Text

NRC AI Compliance Plan September 2025 - Page 1 of 7 U.S. Nuclear Regulatory Commission Artificial Intelligence Compliance Plan Per OMB Memorandum M-25-21 September 2025 Prepared and Issued by: Scott Flanders, NRC Chief Information and Chief AI Officer

1. Driving AI Innovation Removing Barriers to the Responsible Use of AI The U.S. Nuclear Regulatory Commission (NRC) provides staff with secure, compliant access to essential software tools by leveraging a combination of enterprise-licensed solutions, FedRAMP-authorized cloud environments and platforms, and NRC-approved commercial AI services. Staff are enabled to perform advanced data science and artificial intelligence/machine learning (AI/ML) tasks within protected computing environments.

Barriers Identified Limited access to specialized AI infrastructure and secure data environments.

Limited availability of NRC-specific AI-ready datasets.

Need for staff with advanced AI technical skills.

Regulatory uncertainties regarding the integration of AI in safety-critical applications.

Mitigation Steps Expanding access to secure development and AI Infrastructure to enhance agency capabilities.

Establishing data governance policies to identify, curate, and share NRC data for responsible AI use.

Collaborating with external entities (Department of Energy (DOE) Laboratories, academia) to supplement NRC resources and specific expertise.

Regular review and clarification of regulatory pathways for AI adoption in NRC-regulated activities.

Access to Tools and Capabilities NRC maintains licenses for major commercial AI platforms and supports open-source AI libraries where security permits.

Internal deployment and monitoring capabilities are being expanded through partnership with other federal agencies including GSA.

Sharing and Reuse The NRC promotes the sharing and reuse of AI code, models, and data assets through coordinated efforts across several key offices, including the Office of the Chief Information Officer (OCIO), the Office of Nuclear Regulatory Research (RES), and other program-specific offices. The OCIO leads agency-wide IT governance and establishes policies and infrastructure to support secure and effective sharing

NRC AI Compliance Plan September 2025 - Page 2 of 7 of digital resources, including AI assets. RES provides technical expertise, develops research-grade models, and facilitates cross-office collaboration on AI and data science initiatives.

To foster internal collaboration, the NRC maintains centralized repositories and secure platforms for code and data sharing, leveraging enterprise collaboration tools and cloud-based environments that comply with federal cybersecurity and data management standards. These platforms enable staff to discover, access, and reuse vetted AI models and datasets while maintaining appropriate controls for information sensitivity and regulatory requirements.

Regular coordination meetings, technical working groups, and information sharing forums further support the dissemination and reuse of AI assets. These activities are overseen by cross-functional teams composed of subject matter experts from relevant offices, who ensure resources are aligned with NRC mission needs, cybersecurity policies, and statutory obligations.

The NRC actively collaborates with federal partners through formal Memoranda of Understanding (MOUs) to facilitate information sharing and knowledge exchange. These strategic engagements strengthen interagency coordination, promote best practices, and accelerate the responsible adoption of AI across the federal government.

AI Talent The NRC recognizes the critical importance of developing and sustaining AI talent to support its regulatory mission. Several planned and ongoing initiatives aim to enhance agency capabilities in artificial intelligence and machine learning (AI/ML).

Current and Planned Initiatives o Workforce Development Programs: The NRC is expanding training opportunities in AI and data science for staff through targeted workshops, online courses, and partnerships with external organizations. These programs focus on both foundational concepts and advanced technical skills relevant to regulatory applications.

o Technical Communities of Practice: The NRC is fostering internal communities of practice where staff with AI expertise can share knowledge, mentor colleagues, and collaborate on agency AI/ML projects. These groups also help identify skill gaps and emerging needs.

o Recruitment and Talent Outreach: The NRC has recruited candidates with AI and data science backgrounds through federal hiring pathways, internships, and fellowships, with an emphasis on diversity and technical excellence.

o Collaboration with Federal Partners: The NRC participates in interagency working groups and collaborates with organizations such as DOE and National Institute of Standards and Technology (NIST) to leverage best practices and access government-wide AI talent initiatives.

AI Skillsets Needed at the NRC The agency has identified key AI-related competencies required to advance its mission:

o Machine Learning and Data Science: Proficiency in supervised and unsupervised learning, deep learning frameworks, and statistical analysis.

NRC AI Compliance Plan September 2025 - Page 3 of 7 o Software Engineering for AI: Experience with open-source libraries, version control, and secure coding practices.

o Model Validation and Evaluation: Skills in model performance assessment, bias detection, explainability, and regulatory compliance.

o Cybersecurity for AI: Understanding of secure AI system design, risk management, and supply chain integrity.

o Domain-Specific Knowledge: Ability to integrate AI/ML methods with nuclear safety, security, and risk analysis applications.

Areas of Greatest Impact for Technical Talent Technical staff with AI expertise can have significant impact in:

o Improving nuclear safety risk assessment models and automating regulatory review processes.

o Enhancing inspection, monitoring, and incident response through predictive analytics.

o Developing tools to analyze large-scale operational and licensing data.

o Strengthening cybersecurity posture for NRC systems utilizing AI/ML solutions.

o Automating administrative and support activities to improve overall agency efficiency.

Resources and Training Plans To further develop the workforce, the NRC is:

o Investing in AI-specific training modules and certification programs.

o Providing access to modern computing environments and collaboration platforms for hands-on learning.

o Expanding the AI Community of Practice.

o Supporting attendance at relevant conferences and professional workshops.

o Developing guidance documents and best practices for AI adoption in regulatory contexts.

These initiatives are overseen by the OCIO in coordination with the Office of Nuclear Regulatory Research (RES) and program offices, ensuring alignment with NRC strategic goals and statutory responsibilities.

2. Improving AI Governance AI Governance Board (AIGB)

Identify the offices that are represented on the NRCs AI Governance Board.

o Office of the Chief Information Officer o Office of Small Business and Civil Rights o Office of Nuclear Regulatory Research o Office of the Chief Human Capital Officer o Office of Administration o Office of the General Counsel o Office of the Executive Director of Operations

NRC AI Compliance Plan September 2025 - Page 4 of 7 o Office of Nuclear Reactor Regulation o Office of Nuclear Materials and Safety and Safeguards o Office of Nuclear Security and Incident Response o Regional Offices o Office of the Inspector General The NRC Chief AI Officer collaborates closely with internal NRC offices and actively engages with counterparts across other federal agencies through participation in key interagency councils, including the Chief AI Officers (CAIO) Council, Chief Information Security Officers (CISO) Council, Chief Data Officers (CDO) Council, and Privacy Council. This engagement facilitates cross-agency support, knowledge sharing, and advancement of best practices in artificial intelligence and related domains. In addition, the agency supports engagements with industry via AI Workshops which includes members of the Nuclear Energy Institute, the DOE National Laboratories, NRC Licensees, federal contractors, and the public.

Describe the expected outcomes for the AI governance body and your agencys plan to achieve them.

o The NRC AIGB was established to remove barriers to the use of AI and to manage its associated risks by convening senior agency officials to discuss the governance, risks, and benefits of leveraging AI solutions. The primary outcomes of the board include:

Senior Leadership Awareness - Board meetings will consist of informational sessions relevant to AI solutions in consideration for agency use. This will ensure that senior leadership have a general understanding of the concepts and technologies to be applied to specific agency functions.

Risk-Informed Decision-Making - Board meetings may result in decisions regarding governance of the use of new capabilities and/or decisions regarding capabilities that should be disallowed within the NRC environment. These decisions will leverage risk inputs from the various senior managers with input from functional subject matter experts (SMEs) and/or external experts as appropriate.

Promoting Workforce Development and Capacity Building - The Board will encourage initiatives that strengthen staff knowledge, skills, and confidence in applying AI responsibly. This may include recommending training programs, workshops, and communities of practice that promote AI literacy and technical expertise across NRC, ensuring the agency is prepared to adopt and oversee emerging technologies.

Prioritization of AI Use Development and Allocation of Resources - The Board will provide guidance on which AI initiatives should be advanced based on mission impact, risk, and feasibility. This will include recommending how to allocate resources, such as funding, technical infrastructure, and staffing, to maximize strategic value while ensuring alignment with agency priorities and federal mandates.

Agency Policies

NRC AI Compliance Plan September 2025 - Page 5 of 7 Policy Updates NRCs internal AI principles and guidelines are being revised to conform to M-25-21, especially regarding risk management, transparency, and privacy.

IT infrastructure, data management, cybersecurity, and privacy policies are updated to facilitate secure, responsible use of AI.

Generative AI Guidance NRC has developed guidance for use of generative AI, focusing on safeguarding sensitive information, preventing misuse, and establishing oversight mechanisms for human-in-the-loop review in regulatory contexts.

The NRC has:

o Updated its Privacy Threshold Assessment to identify potential uses of AI and to assess relevant privacy risks.

o Updated its hardware/software Intake process to identify potential applications of AI and route them to appropriate subject matter experts for review.

o Updated its Computer Use Rules of Behavior to reference the Generative AI Rules of Behavior.

o Updated its Generative AI Rules of Behavior.

How the NRC Collects AI Use Cases The NRC employs a systematic and transparent approach to collecting AI use cases to ensure that the adoption and deployment of artificial intelligence technologies align with its mission.

1. Governance Structure & Roles AI Governance Board: The NRCs AI Governance Board serves as the central body responsible for overseeing AI-related activities. The Board works in close partnership with a core team within the OCIO.

Stakeholder Engagement: The Board actively solicits input from internal NRC offices and programs, as well as from external stakeholders (such as licensees, vendors, and other federal agencies), to identify potential applications of AI that could support regulatory, technical, or administrative functions.

2. Collection Methods Formal Requests: The OCIO core team issues periodic calls for AI use case submissions to NRC staff and relevant external partners. These requests are distributed through established internal communication channels, such as email circulars, intranet postings, and stakeholder meetings.

Workshops & Consultations: The NRC hosts workshops, seminars, and focus groups to educate staff and stakeholders about AI capabilities and to facilitate brainstorming and collection of innovative use case ideas.

NRC AI Compliance Plan September 2025 - Page 6 of 7 Direct Submissions: NRC staff and stakeholders can submit AI use case proposals directly to the AI Governance Board or the OCIO team via electronic forms or a dedicated submission portal.

3. Documentation & Tracking Centralized Database: All submitted AI use cases are documented in a centralized tracking database. The database captures essential details for each use case, including:

o Objective and potential benefits o

Stakeholders involved o

Technical requirements o

Regulatory or security considerations o

Estimated resource needs o

Anticipated risks and mitigation strategies Version Control and Updates: The database is regularly maintained to ensure that submitted use cases reflect current priorities, available technologies, and lessons learned from prior initiatives.

4. Review, Assessment, and Prioritization Screening Process: The AI Governance Board, in collaboration with subject matter experts, reviews collected use cases to assess feasibility, alignment with NRC mission and strategic goals, potential impact, and resource requirements.

Prioritization Criteria: Use cases are prioritized based on factors such as:

o Contribution to public health and safety o

Regulatory efficiency or effectiveness o

Technical reliability and maturity o

Resource availability o

Urgency of need Resource Allocation: Prioritized use cases are incorporated into NRCs planning and budgeting processes to ensure appropriate resource allocation for pilot studies, full-scale implementations, or further research.

5. Transparency and Continuous Improvement Openness: The NRC communicates its process for collecting and prioritizing AI use cases to internal and external stakeholders through public-facing documents, stakeholder engagement sessions, and updates to relevant web pages.

Feedback Mechanisms: The NRC seeks feedback from contributors and end users to refine its collection and assessment process, ensuring that it remains transparent, objective, and responsive to emerging needs.

6. Regulatory Compliance All AI use case collection activities are conducted in accordance with applicable NRC regulations, information security policies, and federal guidelines on responsible AI adoption. Any

NRC AI Compliance Plan September 2025 - Page 7 of 7 legal uncertainties or interpretive issues are referred to the NRC Office of the General Counsel (OGC) for resolution.

Limitations & Next Steps The process is subject to ongoing refinement as AI technologies and NRCs regulatory environment evolve. The NRC encourages continuous input and collaboration to ensure the use case collection process remains robust, inclusive, and aligned with its Principles of Good Regulation.

3. Fostering Public Trust in Federal Use of AI Determinations of Presumed High-Impact AI NRC reviews each AI use case against Section 5 of M-25-21 Appendix to determine if it meets the definition of high-impact AI (i.e., those affecting safety, security, civil rights, or core mission functions).

Supplementary criteria include regulatory impact and risk to nuclear safety.

Waiver Criteria: NRC has not developed distinct waiver criteria beyond those in M-25-21, but requires Board review and executive approval for any request to waive minimum risk management practices.

Waiver requests are documented, tracked, and subject to periodic review. Denials, revocations, and certifications are logged in the AI inventory system.

Implementation of Risk Management Practices and Termination of Non-Compliant AI Documentation and Validation:

Each high-impact AI use case must have a formal risk management plan, documented implementation steps, and periodic validation by the AI Governance Board.

Responsibility for oversight and implementation is assigned to the relevant office director and tracked by the Board.

Controls to Prevent Non-Compliant AI Deployment:

The NRCs Configuration Control Board provides checks and balances to ensure that all IT capabilities deployed within the NRC environment meet the agencys stringent requirements for the secure and responsible use of all technologies to include AI.

Public Posting and Updates This Compliance Plan will be posted at www.nrc.gov/ai updated within 180 days of any substantive change to OMB Memorandum M-25-21 or NRCs use of covered AI.