On June 2, 2026, President Trump signed an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security.” It is the most significant federal action on AI governance of the year, and it establishes the architecture through which the United States intends to engage the developers of the most capable AI systems. The order’s defining choice is announced in its own text: it does not create mandatory licensing, pre-clearance, or permitting for new AI models. The mechanism is collaboration, not command.

That choice places the United States on a deliberately different path from the European Union, whose AI Act enforcement powers for general-purpose AI models activate on August 2, 2026 with penalties reaching the greater of €15 million or 3% of global turnover. Where Brussels has built a binding regulatory regime with statutory penalties, Washington has built a voluntary framework with incentives. Understanding the order means understanding both what it asks developers to do and, just as importantly, what it pointedly declines to require.

What the Order Establishes

The order directs the federal government to construct a framework for the secure deployment of “frontier” AI models, organized around four interlocking elements.

Covered frontier models, defined by a classified benchmark. Rather than defining the scope of the order by a public compute threshold — the approach the EU AI Act takes with its 10²³-FLOP trigger for general-purpose models — the order directs the creation of a classified benchmarking process to assess a model’s advanced cyber capabilities. A model that crosses the resulting threshold is designated a “covered frontier model.” Final designations rest with the Director of the National Security Agency, in consultation with other national security officials. Anchoring scope in cyber capability, and keeping the benchmark classified, frames the entire effort as a national-security program rather than a consumer-protection or product-safety program.

Voluntary 30-day early access. Developers of covered frontier models may opt into an arrangement under which they provide the federal government roughly 30 days of access to a model before broader release — subject to confidentiality, cybersecurity, and intellectual-property protections. This is the order’s central bargain, and it is materially shorter than the 90-day window an earlier draft contemplated. That draft was reportedly pulled in May over concerns the longer review period would blunt U.S. labs’ competitiveness against China; the signed version cut the window to 30 days while keeping the structure intact.

Trusted partners. Participating developers can collaborate with the government to select “trusted partners” who receive early access to covered models, with the stated goal of strengthening the cybersecurity of critical infrastructure before a model reaches the open market.

An explicit disclaimer of mandate. The order states in terms that nothing in it authorizes the creation of mandatory governmental licensing, pre-clearance, or permitting for the development, publication, release, or distribution of AI models. This is not boilerplate. It is the order’s thesis, and it is what separates the U.S. approach from both the EU model and the licensing regimes that some U.S. proposals have floated.

The Agency Deadlines That Follow

An executive order is a set of instructions to the executive branch, and the operative substance of this one lives in the deadlines it imposes on federal agencies. Compliance and government-affairs teams should calendar the following:

Within 30 days:

  • The Cybersecurity and Infrastructure Security Agency (CISA) is directed to issue cybersecurity directives.
  • The Treasury Department is directed to establish an AI cybersecurity clearinghouse.
  • The Office of Management and Budget (OMB) must make a determination regarding federal AI grant funding.

Within 60 days:

  • The Secretaries of the Treasury, War, and Homeland Security must develop the classified benchmarking process and complete the design of the voluntary framework.

These near-term deadlines mean the order’s practical contours will be visible by early August — the same week the EU AI Act’s GPAI enforcement powers come online. The transatlantic AI governance picture, in other words, snaps into focus within roughly two months of the signing.

What the Order Does Not Do

Reading the order accurately requires noting its silences, because they shape compliance exposure as much as its directives.

It says nothing about state AI laws or preemption. This is a notable omission given the active state-level landscape — Colorado’s recently narrowed AI law, California’s various AI bills, and the broader wave of state legislation — and given that federal preemption of state AI regulation has been a live debate in Washington. Organizations should not read the order as preempting or displacing any state obligation. It does not.

It imposes no obligation on the vast majority of AI deployers. The order targets the developers of the most capable frontier models, designated through a classified national-security benchmark. The enterprise that fine-tunes a third-party model, builds a retrieval system on top of a commercial API, or deploys AI in hiring, lending, or healthcare is not the subject of this order. Those deployers’ obligations continue to flow from sector regulators, state law, the FTC’s unfairness and deception authority, and — for any operation touching the European market — the EU AI Act.

And because participation is voluntary, the order creates no penalty for non-participation. The incentive structure is the enforcement structure: early government feedback, access to defensive collaboration, and alignment with national-security priorities, set against the reputational and procurement consequences of standing outside the framework.

Compliance Implications

For most organizations, the immediate task is interpretive, not operational. A handful of frontier developers will weigh whether to opt into early access and how to structure the confidentiality and IP protections around it. Everyone else should treat the order as a signal about the direction of U.S. federal AI policy rather than as a new compliance requirement.

That said, several constituencies should act:

  • Frontier model developers should track the classified benchmarking design and the CISA directives, and prepare to make a participation decision once the 60-day framework lands. The early-access bargain carries real IP and trade-secret considerations that legal teams should scope now, not after the framework publishes.
  • Critical-infrastructure operators should watch the “trusted partner” mechanism and the CISA directives, which may expand access to AI-enabled defensive capabilities and may carry expectations of their own.
  • Federal contractors and grant recipients should monitor the OMB grant-funding determination, which could condition federal AI funding on framework alignment.
  • Multinational AI developers must hold two regimes in mind simultaneously. Voluntary alignment with the U.S. framework does nothing to satisfy the binding obligations of the EU AI Act, whose GPAI requirements and enforcement powers operate on a statutory timetable regardless of any U.S. arrangement. We examine that divergence in detail in a companion analysis.

The Strategic Picture

The June 2 order crystallizes a U.S. AI governance philosophy that has been emerging in fragments: keep formal regulation light, route the hardest questions through national-security institutions rather than product regulators, and lead with voluntary collaboration backed by the gravitational pull of government access and procurement. It is a bet that incentives and information-sharing can manage frontier risk without the licensing apparatus that critics warn would entrench incumbents and slow the race against strategic competitors.

Whether that bet is sound is a policy debate. What is not debatable is the operational consequence for compliance teams: the United States and the European Union are now governing the same technology through fundamentally different instruments, on overlapping timelines, and any organization operating across both will have to navigate both. The voluntary framework signed this week is one half of a governance picture that completes itself on August 2.

This article is provided for informational purposes only and does not constitute legal advice.