The country’s biggest artificial intelligence companies are still operating in a largely lawless field. But AI models have proven to be canny cyberattackers, mass-scale scam artists, limitless producers of child exploitation images, and spewers of hatred across online public spaces. It’s past time for laws to catch up
Massachusetts <a href="https://www.mass.gov/info-details/massachusetts-law-about-artificial-intelligence" rel="nofollow noopener” target=”_blank”>does not yet have a comprehensive AI regulatory framework. Instead, guidelines from various commissions, somewhat-applicable existing laws, and internal agency guidance create a patchy ecosystem of best practices. Donald Trump’s federal effort, an executive order on regulating AI, meanwhile, skews so industry-friendly that it’s less of a regulatory framework than a list of corporate permission slips. Other White House guidance published this year barely mentions the pervasive risks posed by new AI tech at all.
In the face of flimsy federal protection, states must impose some safety guardrails on the AI sector. A slate of related measures regarding transparency and catastrophic risk have passed in several states, including California, New York, and Illinois — and Massachusetts should be next. The current proposal before the Legislature, which is wrapped in the House’s economic development bond package, sets a strong foundation for more comprehensive regulation down the road
The bill requires the largest companies in the AI sector — firms like OpenAI, Anthropic, and xAI — to create thorough public safety plans if they want to do business in Massachusetts. Independent audits would ensure that companies stick to their own safety protocols, and safety breaches would be reported to the attorney general. Massachusetts would go one step further than other states that have tackled AI regulation: Companies would also have to put together an audited “catastrophic” risk profile, outlining exactly how a company would handle a worst-case situation.
In this bill, catastrophic risk is defined as any activity that would either kill or injure more than 50 people, or cause property damage of more than $1 billion. These types of risks encompass anything from an AI program providing step-by-step instructions to create a chemical weapon, to being deployed to hack other companies’ data, or by malfunctioning in some other uncontrolled way
“There’s this whole world of AI policy and all of it’s important, and we’re this specific corner of it, which is tackling the really big risks,” Scott Wisor, a policy director at the Secure AI Project, a nonprofit that supports versions of these bills nationwide, said. “We think that it makes a lot of sense for that to be the first problem that people solve.”
This bill is meant to create public emergency protocols to fall back on in a worst-case scenario
Because it targets only the largest companies on the AI spectrum, startups and small businesses would have little reason to worry about facing red tape in crucial early phases. And, since the large-scale models subject to this measure are already developed, the thorny problem of AI training remains outside the scope of the law. Regulating small AI companies and their training datasets will have to be the focus of other, more targeted legislation in the future
“People will argue this is a threat to innovation or jobs or something, and it just seems really implausible,” Wisor said. “If there’s some major catastrophe, and then the pitchforks come out, there’s not going to be a lot of innovation.”
While there are plenty of pressing AI issues that will require legislative action in the near future, this law provides a strong starting point for protecting the public. Ideally, the federal government will someday take the lead on AI regulation. In the meantime, states must act
Editorials represent the views of the Boston Globe Editorial Board. Follow us @GlobeOpinion

