIONS

Date

Body

Action Description with journal page number

2/26/2026

Senate

Introduced and read first time (
Senate Journal-page 4
)

2/26/2026

Senate

Referred to Committee on
Banking and Insurance
(
Senate Journal-page 4
)

View the latest
legislative information
at the website
VERSIONS OF THIS BILL
02/26/2026

A bill

TO AMEND THE SOUTH CAROLINA CODE OF LAWS BY ENACTING THE
"CONSUMER PROTECTIONS IN INTERACTIONS WITH ARTIFICIAL INTELLIGENCE SYSTEMS ACT"
BY ADDING CHAPTER 31 TO TITLE 37 SO AS TO, AMONG OTHER THINGS, PROHIBIT
ALGORITHMIC DISCRIMINATION ARISING FROM THE USE OF HIGH-RISK ARTIFICIAL
INTELLIGENCE SYSTEMS.

B
e it enacted by the
General Assembly of the State of South Carolina:

S
ECTION 1.
T
itle 37 of the S.C. Code is amended by adding:

C
HAPTER 31

C
onsumer Protections in Interactions with Artificial
Intelligence Systems

S
ection
37-31-10
.
A
s used in this chapter:

(
1)
(
a) "Algorithmic discrimination" means
any condition in which the use of an artificial intelligence system results in
an unlawful differential treatment or impact that disfavors an individual or
group of individuals on the basis of their actual or perceived age, color,
disability, ethnicity, genetic information, limited proficiency in the English
language, national origin, race, religion, reproductive health, sex, veteran
status, or other classification protected under the laws of this State or
federal law.

(
b)
"Algorithmic discrimination" does not include:

(
i)
the offer, license, or use of a high-risk artificial intelligence system by a
developer or deployer for the sole purpose of:

(
A)
the developer's or deployer's self-testing to identify, mitigate, or prevent
discrimination or otherwise ensure compliance with state and federal law; or

(
B)
expanding an applicant, customer, or participant pool to increase diversity or
redress historical discrimination; or

(
ii)
an act or omission by or on behalf of a private club or other establishment
that is not in fact open to the public, as set forth in Title II of the federal
"Civil Rights Act of 1964," 42 U.S.C. Section 2000a.

(
2)
"Artificial intelligence system" means any machine-based system that, for any
explicit or implicit objective, infers from the inputs the system receives how
to generate outputs, including content, decisions, predictions, or
recommendations, that can influence physical or virtual environments.

(
3)
"Consequential decision" means a decision that has a material legal or
similarly significant effect on the provision or denial to any consumer of, or
the cost or terms of:

(
a)
education enrollment or an education opportunity;

(
b)
employment or an employment opportunity;

(
c)
a financial or lending service;

(
d)
an essential government service;

(
e)
healthcare services;

(
f)
housing;

(
g)
insurance; or

(
h)
a legal service.

(
4)
"Consumer" means an individual who is a South Carolina resident.

(
5)
"Deploy" means to use a high-risk artificial intelligence system.

(
6)
"Deployer" means a person doing business in this State that deploys a high-risk
artificial intelligence system.

(
7)
"Developer" means a person doing business in this State that develops or
intentionally and substantially modifies an artificial intelligence system.

(
8)
"Healthcare services" has the same meaning as provided in 42 U.S.C. Section
234(d)(2).

(
9)
(
a) "High-risk artificial intelligence
system" means any artificial intelligence system that, when deployed, makes or
is a substantial factor in making, a consequential decision.

(
b)
"High-risk artificial intelligence system" does not include:

(
i)
an artificial intelligence system if the artificial intelligence system is
intended to:

(
A)
perform a narrow procedural task;

(
B)
detect decision-making patterns or deviations from prior decision-marking
patterns and is not intended to replace or influence a previously completed
human assessment without sufficient human review; or

(
C)
the following technologies, unless the technologies, when deployed, make or are
a substantial factor in making, a consequential decision:

(
1) antimalware;

(
2) antivirus;

(
3) artificial intelligence-enabled
video games;

(
4) calculators;

(
5) cybersecurity;

(
6) databases;

(
7) data storage;

(
8) firewall;

(
9) internet domain registration;

(
10) internet website loading;

(
11) networking;

(
12) spam and robocall filtering;

(
13) spell-checking:

(
14) spreadsheets;

(
15) web caching;

(
16) web hosting or any similar
technology; or

(
17) technology that communicates with
consumers in natural language for the purpose of providing users with
information, making referrals or recommendations, and answering questions and
is subject to an accepted use policy that prohibits generating content that is
discriminatory or harmful.

(
10)
(
a) "Intentional and substantial
modification" or "intentionally and substantially modifies" means a deliberate
change made to an artificial intelligence system that results in any new
reasonably foreseeable risk of algorithmic discrimination.

(
b)
"Intentional and substantial modification" or "intentionally and substantially
modifies" does not include a change made to a high-risk artificial intelligence
system, or the performance of a high-risk artificial intelligence system, if:

(
i)
the high-risk artificial intelligence system continues to learn after the
high-risk artificial intelligence system is:

(
A)
offered, sold, leased, licensed, given, or otherwise made available to a
deployer; or

(
B)
deployed;

(
ii)
the change is made to the high-risk artificial intelligence system as a result
of any learning described in item (10)(b)(i);

(
iii)
the change was predetermined by the deployer, or a third party contracted by
the deployer, when the deployer or third party completed an initial impact
assessment of such high-risk artificial intelligence system pursuant to Section
37-31-30
(C); and

(
iv)
the change is included in technical documentation for the high-risk artificial
intelligence system.

(
11)
(
a) "Substantial factor" means a factor
that:

(
i)
assists in making a consequential decision;

(
ii)
is capable of altering the outcome of a consequential decision; and

(
iii)
is generated by an artificial intelligence system.

(
b)
"Substantial factor" includes any use of an artificial intelligence system to
generate any content, decision, prediction, or recommendation concerning a
consumer that is used as a basis to make a consequential decision concerning
the consumer.

(
12)
"Trade secret" means the whole or any portion or phase of any scientific or
technical information, design, process, procedure, formula, improvement,
confidential business or financial information, listing of names, addresses, or
telephone numbers, or other information relating to any business or profession
which is secret and of value. To be a "trade secret" the owner thereof must
have taken measures to prevent the secret from becoming available to persons
other than those selected by the owner to have access thereto for limited
purposes.

S
ection
37-31-20
.
(
A) A developer of a
high-risk artificial intelligence system shall use reasonable care to protect
consumers from any known or reasonably foreseeable risks of algorithmic
discrimination arising from the intended and contracted uses of the high-risk
artificial intelligence system. In any enforcement action brought by the Attorney
General pursuant to Section
37-31-60
, there is a rebuttable presumption that a
developer used reasonable care as required under this section if the developer
complied with this section and any additional requirements or obligations as
set forth in rules adopted by the Attorney General pursuant to Section
37-31-70
.

(
B) Except
as provided in subsection (F), a developer of a high-risk artificial
intelligence system shall make available to the deployer or other developer of
the high-risk artificial intelligence system:

(
1)
a general statement describing the reasonably foreseeable uses and known
harmful or inappropriate uses of the high-risk artificial intelligence system;

(
2)
documentation disclosing:

(
a)
high-level summaries of the type of data used to train the high-risk artificial
intelligence system;

(
b)
known or reasonably foreseeable limitations of the high-risk artificial
intelligence system, including known or reasonably foreseeable risks of
algorithmic discrimination arising from the intended uses of the high-risk
artificial intelligence system;

(
c)
the purpose of the high-risk artificial intelligence system;

(
d)
the intended benefits and uses of the high-risk artificial intelligence system;
and

(
e)
all other information necessary to allow the deployer to comply with the
requirements of Section
37-31-30
;

(
3)
documentation describing:

(
a)
how the high-risk artificial intelligence system was evaluated for performance
and mitigation of algorithmic discrimination before the high-risk artificial
intelligence system was offered, sold, leased, licensed, given, or otherwise
made available to the deployer;

(
b)
the data governance measures used to cover the training datasets and the
measures used to examine the suitability of data sources, possible biases, and
appropriate mitigation;

(
c)
the intended outputs of the high-risk artificial intelligence system;

(
d)
the measures the developer has taken to mitigate known or reasonably
foreseeable risks of algorithmic discrimination that may arise from the
reasonably foreseeable deployment of the high-risk artificial intelligence
system; and

(
e)
how the high-risk artificial intelligence system should be used, not be used,
and be monitored by an individual when the high-risk artificial intelligence
system is used to make, or is a substantial factor in making, a consequential
decision; and

(
4)
any additional documentation that is reasonably necessary to assist the
deployer in understanding the outputs and monitor the performance of the
high-risk artificial intelligence system for risks of algorithmic
discrimination.

(
C)
(
1) Except as provided in subsection (F),
a developer that offers, sells, leases, licenses, gives, or otherwise makes
available to a deployer or other developer a high-risk artificial intelligence
system shall make available to the deployer or other developer, to the extent
feasible, the documentation and information, through artifacts such as model
cards, dataset cards, or other impact assessments, necessary for a deployer, or
for a third party contracted by a deployer, to complete an impact assessment pursuant
to Section
37-31-30
(C).

(
2)
A developer that also serves as a deployer for a high-risk artificial
intelligence system is not required to generate the documentation required by
this section unless the high-risk artificial intelligence system is provided to
an unaffiliated entity acting as a deployer.

(
D)
(
1) A developer shall make available,
in a manner that is clear and readily available on the developer's website or
in a public-use case inventory, a statement summarizing:

(
a)
the types of high-risk artificial intelligence systems that the developer has
developed or intentionally and substantially modified and currently makes
available to a deployer or other developer; and

(
b)
how the developer manages known or reasonably foreseeable risks of algorithmic
discrimination that may arise from the development or intentional and
substantial modification of the types of high-risk artificial intelligence
systems described in accordance with item (1)(a).

(
2)
A developer shall update the statement described in item (1):

(
a)
as necessary to ensure that the statement remains accurate; and

(
b)
no later than ninety days after the developer intentionally and substantially
modifies any high-risk artificial intelligence system described in item (1)(a).

(
E) A
developer of a high-risk artificial intelligence system shall disclose to the Attorney
General, in a form and manner prescribed by the Attorney General, and to all
known deployers or other developers of the high-risk artificial intelligence
system, any known or reasonably foreseeable risks of algorithmic discrimination
arising from the intended uses of the high-risk artificial intelligence system
without unreasonable delay but no later than ninety days after the date on
which:

(
1)
the developer discovers through the developer's ongoing testing and analysis
that the developer's high-risk artificial intelligence system has been deployed
and has caused or is reasonably likely to have caused algorithmic
discrimination; or

(
2)
the developer receives from a deployer a credible report that the high-risk
artificial intelligence system has been deployed and has caused algorithmic
discrimination.

(
F)
Nothing in subsections (B) through (E) requires a developer to disclose a trade
secret, information protected from disclosure by state or federal law, or
information that would create a security risk to the developer.

(
G) The
Attorney General may require that a developer disclose to the Attorney General,
no later than ninety days after the request and in a form and manner prescribed
by the Attorney General, the statement or documentation described in subsection
(B). The Attorney General may evaluate such statement or documentation to
ensure compliance with this chapter, and the statement or documentation is not
subject to disclosure under the South Carolina Freedom of Information Act. In a
disclosure made pursuant to this subsection, a developer may designate the
statement or documentation as including proprietary information or a trade
secret. To the extent that any information contained in the statement or
documentation includes information subject to attorney-client privilege or
work-product protection, the disclosure does not constitute a waiver of the
privilege or protection.

S
ection
37-31-30
.
(
A) A deployer of a
high-risk artificial intelligence system shall use reasonable care to protect
consumers from any known or reasonably foreseeable risks of algorithmic
discrimination. In any enforcement action brought by the Attorney General
pursuant to Section
37-31-70
, there is a rebuttable presumption that a deployer
of a high-risk artificial intelligence system used reasonable care as required
under this section if the deployer complied with this section and any
additional requirements or obligations as set forth in rules adopted by the Attorney
General pursuant to Section
37-31-70
.

(
B)
(
1) Except as provided in subsection (F),
a deployer of a high-risk artificial intelligence system shall implement a risk
management policy and program to govern the deployer's deployment of the
high-risk artificial intelligence system. The risk management policy and
program must specify and incorporate the principles, processes, and personnel
that the deployer uses to identify, document, and mitigate known or reasonably
foreseeable risks of algorithmic discrimination. The risk management policy and
program must be an iterative process planned, implemented, and regularly and
systematically reviewed and updated over the life cycle of a high-risk
artificial intelligence system, requiring regular, systematic review and
updates. A risk management policy and program implemented and maintained
pursuant to this subsection must be reasonable considering:

(
a)
(
i) The guidance and standards set
forth in the latest version of the "Artificial Intelligence Risk Management
Framework" published by the National Institute of Standards and Technology in
the United States Department of Commerce, standard ISO/IEC 42001 of the
International Organization for Standardization, or another nationally or
internationally recognized risk management framework for artificial
intelligence systems, if the standards are substantially equivalent to or more
stringent than the requirements of this chapter; or

(
ii)
any risk management framework for artificial intelligence systems that the Attorney
General, in his discretion, may designate;

(
b)
the size and complexity of the deployer;

(
c)
the nature and scope of the high-risk artificial intelligence systems deployed
by the deployer, including the intended uses of the high-risk artificial
intelligence systems; and

(
d)
the sensitivity and volume of data processed in connection with the high-risk
artificial intelligence systems deployed by the deployer.

(
2)
A risk management policy and program implemented pursuant to item (1) may cover
multiple high-risk artificial intelligence systems deployed by the deployer.

(
C)
(
1) Except as provided in items (4), (5),
and subsection (F) of this section:

(
a)
a deployer, or a third party contracted by the deployer, that deploys a
high-risk artificial intelligence system shall complete an impact assessment
for the high-risk artificial intelligence system; and

(
b)
a deployer, or a third party contracted by the deployer, shall complete an
impact assessment for a deployed high-risk artificial intelligence system at
least annually and within ninety days after any intentional and substantial
modification to the high-risk artificial intelligence system is made available.

(
2)
An impact assessment completed pursuant to this subsection must include, at a
minimum, and to the extent reasonably known by or available to the deployer:

(
a)
a statement by the deployer disclosing the purpose, intended-use cases, and
deployment context of, and benefits afforded by, the high-risk artificial
intelligence system;

(
b)
an analysis of whether the deployment of the high-risk artificial intelligence
system poses any known or reasonably foreseeable risks of algorithmic
discrimination and, if so, the nature of the algorithmic discrimination and the
steps that have been taken to mitigate the risks;

(
c)
a description of the categories of data the high-risk artificial intelligence
system processes as inputs and the outputs the high-risk artificial
intelligence system produces;

(
d)
if the deployer used data to customize the high-risk artificial intelligence
system, an overview of the categories of data the deployer used to customize
the high-risk artificial intelligence system;

(
e)
any metrics used to evaluate the performance and known limitations of the
high-risk artificial intelligence system;

(
f)
a description of any transparency measures taken concerning the high-risk
artificial intelligence system, including any measures taken to disclose to a
consumer that the high-risk artificial intelligence system is in use when the
high-risk artificial intelligence system is in use; and

(
g)
a description of the postdeployment monitoring and user safeguards provided
concerning the high-risk artificial intelligence system, including the
oversight, use, and learning process established by the deployer to address
issues arising from the deployment of the high-risk artificial intelligence
system.

(
3)
In addition to the information required under item (2), an impact assessment
completed pursuant to this item following an intentional and substantial
modification to a high-risk artificial intelligence system must include a
statement disclosing the extent to which the high-risk artificial intelligence
system was used in a manner that was consistent with, or varied from, the
developer's intended uses of the high-risk artificial intelligence system.

(
4)
A single impact assessment may address a comparable set of high-risk artificial
intelligence systems deployed by a deployer.

(
5)
If a deployer, or a third party contracted by the deployer, completes an impact
assessment for the purpose of complying with another applicable law or
regulation, the impact assessment satisfies the requirements established in
this subsection if the impact assessment is reasonably similar in scope and
effect to the impact assessment that would otherwise be completed pursuant to
this subsection.

(
6)
A deployer shall maintain the most recently completed impact assessment for a
high-risk artificial intelligence system as required under this subsection, all
records concerning each impact assessment, and all prior impact assessments, if
any, for at least three years following the final deployment of the high-risk
artificial intelligence system.

(
7)
At least annually, a deployer, or a third party contracted by the deployer,
must review the deployment of each high-risk artificial intelligence system
deployed by the deployer to ensure that the high-risk artificial intelligence
system is not causing algorithmic discrimination.

(
D)
(
1) No later than the time that a
deployer deploys a high-risk artificial intelligence system to make, or be a
substantial factor in making, a consequential decision concerning a consumer,
the deployer shall:

(
a)
notify the consumer that the deployer has deployed a high-risk artificial
intelligence system to make, or be a substantial factor in making, a
consequential decision before the decision is made;

(
b)
provide to the consumer a statement disclosing the purpose of the high-risk
artificial intelligence system and the nature of the consequential decision;
the contact information for the deployer; a description, in plain language, of
the high-risk artificial intelligence system; and instructions on how to access
the statement required by this item; and

(
c)
provide to the consumer information, if applicable, regarding the consumer's
right to opt out of the processing of personal data concerning the consumer for
purposes of profiling in furtherance of decisions that produce legal or
similarly significant effects concerning the consumer pursuant to Section
30-31-60
(A)(1)(a)(iii).

(
2)
A deployer that has deployed a high-risk artificial intelligence system to
make, or be a substantial factor in making, a consequential decision concerning
a consumer shall, if the consequential decision is adverse to the consumer,
provide to the consumer:

(
a)
a statement disclosing the principal reason or reasons for the consequential
decision, including:

(
i)
the degree to which, and manner in which, the high-risk artificial intelligence
system contributed to the consequential decision;

(
ii)
the type of data that was processed by the high-risk artificial intelligence
system in making the consequential decision; and

(
iii) the source or sources of the
data described in item (2)(a)(ii);

(
b)
an opportunity to correct any incorrect personal data that the high-risk
artificial intelligence system processed in making, or as a substantial factor
in making, the consequential decision; and

(
c)
an opportunity to appeal an adverse consequential decision concerning the
consumer arising from the deployment of a high-risk artificial intelligence
system, which appeal must, if technically feasible, allow for human review
unless providing the opportunity for appeal is not in the best interest of the
consumer, including in instances in which any delay might pose a risk to the
life or safety of such consumer.

(
3)
(
a) Except as provided in subitem (b),
a deployer shall provide the notice, statement, contact information, and
description required by items (1) and (2):

(
i)
directly to the consumer;

(
ii)
in plain language;

(
iii) in all languages in which the
deployer, in the ordinary course of the deployer's business, provides
contracts, disclaimers, sale announcements, and other information to consumers;
and

(
iv)
in a format that is accessible to consumers with disabilities.

(
b)
If the deployer is unable to provide the notice, statement, contact
information, and description required by items (1) and (2) directly to the
consumer, the deployer shall make the notice, statement, contact information,
and description available in a manner that is reasonably calculated to ensure
that the consumer receives the notice, statement, contact information, and
description.

(
E)
(
1) Except as provided in subsection (F),
a deployer shall make available, in a manner that is clear and readily
available on the deployer's website, a statement summarizing:

(
a)
the types of high-risk artificial intelligence systems that are currently
deployed by the deployer;

(
b)
how the deployer manages known or reasonably foreseeable risks of algorithmic
discrimination that may arise from the deployment of each high-risk artificial
intelligence system described pursuant to subitem (a); and

(
c)
in detail, the nature, source, and extent of the information collected and used
by the deployer.

(
2)
A deployer shall periodically update the statement described in item (1) of
this section.

(
F)
Subsections (B), (C), and (E) do not apply to a deployer if, at the time the
deployer deploys a high-risk artificial intelligence system and at all times
while the high-risk artificial intelligence system is deployed:

(
1)
the deployer:

(
a)
employs fewer than fifty full-time equivalent employees; and

(
b)
does not use the deployer's own data to train the high-risk artificial
intelligence system;

(
2)
the high-risk artificial intelligence system:

(
a)
is used for the intended uses that are disclosed to the deployer as required by
Section
37-31-20
(B)(1);

(
b)
continues learning based on data derived from sources other than the deployer's
own data; and

(
3)
the deployer makes available to consumers any impact assessment that:

(
a)
the developer of the high-risk artificial intelligence system has completed and
provided to the deployer; and

(
b)
includes information that is substantially similar to the information in the
impact assessment required under subsection (C)(2).

(
G) If
a deployer deploys a high-risk artificial intelligence system and subsequently
discovers that the high-risk artificial intelligence system has caused
algorithmic discrimination, the deployer, without unreasonable delay, but no
later than ninety days after the date of the discovery, shall send to the Attorney
General, in a form and manner prescribed by him, a notice disclosing the
discovery.

(
H)
Nothing in subsections (B) through (E) and (G) requires a deployer to disclose
a trade secret or information protected from disclosure by state or federal
law. To the extent that a deployer withholds information pursuant to this
subsection (H) or Section
37-31-50
(E), the deployer shall notify the consumer
and provide a basis for the withholding.

(
I) The
Attorney General may require that a deployer, or a third party contracted by
the deployer, disclose to him, no later than ninety days after the request and
in a form and manner prescribed by him, the risk management policy implemented
pursuant to subsection (B), the impact assessment completed pursuant to
subsection (C), or the records maintained pursuant to subsection (C)(6). The Attorney
General may evaluate the risk management policy, impact assessment, or records
to ensure compliance with this chapter, and the risk management policy, impact
assessment, and records are not subject to disclosure under the South Carolina
Freedom of Information Act. In a disclosure made pursuant to this subsection, a
deployer may designate the statement or documentation as including proprietary
information or a trade secret. To the extent that any information contained in
the risk management policy, impact assessment, or records includes information
subject to attorney-client privilege or work-product protection, the disclosure
does not constitute a waiver of the privilege or protection.

S
ection
37-31-40
.
(
A) Except as provided in
subsection (B), a deployer or other developer that deploys, offers, sells,
leases, licenses, gives, or otherwise makes available an artificial
intelligence system that is intended to interact with consumers shall ensure
the disclosure to each consumer who interacts with the artificial intelligence
system that the consumer is interacting with an artificial intelligence system.

(
B)
Disclosure is not required under subsection (A) under circumstances in which it
would be obvious to a reasonable person that the person is interacting with an
artificial intelligence system.

S
ection
37-31-50
.
(
A) Nothing in this
chapter restricts a developer's, a deployer's, or other person's ability to:

(
1)
comply with federal, state, or municipal laws, ordinances, or regulations;

(
2)
comply with a civil, criminal, or regulatory inquiry, investigation, subpoena,
or summons by a federal, a state, a municipal, or other governmental authority;

(
3)
cooperate with a law enforcement agency concerning conduct or activity that the
developer, deployer, or other person reasonably and in good faith believes may
violate federal, state, or municipal laws, ordinances, or regulations;

(
4)
investigate, establish, exercise, prepare for, or defend legal claims;

(
5)
take immediate steps to protect an interest that is essential for the life or
physical safety of a consumer or another individual;

(
6)
by any means other than the use of facial recognition technology, prevent,
detect, protect against, or respond to security incidents, identity theft,
fraud, harassment, malicious or deceptive activities, or illegal activity;
investigate, report, or prosecute the persons responsible for any such action;
or preserve the integrity or security of systems;

(
7)
engage in public or peer-reviewed scientific or statistical research in the
public interest that adheres to all other applicable ethics and privacy laws
and is conducted in accordance with 45 C.F.R. 46, as amended, or relevant
requirements established by the federal Food and Drug Administration;

(
8)
conduct research, testing, and development activities regarding an artificial
intelligence system or model, other than testing conducted under real-world
conditions, before the artificial intelligence system or model is placed on the
market, deployed, or put into service, as applicable; or

(
9)
assist another developer, deployer, or other person with any of the obligations
imposed under this chapter.

(
B)
The obligations imposed on developers, deployers, or other persons under this chapter
do not restrict a developer's, a deployer's, or other person's ability to:

(
1)
effectuate a product recall; or

(
2)
identify and repair technical errors that impair existing or intended
functionality.

(
C)
The obligations imposed on developers, deployers, or other persons under this chapter
do not apply where compliance with this chapter by the developer, deployer, or
other person would violate an evidentiary privilege under the laws of this State.

(
D)
Nothing in this chapter imposes any obligation on a developer, a deployer, or
other person that adversely affects the rights or freedoms of a person,
including the rights of a person to freedom of speech or freedom of the press
that are guaranteed in:

(
1)
The First Amendment to the United States Constitution; or

(
2)
Section 2, Article I of the S.C. Constitution.

(
E)
Nothing in this chapter applies to a developer, a deployer, or other person:

(
1)
insofar as the developer, deployer, or other person develops, deploys, puts
into service, or intentionally and substantially modifies, as applicable, a
high-risk artificial intelligence system:

(
a)
that has been approved, authorized, certified, cleared, developed, or granted
by a federal agency, such as the federal Food and Drug Administration or the Federal
Aviation Administration, acting within the scope of the federal agency's
authority, or by a regulated entity subject to the supervision and regulation
of the Federal Housing Finance Agency; or

(
b)
in compliance with standards established by a federal agency, including
standards established by the federal Office of the National Coordinator for Health
Information Technology, or by a regulated entity subject to the supervision and
regulation of the federal Housing Finance Agency, if the standards are
substantially equivalent or more stringent than the requirements of this chapter;

(
2)
conducting research to support an application for approval or certification
from a federal agency, including the Federal Aviation Administration, the Federal
Communications Commission, or the federal Food and Drug Administration or
research to support an application otherwise subject to review by the federal
agency;

(
3)
performing work under, or in connection with, a contract with the United States
Department of Commerce, the United States Department of Defense, or the National
Aeronautics and Space Administration, unless the developer, deployer, or other
person is performing the work on a high-risk artificial intelligence system
that is used to make, or is a substantial factor in making, a decision
concerning employment or housing; or

(
4)
that is a covered entity within the meaning of the federal Health Insurance
Portability and Accountability Act of 1996, 42 U.S.C. Sections 1320d to
1320d-9, and the regulations promulgated under the federal act, as both may be
amended from time to time, and is providing healthcare recommendations that:

(
a)
are generated by an artificial intelligence system;

(
b)
require a healthcare provider to take action to implement the recommendations;
and

(
c)
are not considered to be high risk.

(
F)
Nothing in this chapter applies to any artificial intelligence system that is
acquired by or for the federal government or any federal agency or department,
including the United States Department of Commerce, the United States Department
of Defense, or the National Aeronautics and Space Administration, unless the
artificial intelligence system is a high-risk artificial intelligence system
that is used to make, or is a substantial factor in making, a decision
concerning employment or housing.

S
ection
37-31-60
.
(
1) Notwithstanding Section
37-31-30
, the Attorney General has exclusive authority to enforce this chapter.

(
2)
Except as provided in item (3), a violation of the requirements established in
this chapter constitutes an unfair trade practice pursuant to the provisions of
Chapter 6 of this title.

(
3) In
any action commenced by the Attorney General to enforce this chapter, it is an
affirmative defense that the developer, deployer, or other person:

(
a)
discovers and cures a violation of this chapter as a result of:

(
i)
feedback that the developer, deployer, or other person encourages deployers or
users to provide to the developer, deployer, or other person;

(
ii)
adversarial testing or red teaming, as those terms are defined or used by the National
Institute of Standards and Technology; or

(
iii)
an internal review process; and

(
b)
is otherwise in compliance with:

(
i)
the latest version of the "Artificial Intelligence Risk Management Framework"
published by the National Institute of Standards and Technology in the United
States Department of Commerce and standard ISO/IEC 42001 of the International
Organization for Standardization;

(
ii)
another nationally or internationally recognized risk management framework for
artificial intelligence systems, if the standards are substantially equivalent
to or more stringent than the requirements of this chapter; or

(
iii)
any risk management framework for artificial intelligence systems that the Attorney
General, in his discretion, may designate and, if designated, shall publicly
disseminate.

(
4) A
developer, a deployer, or other person bears the burden of demonstrating to the
Attorney General that the requirements established in item (3) have been
satisfied.

(
5)
Nothing in this chapter, including the enforcement authority granted to the Attorney
General under this section, preempts or otherwise affects any right, claim,
remedy, presumption, or defense available at law or in equity. A rebuttable
presumption or affirmative defense established under this chapter applies only
to an enforcement action brought by the Attorney General pursuant to this
section and does not apply to any right, claim, remedy, presumption, or defense
available at law or in equity.

(
6)
This chapter does not provide the basis for, and is not subject to, a private
right of action for violations of this chapter or any other law.

S
ection
37-31-70
.
T
he Attorney General may promulgate rules
as necessary for the purpose of implementing and enforcing this chapter,
including:

(
1) the
documentation and requirements for developers pursuant to Section
37-31-20
(B);

(
2) the
contents of and requirements for the notices and disclosures required by Sections
37-31-20
(E) and (G);
37-31-30
(D), (E), (F), and (H); and
37-31-40
;

(
3) the
content and requirements of the risk management policy and program required by Section
37-31-30
(B);

(
4) the
content and requirements of the impact assessments required by Section
37-31-30
(C);

(
5) the
requirements for the rebuttable presumptions set forth in Sections
37-31-20
and
37-31-30
; and

(
6) the
requirements for the affirmative defense set forth in Section
37-31-60
(C),
including the process by which the Attorney General will recognize any other
nationally or internationally recognized risk management framework for
artificial intelligence systems.

S
ECTION 2. This act takes effect upon approval
by the Governor.

----XX----

This web page was last updated on February 26, 2026 at 11:28 AM