NTIA Releases AI Accountability Policy Report Recommending Mandatory Audits, Disclosures, and Red Teaming Standards

The National Telecommunications and Information Administration (NTIA) published its AI Accountability Policy Report in March 2024, outlining U.S. government recommendations for strengthening oversight of artificial intelligence systems across sectors. The report calls for mandatory AI audits, public disclosures, and liability rules tied to AI system failures, and advocates for federal investment in testing, evaluation, and red teaming standards and infrastructure. NTIA also recommends amending existing sector-specific regulations to incorporate these accountability requirements, signaling that agencies such as the FTC, FDA, and financial regulators could eventually adopt binding rules aligned with the report's framework. While the report itself is non-binding, it represents an authoritative statement of federal policy direction from an agency with direct advisory influence over the White House on technology matters.

The report was published in response to a directive under President Biden's October 2023 Executive Order on Safe, Secure, and Trustworthy AI, which tasked NTIA with developing policy recommendations on AI accountability mechanisms within 270 days. It addresses a recognized gap in the U.S. regulatory landscape: unlike the EU AI Act, which establishes binding obligations for high-risk AI systems, federal oversight of AI in the United States has remained fragmented and largely voluntary. NTIA's report reflects growing consensus among federal policymakers that self-certification and voluntary commitments are insufficient for managing systemic risks posed by AI systems in critical sectors including healthcare, finance, hiring, and critical infrastructure.

Enterprise compliance teams should treat the NTIA report as a forward-looking benchmark and begin assessing internal AI governance programs against its core expectations now. Specifically, organizations should evaluate whether they have documented audit processes for AI systems, disclosure practices for AI-generated outputs or AI-assisted decisions, and structured red teaming or adversarial testing protocols in place. Companies operating in regulated sectors should monitor their primary regulators for rulemaking activity referencing the NTIA framework, as sector-specific agencies are the most likely near-term vehicle for translating these recommendations into binding requirements. Legal and compliance functions should also flag the report's treatment of liability, as NTIA's recommendation to assign accountability for AI system harms to deployers and developers could reshape contractual risk allocation in AI procurement and vendor agreements.