by Stephen M. Kohn and Sophie Luskin

Stephen Kohn and Sophie Luskin (photos courtesy of authors)

On May 15, 2025, Senator Charles Grassley (R-IA) introduced the bipartisan AI Whistleblower Protection Act (AIWPA). Co-sponsored by senators Chris Coons (D-DE), Marsha Blackburn (R-TN), Amy Klobuchar (D-MN), Josh Hawley (R-MO) and Brian Schatz (D-HI), it creates clear channels for AI industry employees to make lawful disclosures about safety issues with protections from retaliation. 

The bill provides protection for whistleblowers who disclose “AI violations” which include AI security vulnerabilities and specific threats to the public health and safety. Similar to all major anti-retaliation laws, the whistleblower is not required to prove a violation, so long as the whistleblower believes in good faith that such a violation exists. This means that whistleblowers are not required to be experts in legal technicalities and that credible and significant information about security vulnerabilities or specific safety concerns can be lawfully disclosed to the appropriate authorities.

One of the most important features of the AIWPA is its encouragement and protection for people who report concerns of violations and misconduct internally. According to the Securities and Exchange Commission (SEC) Whistleblower Program’s 2021 Annual Report to Congress, approximately 75% of award recipients in that fiscal year had initially raised their concerns internally to supervisors, compliance personnel, or through internal reporting mechanisms. Raising concerns internally is often the first way that employees report misconduct or serious potential violations of law.   

These statistics demonstrate that the vast majority of whistleblowers initiate their whistleblowing through internal channels. 

The provision in the AI Whistleblower Protection Act protecting such internal disclosures is an essential and key element both for protecting whistleblowers and for promoting effective internal compliance. The bill will help promote companies developing AI to have effective internal reporting structures and to take extra efforts to ensure that employees who utilize these reporting systems are not subject to retaliation given the strong legal remedies of the AIWPA. 

Having companies voluntarily ensure that their compliance programs trigger effective internal investigations and provide protection for whistleblowers can encourage an ethical culture of disclosure and honesty. This provision is a key feature in the law, as it is intended to protect honest employees seeking to do the right thing by reporting concerns to their bosses.

In the absence of a specific regulatory agency with jurisdiction over AI issues, the ability of employees to safely report to their supervisors or compliance personnel – about national security, safety, or consumer fraud – is a central component of any anti-retaliation law. Employees must have the opportunity to report directly to the government, or to report first to their supervisors. Employees understand corporate culture, the effectiveness of internal corporate systems, and the openness of supervisors to employees raising concerns. Protecting internal disclosures is foundational to changing corporate culture that often rewards silence at the expense of national security, public safety, and frauds.  

This AI whistleblower bill mirrors and adopts the provisions of the Sarbanes-Oxley Act, the major corporate whistleblower anti-retaliation law, which contains a nearly identical provision giving employees the right to report internally to supervisors and compliance programs. The AIWPA does not foreclose the right of employees to go directly to government entities (which is also a critical component of Sarbanes-Oxley), but provides employees with the option of where to make a disclosure. The stronger a company’s ethical culture, the more likely an employee will use internal compliance programs and alert their managers of serious violations.

Under the AIWPA, if an employee is retaliated against or wrongfully terminated for making a protected disclosure either internally or to the government the employee enjoys the same basic rights that are contained in Sarbanes-Oxley and other modern whistleblower protection laws. This includes a make-whole remedy, back pay, restoration of lost benefits, reinstatement, and compensatory damages. If a whistleblower prevails, the company must pay attorney’s fees and costs. Although the statue does not have punitive damages, it does have a double back pay provision which serves a similar purpose.

This law is a significant step forward in ensuring that employers, senior managers, and appropriate government officials can obtain early warnings of significant harmful impacts that could be caused by wrongfully deployed AI. Most significantly, it is a necessary safeguard against the well-documented risks to national security, including theft by foreign adversaries or the dangerous use of AI technology by terrorists, allowing for these safety vulnerabilities to be reported, investigated, and if necessary, stopped. The American public and indeed the worldwide community will be safer when AI is deployed safely.

Stephen M. Kohn is a Founding Partner at Kohn, Kohn & Colapinto, and Sophie Luskin is a Senior Tech Policy Analyst at the National Whistleblower Center.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright of this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).