SB 3001 is a well-intentioned artificial intelligence (AI) safety bill that includes constructive elements like disclosure and crisis-response protocols, but ultimately goes far beyond that scope. It layers in sweeping data privacy mandates, vague standards, and heavy reporting and penalty structures that could create significant compliance burdens and legal uncertainty, particularly for smaller innovators.
NetChoice Testimony In Opposition to Hawaii SB 3001
March 18, 2026
Hawaii State Legislature
House Economic Development Committee
Dear Chair Ilaga, Vice Chair Hussey and Members of the Committee:
NetChoice respectfully submits this testimony in respectful opposition to SB 3001. This bill contains several provisions that move in the right direction. Requirements to disclose when a user is interacting with artificial intelligence, safeguards around sexually explicit content for minors, and crisis-response protocols for self-harm are all thoughtful policy concepts. However, S.B. 3001, goes beyond that well-scoped framework and attaches expansive data privacy mandates, onerous reporting requirements, an inflated penalty cap, creating compliance burdens, legal uncertainty, and innovation risk — without corresponding benefits to Hawaii’s consumers.
The Bill’s Data Provisions Far Exceed Its Stated Purpose
SB 3001’s title and stated purpose concern AI disclosure and safety. Yet Section 2 imports a sweeping set of data governance mandates — prohibiting use of personal data for targeted advertising, barring engagement-related profiling, and imposing heightened security obligations on broadly defined “sensitive data” — that have no meaningful connection to those safety goals. The advertising prohibition is particularly consequential. Targeted advertising is the economic foundation that allows countless free digital services to exist. Barring it categorically — without any evidence that such advertising causes the harms this bill addresses — will eliminate revenue for smaller operators, reduce the diversity of competing AI services available to Hawaii residents, and concentrate the market among large incumbents who can absorb the loss. The consumers this bill seeks to protect would bear the cost.
These provisions create a stand-alone privacy law embedded within a conversational AI safety bill, complete with newly defined data categories and affirmative use restrictions. Hawaii does not currently have a comprehensive consumer data privacy law. Grafting this framework onto a chatbot safety bill is not the right vehicle for that policy debate — it bypasses the deliberative process that comprehensive privacy legislation deserves and creates a patchwork of overlapping obligations for operators who may already be subject to federal requirements or other state privacy frameworks.
The Definitions Are Overbroad
The bill’s definition of “conversational AI service” is expansive enough that it could reach products that pose no plausible risk of the harms the Legislature is addressing: customer service bots, educational tutoring tools, medical triage assistants, legal self-help applications, and accessibility tools. Applying the same compliance regime to these products as to a general-purpose companionship chatbot is not proportionate regulation.
The bill’s carve-outs do not provide the relief they appear to. The exemption for services covering “a narrow and discrete topic” provides no workable standard for what qualifies. The exemption for services “primarily designed for commercial use” leaves dual-use platforms — those serving both consumers and businesses on the same underlying model — unable to determine with confidence whether they are covered. Faced with that uncertainty, operators will default to full compliance regardless, and that cost falls hardest on startups and small operators.
The “sensitive data” definition compounds the problem. Any data that “reveals or infers a mental or emotional state” qualifies — a category broad enough to sweep in routine conversational data. A user expressing frustration or excitement in a chat has potentially generated sensitive data under this framework. Because operators cannot reliably identify sensitive data at the moment of collection, the only defensible response is to treat all interaction data as potentially sensitive. The practical effect is maximum compliance costs with no meaningful distinction preserved.
Compliance Costs Will Harm Competition and Consumer Choice
Beginning in 2028, the bill requires AI operators to submit annual reports detailing crisis intervention referrals and internal safety protocols. The intent is understandable, but the effect is likely to undermine the safety objectives it seeks to advance. Requiring public disclosure of internal safety systems creates a roadmap for bad actors seeking to evade them. More importantly, when every iteration of a safety feature carries new reporting obligations and potential legal exposure, companies have strong incentives to move cautiously rather than experiment and improve. Effective safety policy should encourage rapid deployment and continuous improvement of safeguards — not create compliance structures that penalize iteration.
The bill’s penalty structure compounds these concerns. SB 3001 sets a per-operator damages cap of $1,000,000 combined with a $1,000 per-violation floor that scales rapidly against any operator with meaningful user volume. This exposure is particularly troubling in light of the vague obligations discussed above. Smaller operators and startups, who lack the legal and compliance infrastructure of large incumbents, will feel this pressure most acutely, leaving Hawaii consumers with fewer choices and less competition rather than more protection.
* * * * *
NetChoice urges the Committee to narrow this bill to those core safety objectives, byremoving the data advertising restrictions, the behavioral design prohibitions, and the reporting requirements that have no direct nexus to disclosure or crisis intervention. And the Committee should address data governance in comprehensive privacy legislation where it belongs and where it will receive the scrutiny it deserves.
As always, we offer ourselves as a resource to discuss any of these issues with you in further detail, and we appreciate the opportunity to provide the committee with our thoughts on this important matter.
Sincerely,
Amy Bos
Vice President of Government Affairs, NetChoice
Image via Unsplash.