S. 2925 — MIND Act of 2025

This section states the sense of Congress that neural data and related data pose risks to privacy, personal autonomy, civil liberties, and national security due to monetization, corporate integration of neurotechnology and AI, and insufficient protections; that strong Federal standards are needed for collection, processing, and international transfer of such data; and that related biometric and behavioral data warrant analysis for similar privacy gaps.

This section defines the following terms for purposes of the Act: (1) artificial intelligence, as given in section 5002 of the National Artificial Intelligence Initiative Act of 2020 (15 U.S.C. 9401); (2) Commission, meaning the Federal Trade Commission; (3) Federal agency, as defined in section 551 of title 5, United States Code; (4) neural data, meaning information obtained by measuring the activity of an individual’s central or peripheral nervous system through the use of neurotechnology; (5) neurotechnology, meaning a device, system, or procedure that accesses, monitors, records, analyzes, predicts, stimulates, or alters the nervous system of an individual to understand, influence, restore, or anticipate the structure, activity, or function of the nervous system; and (6) other related data, meaning biometric, physiological, or behavioral information that does not directly measure neural activity or the central or peripheral nervous system but can be processed, analyzed, or combined with other data to infer, predict, or reveal cognitive, emotional, or psychological states or neurological conditions (e.g., heart rate variability, eye-tracking patterns, voice analysis, facial expression recognition, sleep patterns, or other signals from consumer devices, wearables, or biosensors).

This section directs the Federal Trade Commission (FTC) to conduct a study on (1) additional federal authorities needed to regulate neural data and related data that can reveal an individual's mental state or activity (i.e., data from neurotechnology), including privacy protections; (2) private sector best practices for privacy and data security; and (3) gaps in existing laws such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Public Law 104-191). In conducting the study, the FTC must consult the Director of the Office of Science and Technology Policy, the FDA Commissioner, other relevant agencies, and stakeholders including private sector representatives, academia, civil society, consumer and patient advocates, labor organizations, and health professionals. Not later than one year after enactment, the FTC must submit to Congress and publish online a report including (1) analysis of neural data collection, processing, storage, sale, transfer, and neurotechnology uses; (2) summary of ethical, legal, and regulatory landscape (e.g., consent, individual rights, predictive modeling); (3) assessment of interstate commerce benefits (e.g., public interest, innovation) and risks (e.g., to vulnerable populations); (4) recommendations for data categorization, oversight frameworks distinguishing beneficial (e.g., medical) vs. harmful uses, governance requirements (e.g., stricter consent, prohibitions), AI integration standards, safeguards against unfair practices, and impermissible applications (e.g., behavior manipulation); (5) examination of AI applications to such data; and (6) recommendations for consumer transparency, consent, and restrictions (e.g., limiting uses to disclosed purposes, prohibiting resale/profiling/advertising, separate consents for brain models, public disclosures, and consent-independent prohibitions). (Thus, the report must describe a regulatory framework maximizing neurotechnology innovation while minimizing risks such as discrimination, surveillance, manipulation, and neural data misuse in employment, healthcare, finance, education, commerce, and public life.)

This section directs the Director of the Office of Science and Technology Policy (OSTP), in consultation with the Commission under this Act and the Director of the Office of Management and Budget (OMB), to develop guidance within 180 days after the Commission submits its report under section 4(a)(2) regarding federal agencies' procurement and operational use of neurotechnology that collects, uses, procures, or processes neural data or related data. Such guidance must identify (1) prohibited, permissible, and conditionally permitted use cases; (2) technical, procedural, and ethical safeguards for each use case; and (3) requirements for transparency, purpose limitations, individual opt-in consent, and privacy protections. Within 60 days after OSTP issues the guidance, OMB must issue binding implementation guidance to federal agencies, and agency heads are prohibited from procuring or operating such neurotechnology inconsistent with it, effective one year after OMB's issuance.