By Chanté Eliaszadeh | June 22, 2026
Eighteen months into the current administration, the contours of federal AI regulation are far clearer than they were when California Governor Gavin Newsom vetoed SB 1047 in the fall of 2024. The federal government has not enacted a comprehensive AI statute---and shows little appetite to do so---but it has been anything but idle. A national AI strategy has issued, executive orders have reshaped federal procurement and permitting, and the administration has opened a direct front against state AI regulation. Meanwhile, California has moved past its vetoed flagship bill and enacted a frontier-AI transparency law that is now in effect.
For AI companies, the practical question has shifted. It is no longer “will federal regulation happen,” but rather how to operate across a federal landscape governed largely by executive action and agency posture, a growing body of state law, and an active federal effort to preempt that state law. The compliance obligations are real today, even without a comprehensive federal statute.
This article maps the federal AI regulatory landscape as it stands in June 2026: the live legislation moving through the 119th Congress, the executive and agency actions that are doing the actual regulating, the federal-versus-state preemption fight now underway, California’s enacted SB 53, and strategic guidance for AI companies operating in this environment.
The Executive-Order Landscape: From Rescission to a National AI Strategy
On January 20, 2025, President Trump rescinded President Biden’s Executive Order 14110 on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence---the most comprehensive federal AI governance framework to date---through Executive Order 14148, “Initial Rescissions of Harmful Executive Orders and Actions.”1 EO 14110 had directed over 50 federal entities to engage in more than 100 specific actions across eight policy areas, with significant progress made before its revocation.
What Was Lost:
President Biden’s executive order established critical AI governance infrastructure, including requirements for AI developers to share safety test results with the federal government before releasing systems that pose serious risks to national security, economic security, or public health. The order mandated watermarking of AI-generated content, established standards for AI safety and security, and required federal agencies to assess AI risks in their operations. The revocation created immediate uncertainty for companies that had begun implementing EO 14110-inspired policies, with many initiated actions now in regulatory limbo.
What Replaced It:
Three days later, on January 23, 2025, the administration issued Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence,” which reoriented federal AI policy around dominance and innovation rather than safety guardrails.2 EO 14179 directed the development of an AI action plan within 180 days and tasked senior officials---including the Assistant to the President for Science and Technology, the Special Advisor for AI and Crypto, and the Assistant to the President for National Security Affairs---with reviewing all policies adopted under the revoked EO 14110 and identifying actions inconsistent with the new administration’s competitiveness agenda.
That 180-day deliverable has since arrived. On July 23, 2025, the administration released “Winning the Race: America’s AI Action Plan,” a roughly 25-page strategy document setting out more than 90 federal policy actions across three pillars: accelerating AI innovation, building American AI infrastructure, and leading in international AI diplomacy and security.3 The plan emphasizes deregulation, federal procurement of American AI, expanded data-center and energy infrastructure, and export of the U.S. AI technology stack to allied nations.
The administration paired the Action Plan with three executive orders signed the same day:4
- “Preventing Woke AI in the Federal Government,” which conditions federal procurement on AI models the order characterizes as “truth-seeking” and ideologically neutral
- “Accelerating Federal Permitting of Data Center Infrastructure,” which streamlines federal review for the data centers underpinning large-scale AI
- “Promoting the Export of the American AI Technology Stack,” which directs a federal program to support export of U.S. AI hardware, models, and software to partner countries
Critical Takeaway for AI Companies:
Executive orders are inherently unstable regulatory foundations, subject to reversal with each administration change---as the back-to-back rescission and replacement of January 2025 illustrates. But the current posture is not merely the absence of the Biden framework; it is an affirmative national strategy that pulls federal levers (procurement, permitting, export policy, and, as discussed below, preemption) toward acceleration. Companies that planned around a coming comprehensive federal statute have had to adjust to a reality where the action is in executive orders, agency posture, and the federal-state contest.
Pending Federal Legislation: The Bills Still in Play
Congress has not enacted comprehensive AI legislation, and the bills below remain pending in the 119th Congress. They are worth tracking both because they signal where durable, statute-based requirements may eventually land and because their sponsors continue to reintroduce them across Congresses.
1. Algorithmic Accountability Act of 2025 (S. 2164)
Status: Introduced June 25, 2025, by Senator Ron Wyden; referred to the Senate Committee on Commerce, Science, and Transportation, where it remains as of mid-2026 with no scheduled markup.5
What It Does:
The Algorithmic Accountability Act represents the most comprehensive federal approach to AI transparency and accountability now pending. The bill directs the Federal Trade Commission to establish mandatory impact-assessment requirements for “automated decision systems” and “augmented critical decision processes”---essentially any system using AI to inform decisions affecting individuals.
Key Provisions:
Broad Definitional Scope: The Act defines “automated decision system” expansively as any system, software, or process derived from machine learning, statistics, or other data processing or AI techniques that uses computation to inform decisions or judgments. This reaches far beyond narrow AI applications to encompass virtually all algorithmic decision-making tools.
Impact Assessment Requirements: Companies deploying covered systems must conduct comprehensive impact assessments evaluating:
- Disparate impact on protected classes (race, gender, age, disability, etc.)
- Data quality, accuracy, and representativeness
- Training methodologies and validation procedures
- Privacy implications and data security measures
- Procedures for human review and override capabilities
- Transparency mechanisms for affected individuals
FTC Enforcement Authority: The Commission would receive enforcement jurisdiction equivalent to Federal Trade Commission Act authority, with power to investigate violations, issue subpoenas, seek injunctive relief, and impose civil penalties. The bill authorizes additional enforcement personnel dedicated to algorithmic accountability.
Agency Coordination: The FTC would negotiate information-sharing agreements with other federal agencies (EEOC, CFPB, HHS, DOJ) to coordinate enforcement across jurisdictional boundaries---addressing the current fragmented landscape, where AI discrimination falls under multiple agencies’ purview depending on context.
Timeline Implications:
The bill remains in committee with no scheduled markup. Its reintroduction in the 119th Congress---following earlier versions in prior Congresses---demonstrates sustained legislative interest, but passage in the current Congress, against an administration oriented toward deregulation, faces real headwinds.
2. AI Foundation Model Transparency Act of 2026 (H.R. 8094)
Status: Introduced March 26, 2026, by Representatives Don Beyer (D-VA), Mike Lawler (R-NY), and Sara Jacobs (D-CA); pending in committee.6 An earlier version (H.R. 6881, Beyer/Eshoo) was introduced in the 118th Congress in December 2023 but lapsed when that Congress ended.
What It Does:
This legislation targets foundation-model developers specifically, requiring transparency disclosures about training data, training methods, and user-data practices. Unlike the Algorithmic Accountability Act’s focus on deployment and impact assessment, this bill addresses AI development and pre-deployment transparency. It directs the FTC, in consultation with NIST, the Department of Commerce, and the Office of Science and Technology Policy, to set transparency standards for high-impact foundation models.
Key Requirements:
Training Data Transparency: Foundation-model developers would publicly disclose:
- A summary of the sources of training data, including identification of copyrighted materials used
- Data labeling methodologies and validation processes
- Information about data curation, filtering, and preprocessing
- Known biases, limitations, and data-quality issues
This provision directly addresses the “black box” problem, where developers provide minimal information about what data trained their systems---creating risks for copyright exposure, bias amplification, and unpredictable model behavior.
Model Documentation Standards: Required disclosures would include:
- Intended purposes and use cases (both recommended and prohibited)
- Foreseen limitations, failure modes, and risks
- Model version history and change logs
- Performance benchmarks and evaluation results
- Description of alignment efforts with the NIST AI Risk Management Framework
Copyright and Attribution: The training-data disclosure requirements directly implicate ongoing copyright litigation against AI companies. Developers would need to identify copyrighted works used in training---potentially creating evidence for infringement claims while simultaneously providing transparency for rights holders.
Practical Implications:
Foundation-model developers would face significant compliance burdens, potentially requiring disclosure of training methodologies currently treated as trade secrets. Industry opposition on competitive grounds is to be expected, and the bill’s prospects in the current Congress are uncertain. But its reintroduction---now with a bipartisan sponsor trio spanning both parties---keeps foundation-model transparency on the federal agenda.
3. CREATE AI Act (H.R. 2385)
Status: H.R. 2385, the CREATE AI Act of 2025, was introduced March 26, 2025, by Representatives Jay Obernolte and Don Beyer and is awaiting House committee action; a companion CREATE AI Act was reintroduced in the Senate in mid-2026.7
What It Does:
Unlike the transparency and accountability bills, the CREATE AI Act (Creating Resources for Every American to Experiment with Artificial Intelligence) establishes federal infrastructure to democratize AI research and development by codifying the National Artificial Intelligence Research Resource (NAIRR).
Legislative History:
The concept has a multi-Congress lineage. The prior version---H.R. 5077 in the 118th Congress---was approved by the House Science, Space, and Technology Committee on September 11, 2024, drew 66 cosponsors, and authorized roughly $2.6 billion over six years for the NAIRR. That bill lapsed when the 118th Congress ended. The current bill, H.R. 2385 in the 119th Congress, carries the concept forward with bipartisan support but has not yet been marked up.
Core Framework:
National AI Research Resource (NAIRR): Creates a shared national research infrastructure providing researchers, students, and small companies access to:
- High-performance computing resources for AI training and experimentation
- Large-scale datasets for AI research (curated by federal agencies)
- Educational tools and training resources
- Technical support and expertise
Program Management Office: Establishes an NSF-administered office to oversee NAIRR operations, coordinate with federal agencies providing computing resources, and manage access allocation.
Advisory Committees: Requires diverse stakeholder representation from academia, industry, government, and public-interest groups to guide NAIRR priorities and ensure equitable access.
Why This Matters:
Cutting-edge AI research requires computing resources and datasets available primarily to large technology companies. This creates competitive moats where only well-capitalized firms can develop state-of-the-art models. NAIRR aims to level the playing field, enabling university researchers, startups, and independent scientists to conduct frontier AI research. Of the pending bills, the CREATE AI Act has historically attracted the broadest bipartisan support, because it funds research access rather than imposing regulatory obligations.
Congressional AI Task Force: The Blueprint That Still Frames the Debate
In December 2024, the bipartisan House Task Force on Artificial Intelligence delivered a 273-page report to Speaker Mike Johnson and Democratic Leader Hakeem Jeffries, representing nearly 10 months of work by 24 members (12 Republicans, 12 Democrats) led by co-chairs Jay Obernolte (R-CA) and Ted Lieu (D-CA).8 More than a year later, its sectoral, incremental philosophy continues to frame how Congress approaches AI.
Report Scope:
The task force conducted over a dozen hearings and roundtable discussions with government officials, industry leaders, academic researchers, and civil-society organizations. The resulting report provides 66 key findings and 85 recommendations across more than a dozen issue areas---the most comprehensive Congressional analysis of AI policy to date.
High-Level Principles:
The task force declined to recommend a comprehensive AI regulatory framework adopted all at once, favoring instead a sectoral, use-case-specific approach that preserves flexibility as the technology evolves. Key principles include:
- Avoid Stifling Innovation: No premature comprehensive regulation; focus on addressing specific harms in specific contexts
- Leverage Existing Authorities: Use current agency powers (FTC, EEOC, CFPB, FDA, etc.) rather than creating new regulatory bureaucracy
- Public-Private Partnerships: Government should enable and facilitate AI development, not solely restrict it
- Protect the Innovation Ecosystem: Recognize the U.S. competitive advantage in AI and avoid regulations that disadvantage American companies
- International Coordination: Engage with allies to harmonize approaches while maintaining U.S. leadership
Why It Still Matters:
The task force’s incremental, sectoral philosophy has proven durable. The administration’s 2025 Action Plan and deregulatory posture, and Congress’s continued reliance on targeted bills rather than a comprehensive statute, both track the task force’s framing far more closely than they track the comprehensive-framework model that California’s vetoed SB 1047 represented. The report remains the most useful single roadmap for anticipating where federal AI policy is headed.
Agency Rulemaking and Enforcement: Where the Posture Has Shifted
While Congress debates legislation, federal agencies regulate AI through existing statutory authorities, enforcement actions, and guidance. For AI companies, agency action creates immediate compliance obligations. But the enforcement posture has shifted materially since early 2025, and reading agency activity as of mid-2026 requires distinguishing what the prior administration’s appointees did from what the current ones are doing.
Federal Trade Commission: Operation AI Comply and a Changed Posture
In September 2024, under then-Chair Lina Khan, the FTC launched “Operation AI Comply”---a law-enforcement sweep targeting companies using AI to “trick, mislead, or defraud people.”9 Chair Khan put it bluntly at the time: “Using AI tools to trick, mislead, or defraud people is illegal. There is no AI exemption from the laws on the books.”
Key Enforcement Actions (2024—2025):
Rytr: The FTC filed a complaint against Rytr, an AI-powered content-generation service, alleging that the company facilitated creation of fake reviews and testimonials in violation of FTC Act Section 5. In December 2024, the FTC approved a final order prohibiting Rytr from advertising or selling services that generate reviews and testimonials.
DoNotPay: In January 2025, the FTC settled an enforcement action against DoNotPay, Inc., which had marketed itself as “the world’s first robot lawyer” without employing attorneys or providing legitimate legal services. The settlement required a monetary payment and barred unsupported claims about its AI capabilities.
Evolv Technologies: In a separate action in November 2024, the FTC alleged that Evolv’s statements about its AI-powered weapons-detection systems’ ability to distinguish personal items from weapons were deceptive---an example of FTC scrutiny of AI marketing claims in security and safety contexts.
The Posture Shift:
Lina Khan left the Commission, and Andrew Ferguson became FTC Chair in January 2025. Under Chair Ferguson, the FTC has signaled a lighter-touch posture toward AI, and the Commission removed a substantial number of Khan-era AI and consumer-protection blog posts in 2025. The Section 5 prohibitions on deceptive and unfair practices remain on the books and continue to apply to AI marketing and data claims, but the vigor with which the Commission will pursue an “Operation AI Comply”-style program going forward is uncertain. As discussed below, the December 2025 federal-preemption order also directs the FTC to issue a policy statement on how the FTC Act applies to AI---which may further shape the Commission’s posture.
Enforcement Theories (Still Available):
The legal theories the FTC used remain available to it:
- Deceptive Practices (FTC Act § 5): False or misleading claims about AI capabilities, accuracy, or functionality
- Unfair Practices (FTC Act § 5): AI systems causing substantial consumer harm that consumers cannot reasonably avoid and that is not outweighed by benefits
- Algorithmic Discrimination: AI systems producing discriminatory outcomes that violate fair-lending, fair-housing, or equal-employment laws (enforced in coordination with other agencies)
Practical Compliance Notes:
Regardless of enforcement intensity, companies remain exposed if they misrepresent AI capabilities, repurpose consumer data for AI training without clear consent, or quietly change terms of service to permit training on customer data after making contrary commitments. A lighter-touch federal posture does not repeal Section 5, and it does not displace state consumer-protection law or private litigation.
Equal Employment Opportunity Commission: AI in Hiring
The EEOC issued technical assistance in May 2023 addressing the use of AI in employment selection under Title VII, with a focus on disparate-impact concerns, and in May 2022 it issued technical assistance addressing the Americans with Disabilities Act and AI in employment decisions.10
However, in January 2025, both technical-assistance documents were removed from the EEOC’s website following Executive Order 14179. Despite the removals, the underlying anti-discrimination statutes still apply to AI use in employment---Title VII, the ADA, and the ADEA remain in force.
Key Legal Principles (Still Applicable):
Employer Liability for Vendor AI Tools: Even when using third-party AI hiring tools, employers remain liable for any discriminatory impact. Legal compliance cannot be outsourced to vendors.
Four-Fifths Rule: The EEOC’s technical assistance referenced the four-fifths rule to identify substantial differences in selection rates between groups. A selection rate is considered substantially different if the ratio is less than 80% (for example, if a hiring algorithm selects candidates from one group at a 50% rate, it should select candidates from another group at least at a 40% rate).
Reasonable Accommodation: AI systems making employment decisions must provide reasonable accommodations for individuals with disabilities, potentially including alternative assessment methods when AI tools are inaccessible.
A Forward-Looking Caveat:
The disparate-impact theory itself faces headwinds: an April 2025 executive order directed agencies to deprioritize disparate-impact enforcement, which may further dampen federal action premised on disparate-impact liability. The statutes remain in force, but employers should expect the federal enforcement environment for AI-driven disparate impact to be quieter than the technical assistance once suggested.
What Employers Should Do:
Even without active EEOC AI guidance, best practices include:
- Conduct disparate-impact analyses before deploying AI hiring tools
- Maintain audit trails of algorithmic decisions for potential enforcement defense
- Implement human review for material employment decisions (hiring, promotion, termination)
- Document validation studies demonstrating job-relatedness and business necessity
- Create complaint mechanisms allowing individuals to challenge algorithmic decisions
NIST AI Risk Management Framework: Voluntary, but Widely Referenced
NIST released the AI Risk Management Framework (AI RMF 1.0) on January 26, 2023, followed by the Generative AI Profile (NIST AI 600-1) on July 26, 2024.11 While voluntary, the framework has become a de facto reference standard for AI governance, incorporated by reference into federal procurement practices, state legislation, and private-sector AI governance programs.
Framework Structure:
The AI RMF provides four core functions to help organizations address AI risks:
- GOVERN: Establish AI governance structures, policies, and accountability mechanisms
- MAP: Identify and document AI system context, stakeholders, and potential impacts
- MEASURE: Assess AI risks quantitatively and qualitatively throughout the lifecycle
- MANAGE: Implement controls to mitigate identified risks and monitor effectiveness
Why It Matters:
Pending federal bills (including the AI Foundation Model Transparency Act of 2026) reference alignment with the NIST AI RMF, and federal procurement practice references the framework. In practical terms, demonstrating NIST AI RMF alignment provides evidentiary support in litigation or enforcement that an organization exercised reasonable care in AI development and deployment.
Generative AI Profile:
The July 2024 Generative AI Profile addresses risks specific to large language models and generative systems, including:
- Confabulation and hallucination risks
- Data poisoning and adversarial attacks
- Harmful content generation
- Intellectual-property and privacy risks from training data
- Dangerous or violent content generation
Department of Health and Human Services: Healthcare AI
HHS has been particularly active in AI regulation for healthcare applications, issuing guidance documents and final rules in 2024 and 2025.12
Section 1557 Final Rule: The ACA Section 1557 final rule (published May 2024) clarified that use of biased clinical algorithms---including AI tools---could violate civil-rights protections in federally funded health programs, with the decision-support-tool provisions applicable in 2025. The rule’s AI-discrimination provisions face an uncertain enforcement environment under the current administration; no primary source confirms a formal rollback as of June 2026, but enforcement priorities have shifted.
CMS Prior Authorization (February 2024): CMS confirmed that Medicare Advantage organizations may use AI in prior-authorization processes, provided they comply with MA rules and do not rely solely on AI for medical-necessity determinations---human physician review remains required.
FDA Predetermined Change Control Plans (December 2024): The FDA finalized guidance allowing manufacturers of AI-enabled medical devices to implement pre-approved changes without submitting new marketing applications, supporting adaptive AI tools that improve through continuous learning while maintaining safety oversight.
Federal Procurement and OMB Guidance
The April 3, 2025 OMB memoranda M-25-21 (“Accelerating Federal Use of AI through Innovation, Governance, and Public Trust”) and M-25-22 (“Driving Efficient Acquisition of Artificial Intelligence in Government”) replaced Biden-era memoranda with frameworks emphasizing AI adoption and innovation.13
Chief AI Officers: Agencies must designate Chief AI Officers within 60 days to lead AI governance, risk management, and strategic adoption.
AI Procurement Tooling: GSA is building a standardized federal AI procurement framework allowing agencies to select among multiple AI models in a manner compliant with privacy, data-governance, and transparency requirements.
National Security Systems: The Department of Defense retains separate guidance for AI use in national security systems, given unique operational requirements and threat environments.
California’s Approach: From the SB 1047 Veto to the Enacted SB 53
California’s trajectory is the most consequential state-law development for AI companies, and it has moved well beyond the vetoed SB 1047 that dominated headlines in 2024.
SB 1047 and Its Veto:
SB 1047 would have applied to AI models trained at a cost exceeding $100 million and using computing power greater than 10^26 operations, and would have required:14
- Public transparency documentation about capabilities, limitations, training data, and safety testing
- Reporting of safety incidents, including those involving mass casualties or at least $500 million in damage
- Pre-deployment safety testing to identify catastrophic risks
- The capability to promptly shut down models in emergencies
- Whistleblower protections for employees reporting safety concerns
Governor Newsom vetoed SB 1047 on September 29, 2024. In his veto message, he raised concerns that echoed the Congressional AI Task Force’s skepticism toward comprehensive frameworks: that the bill’s focus on high-cost, large-scale models provided a “false sense of security” while smaller specialized models could pose significant risks; that it did not account for whether an AI system was deployed in a high-risk context; that its training-cost threshold could quickly become obsolete; and that a California-only approach, while potentially warranted absent federal action, “must be based on empirical evidence and science.”
What California Did Next:
Alongside the veto, Governor Newsom signed 17 other AI-related bills addressing specific use cases---AI-generated content disclosure, restrictions on AI in political advertising, deepfake protections, and sector-specific rules. But the more significant development came a year later.
On September 29, 2025---one year to the day after the SB 1047 veto---Governor Newsom signed SB 53, the Transparency in Frontier Artificial Intelligence Act (TFAIA), authored by Senator Scott Wiener.15 With SB 53, California became the first state to enact a comprehensive frontier-AI transparency framework.
What SB 53 Requires:
SB 53 applies to developers of frontier models trained using more than 10^26 floating-point operations (FLOPs), with the most demanding obligations falling on large developers (a revenue-tier threshold in the range of $500 million). Covered developers must:
- Publish a safety framework describing how they assess and mitigate catastrophic risk
- Report critical safety incidents
- Maintain internal governance over frontier-model development
- Provide whistleblower protections for employees who report safety concerns
The California Attorney General may enforce the Act with civil penalties of up to $1 million per violation. Most requirements took effect on January 1, 2026. SB 53 is, in substance, the successor to SB 1047---a narrower, transparency-focused frame that survived the legislative process where the more prescriptive SB 1047 did not.
The Federal Preemption Push: A New Front
The most important shift in the federal-state dynamic is that the federal government is no longer merely declining to regulate comprehensively---it is now actively working to constrain state AI laws like SB 53.
On December 11, 2025, the administration issued Executive Order 14365, “Ensuring a National Policy Framework for Artificial Intelligence.”16 The order directs several lines of effort aimed at state AI regulation:
- An AI Litigation Task Force: The order directs the Attorney General to establish, within 30 days, a task force to challenge state AI laws---on theories that they unconstitutionally regulate interstate commerce, are federally preempted, or are otherwise unlawful.
- FCC and FTC proceedings: It directs the FCC to consider a federal AI reporting/disclosure standard and the FTC to issue a policy statement on how the FTC Act applies to AI---each potentially displacing certain state requirements.
- Commerce review and BEAD conditions: It directs the Department of Commerce, within 90 days, to identify “onerous” state AI laws and to evaluate conditioning federal broadband (BEAD) funding on a state’s AI-law posture.
The SB 53 Throughline:
The December 2025 order sets up a direct tension with laws like California’s SB 53. A frontier developer operating in California now faces an enacted state transparency regime that is in effect, while the federal government simultaneously presses to invalidate or preempt that very category of state law. For AI companies, this is not an abstract federalism debate---it is concrete regulatory uncertainty about which obligations will survive. The prudent posture is to comply with the state requirements that are in force today (SB 53’s safety-framework, incident-reporting, and whistleblower obligations) while tracking the preemption litigation and federal proceedings closely. The outcome of the AI Litigation Task Force’s challenges, the FCC and FTC proceedings, and any BEAD-conditioning effort will shape the next phase of the landscape.
Where Things Stand and Where They May Go
Reduced to its essentials, the federal AI regulatory picture in mid-2026 looks like this:
- No comprehensive federal AI statute has been enacted, and none appears imminent.
- Legislation is pending but not advancing quickly: the Algorithmic Accountability Act (S. 2164) sits in Senate Commerce; the AI Foundation Model Transparency Act of 2026 (H.R. 8094) is in committee; and the CREATE AI Act (H.R. 2385, plus a 2026 Senate companion) awaits action.
- Regulation is proceeding mainly through executive action and agency posture: the July 2025 Action Plan and its executive orders, the OMB procurement memoranda, and a lighter-touch enforcement stance at the FTC and EEOC.
- The federal-state contest is now the live front: the December 2025 preemption order versus enacted state laws like California’s SB 53.
- State and international law continue to bind: California’s SB 53 is in effect; the EU AI Act’s phased obligations continue to roll out, reaching U.S. companies that serve EU markets.
Looking forward---and labeling these as projections rather than settled outcomes---the most likely near-term path is continued reliance on executive and agency action at the federal level, slow or stalled movement on the pending bills, escalating preemption litigation testing whether state laws like SB 53 survive, and steady pressure on multistate and multinational operators to harmonize compliance across an increasingly fragmented map.
Strategic Guidance: Operating in the Current Environment
AI companies cannot wait for a comprehensive federal statute that may never come. The binding obligations today come from agency authority, enacted state law, and contract and consumer-protection exposure. Here is how to operate strategically.
1. Implement the NIST AI Risk Management Framework
Why: The NIST AI RMF is the de facto reference standard, cited in pending legislation, federal procurement, and agency materials. Adopting it positions you for compliance regardless of which specific bills pass.
How:
- Conduct an initial AI inventory identifying all systems using algorithmic decision-making
- Perform risk assessments for each system using the GOVERN-MAP-MEASURE-MANAGE structure
- Document governance structures, accountability mechanisms, and oversight processes
- Establish metrics for measuring AI system performance, accuracy, and fairness
- Create an AI risk register tracking identified risks and mitigation measures
2. Comply With Enacted State Frontier-AI Law
Why: California’s SB 53 is in effect, with most requirements applicable as of January 1, 2026, and Attorney General enforcement carrying penalties up to $1 million per violation. The pendency of federal preemption efforts does not suspend a state law that is in force.
How:
- Determine whether your models cross the frontier threshold (training above 10^26 FLOPs) and whether your organization meets the large-developer revenue tier
- Publish a safety framework describing your catastrophic-risk assessment and mitigation
- Stand up critical-incident reporting and internal governance processes
- Implement whistleblower protections for employees reporting safety concerns
- Track the December 2025 preemption order and ensuing litigation, but do not treat it as a reason to defer compliance with a law currently in effect
3. Build Algorithmic Impact Assessment Capabilities
Why: The Algorithmic Accountability Act and similar measures---and existing anti-discrimination law---turn on whether AI systems produce discriminatory outcomes or unfair harm. Impact-assessment capability is useful whether or not a specific bill passes.
How:
- Develop statistical methodologies for disparate-impact testing across protected classes
- Establish baseline performance metrics before AI deployment
- Create control groups or A/B testing comparing algorithmic decisions to human decisions
- Document data quality, representativeness, and known limitations
- Implement ongoing monitoring to detect performance degradation or emerging bias
4. Enhance Transparency and Documentation
Why: Foundation-model transparency obligations (federal and state) and consumer-protection exposure both reward disciplined documentation. Building it now avoids scrambling later.
How:
- Create model cards documenting intended use cases, training-data sources, known limitations, and performance benchmarks
- Publish transparency materials explaining how AI systems make decisions, to the extent technically feasible
- Develop plain-language explanations of AI functionality for non-technical audiences
- Maintain detailed internal documentation of model development, validation, and updates
- Establish version control and change management for AI systems
5. Establish Human Review and Override Mechanisms
Why: Sectoral guidance (HHS, EEOC-era technical assistance, FTC) has consistently emphasized “human in the loop” for consequential decisions, and purely autonomous decision-making invites heightened scrutiny in litigation and enforcement.
How:
- Design AI systems to present recommendations to human decision-makers rather than acting autonomously
- Create escalation procedures for edge cases, ambiguous situations, or high-stakes decisions
- Train personnel on AI system limitations, failure modes, and appropriate override situations
- Document instances where humans override algorithmic recommendations and the reasons
- Implement quality-assurance sampling to audit both algorithmic and human decision quality
6. Conduct Privacy and Data-Governance Reviews
Why: Whatever the federal enforcement temperature, misrepresenting data practices or repurposing consumer data for AI training without consent remains exposed under Section 5, state consumer-protection law, and private litigation.
How:
- Audit all data used for AI training, validation, and operation---confirm you have appropriate rights and permissions
- Review privacy policies and terms of service for consistency with actual AI data practices
- Implement data-minimization principles
- Establish data-security controls protecting training data, model weights, and inference data
- Create clear consent mechanisms if using customer data for AI training or improvement
7. Monitor the Preemption Fight and Engage Counsel
Why: The federal-state contest is the most dynamic part of the landscape, and its outcome will determine which obligations bind multistate operators. AI law is highly specialized, intersecting technology, intellectual property, privacy, employment, consumer protection, and sector-specific regulation.
When to Engage Counsel:
- Before deploying AI systems making consequential decisions about individuals (credit, employment, healthcare, insurance, housing)
- When assessing whether your models trigger SB 53 or analogous state obligations
- When using training data from third-party sources or copyrighted materials
- If receiving FTC, EEOC, state AG, or other agency inquiries about AI practices
- When structuring AI product terms of service, privacy policies, and vendor agreements
The Bottom Line
The “wait for the comprehensive federal statute” posture is no longer viable, because that statute has not arrived and may not. What has arrived is a national AI strategy executed through executive orders, a shifted and lighter-touch federal enforcement posture, an enacted California frontier-AI transparency law, and a federal effort to preempt state law that is now in litigation.
Companies that build durable compliance infrastructure---NIST-aligned governance, impact-assessment capability, transparency documentation, human oversight, and disciplined data governance---will be positioned to satisfy whichever obligations survive the federal-state contest, in whatever form. The specific requirements remain in flux. The need to operate responsibly across federal posture, enacted state law, and international regimes does not.
Need AI Regulatory Compliance Guidance?
Astraea Counsel advises AI companies on federal and state regulatory compliance, algorithmic-transparency requirements, and emerging AI governance frameworks. Explore our AI & Emerging Tech legal services.
Related Resources
- California’s Frontier AI Transparency Law (SB 53) - How California’s enacted frontier-AI framework works, and how it compares to the federal landscape
- AI Model Training Data Rights - Copyright compliance for training datasets
- AI & Emerging Technology Services - Comprehensive AI legal counsel
- Regulatory Compliance Practice - Navigate evolving frameworks
- Contact Us - Discuss your AI compliance strategy
Footnotes
-
Executive Order 14110, Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Oct. 30, 2023), revoked by Executive Order 14148, Initial Rescissions of Harmful Executive Orders and Actions (Jan. 20, 2025), available at https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligence ↩
-
Executive Order 14179, Removing Barriers to American Leadership in Artificial Intelligence (Jan. 23, 2025), 90 Fed. Reg. 8741, available at https://www.federalregister.gov/documents/2025/01/31/2025-02172/removing-barriers-to-american-leadership-in-artificial-intelligence ↩
-
The White House, Winning the Race: America’s AI Action Plan (July 23, 2025), available at https://www.whitehouse.gov/wp-content/uploads/2025/07/Americas-AI-Action-Plan.pdf ↩
-
Executive Order, Preventing Woke AI in the Federal Government (July 23, 2025); Executive Order, Accelerating Federal Permitting of Data Center Infrastructure (July 23, 2025); Executive Order, Promoting the Export of the American AI Technology Stack (July 23, 2025), available at https://www.whitehouse.gov/presidential-actions/ ↩
-
S. 2164, Algorithmic Accountability Act of 2025, 119th Cong. (2025), available at https://www.congress.gov/bill/119th-congress/senate-bill/2164 ↩
-
H.R. 8094, AI Foundation Model Transparency Act of 2026, 119th Cong. (2026) (Reps. Beyer, Lawler & Jacobs, introduced Mar. 26, 2026), available at https://www.congress.gov/bill/119th-congress/house-bill/8094; see also H.R. 6881, AI Foundation Model Transparency Act of 2023, 118th Cong. (2023) (prior version; lapsed) ↩
-
H.R. 2385, CREATE AI Act of 2025, 119th Cong. (2025) (introduced Mar. 26, 2025), available at https://www.congress.gov/bill/119th-congress/house-bill/2385; see also H.R. 5077, CREATE AI Act, 118th Cong. (2024) (House Science Committee approval Sept. 11, 2024; ~$2.6 billion NAIRR authorization; 66 cosponsors; lapsed with the 118th Congress) ↩
-
Bipartisan House Task Force on Artificial Intelligence, Report of the Task Force on Artificial Intelligence (Dec. 2024), available at https://www.speaker.gov/wp-content/uploads/2024/12/AI-Task-Force-Report-FINAL.pdf ↩
-
Federal Trade Commission, FTC Announces Crackdown on Deceptive AI Claims and Schemes (Sept. 25, 2024) (statement of then-Chair Lina Khan), available at https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-announces-crackdown-deceptive-ai-claims-schemes ↩
-
Equal Employment Opportunity Commission, Select Issues: Assessing Adverse Impact in Software, Algorithms, and Artificial Intelligence Used in Employment Selection Procedures Under Title VII of the Civil Rights Act of 1964 (May 18, 2023); EEOC, The Americans with Disabilities Act and the Use of Software, Algorithms, and Artificial Intelligence to Assess Job Applicants and Employees (May 12, 2022) [Both technical-assistance documents were removed from the EEOC website in January 2025 following Executive Order 14179.] ↩
-
National Institute of Standards and Technology, AI Risk Management Framework (AI RMF 1.0) (Jan. 26, 2023), available at https://www.nist.gov/itl/ai-risk-management-framework; NIST, Artificial Intelligence Risk Management Framework: Generative Artificial Intelligence Profile, NIST AI 600-1 (July 26, 2024), available at https://nvlpubs.nist.gov/nistpubs/ai/nist.ai.600-1.pdf ↩
-
Department of Health and Human Services, Office for Civil Rights, Nondiscrimination in Health Programs and Activities, 89 Fed. Reg. 37522 (May 6, 2024) (Section 1557 final rule; effective July 5, 2024; decision-support-tool provisions applicable in 2025); Centers for Medicare & Medicaid Services, Frequently Asked Questions Related to Coverage Criteria and Utilization Management Requirements in Medicare Advantage (Feb. 2024) (AI may not be the sole basis for medical-necessity determinations); Food and Drug Administration, Marketing Submission Recommendations for a Predetermined Change Control Plan for Artificial Intelligence-Enabled Device Software Functions (Dec. 2024) ↩
-
Office of Management and Budget, Memorandum M-25-21, Accelerating Federal Use of AI through Innovation, Governance, and Public Trust (Apr. 3, 2025); OMB, Memorandum M-25-22, Driving Efficient Acquisition of Artificial Intelligence in Government (Apr. 3, 2025) ↩
-
Governor Gavin Newsom, Veto Message on SB 1047 (Sept. 29, 2024), available at https://www.gov.ca.gov/wp-content/uploads/2024/09/SB-1047-Veto-Message.pdf; Cal. S.B. 1047, Safe and Secure Innovation for Frontier Artificial Intelligence Models Act (2024) ↩
-
Cal. S.B. 53, Transparency in Frontier Artificial Intelligence Act (2025) (Sen. Wiener; signed Sept. 29, 2025; most requirements effective Jan. 1, 2026), available at https://www.gov.ca.gov/2025/09/29/governor-newsom-signs-sb-53-advancing-californias-world-leading-artificial-intelligence-industry/ ↩
-
Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence (Dec. 11, 2025), available at https://www.whitehouse.gov/presidential-actions/2025/12/eliminating-state-law-obstruction-of-national-artificial-intelligence-policy/ ↩