Executive Order Creates Voluntary Regulatory Regime of Frontier AI Models

On June 2, 2026, President Trump signed a highly anticipated artificial intelligence and cybersecurity Executive Order, “Promoting Advanced Artificial Intelligence Innovation and Security” (the EO), directing several national security and civilian agencies to ramp up scrutiny of cutting-edge AI models and bolster federal cybersecurity defenses against AI-enabled threats.

The EO is similar to a draft the president had planned to sign on May 21, before he abruptly pulled back over concerns that the prior order would “get in the way of” U.S. competitiveness.

The freshly signed EO maintains many of the features of the original. Notably, it asks AI developers to submit certain cutting-edge models to a group of federal agencies for a voluntary review 30 days before they are made public. The White House intends for the government to use that time to identify and remediate security weaknesses that such models could exploit.

The EO represents the Administration’s latest step to scrutinize developers of advanced AI systems and address the risk of catastrophic harm. It also signals a striking departure from some of the White House’s earlier rhetoric around AI, which had described concerns about safety as “hand-wringing.” Notably, the EO does not impose licensing requirements or safety testing, nor does it grant the government the ability to stop companies from publicly launching their AI products.

Now, according to the EO, “[i]t is the policy of the United States to promote AI innovation and security by working collaboratively with the private sector to modernize government and private sector information systems and harden them against external threats,” protect against “exploitation and theft,” and “cultivate America’s advanced AI-enabled capabilities.”

Recent concerns about the game-changing effect of increasingly advanced AI models on the cybersecurity of industries, particularly critical infrastructure, appear to have compelled the Administration to issue this EO after previously criticizing less intrusive efforts to regulate AI. Such AI models are increasingly being considered the minimum standard for secure software deployments, and there is significant concern about threat actors using such models to find and exploit unknown vulnerabilities.

Details of EO

The EO has three core focuses:

1. Upgrading American Systems for Advanced AI

The EO gives an interagency committee, the Committee on National Security Systems, 30 days to prioritize the cybersecurity defense of national security systems and specifically directs the Secretary of War to “prioritize the cyber defense of Department of War information systems by taking appropriate and expeditious action ....” While the exact contours of those actions remain to be seen, such actions will likely have a trickle-down effect on U.S. government contractors.

The EO also directs the Cybersecurity and Infrastructure Security Agency (CISA) and other agencies to release a Binding Operational Directive — a compulsory CISA directive requiring agencies to take specific actions to safeguard digital networks from cybersecurity risks. This directive would “establish or expand Federal programs and cybersecurity services that enhance AI-enabled defensive tools” and facilitate access to cybersecurity tools and frontier AI models for federal, state, and local governments and critical infrastructure.

Also within a month, the Secretary of the Treasury in consultation with other agency heads, must establish an “AI cybersecurity clearinghouse” — a voluntary collaboration between the AI industry and critical infrastructure operators to scan, discover, and validate software vulnerabilities and coordinate the distribution of vulnerability patches.

The Director of the Office of Management and Budget will also determine if available funds exist to develop advanced AI vulnerability detection.

Finally, within two months from the EO’s signing (i.e., in early August 2026), the Director of the Office of Personnel Management must expand hiring for the U.S. Tech Force Information Cybersecurity Specialist, a hiring program designed to bring top-tier tech talent into federal agencies.

2. Secure Frontier Model Development

The EO directs the Secretary of the Treasury, the Secretary of War (through the Director of the National Security Agency (NSA)), and other agencies to develop and maintain a “classified benchmarking process” to assess the advanced cyber capabilities of AI models to determine when such a model will be designated a “covered frontier model.” The Director of the NSA will determine which models will be so designated.

The EO also directs the interagency group to design “a voluntary framework with AI developers” through which the developers can (1) engage with the government before releasing models covered by the EO; (2) provide the government access to those models 30 days before public release; and (3) share access to that model with select critical infrastructure ahead of its launch “to promote secure innovation and strengthen the cybersecurity of critical infrastructure.”

The EO explicitly disclaims that it is not creating a “governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.”

3. Protection Against Criminal Actors

The EO directs the Attorney General to prioritize the enforcement of federal criminal laws against “anyone who utilizes AI to illegally access or damage a computer without authorization, or who utilizes AI while engaged in such illegal access to further any other crime.”  Criminal and nation state cyber actors are increasingly using AI to conduct and enhance their cyber campaigns. Recently, Google announced that it had found the first instance of threat actors using AI to operationalize previously unknown code vulnerabilities. While the EO directs the U.S. Department of Justice (DOJ) to prioritize these AI-enabled crimes, both the FBI and DOJ have been focused on this threat for some time and the criminal statutes referenced in the EO — broad statutes for aggravated identity theft, computer hacking, and wire fraud — have already been used to investigate and charge such criminal conduct.

Implications

While technically voluntary, the EO constitutes the most far-reaching federal government venture into the AI market to date. It exceeds in its breadth and reach an Executive Order signed by President Biden in October 2023 that compelled developers of certain AI models trained on a very high amount of computing power to notify the federal government prior to training and share safety tests, known as “red-teaming,” with the U.S. Department of Commerce. The Biden EO, which President Trump rescinded at the start of his term, did not encourage model developers to share their models themselves with the U.S. government before selling them on the private market.

The EO amounts to a notable pivot for a White House that came into office pointedly criticizing what it characterized as the prior Administration’s “onerous” and “smother[ing]” AI regulation.

The EO comes as the rollout of highly advanced, cyber-focused models such as Anthropic’s Mythos, which reportedly can detect cyber vulnerabilities in systems quickly and at scale, has raised concern among governments and the private sector worldwide. Shortly after Anthropic unveiled Mythos to a limited audience of tech companies and security researchers in April, the White House began meeting with industry to discuss potential details of what became the EO.

The White House’s embrace of AI regulation arrives as state attorneys general, federal regulators including the Federal Trade Commission and Securities and Exchange Commission, congressional committees, foreign governmental bodies, and private plaintiffs are pursuing with increased speed and effort investigations of technology to address a suite of alleged harms.

Congress, the states, regulators, and international bodies are considering proposals of varying compulsion, leaving companies to navigate a complex compliance environment. Until protocols are institutionalized, AI developers will face ongoing, significant, and fluid compliance burdens, both domestically and internationally.