The United States still doesn’t have a federal AI law. There’s been noise about one for years — framework papers, executive orders, congressional hearings — but nothing that passed and signed. The current state of play is: no central AI statute, a December 2025 executive order attempting to block state-level AI laws deemed incompatible with a minimal federal standard, legislative challenges to that executive order already introduced, and about thirty million companies wondering which compliance obligation from which state actually applies to them.

It’s a mess. And into the mess steps the SEC.

AI washing is now a securities law problem

The SEC’s 2026 examination priorities — the list of what the agency tells registered entities to expect scrutiny on — have made AI governance a leading concern. Not a mention. Not a footnote. The dominant compliance topic, displacing cryptocurrency which held that position for several years running. The agency has specifically flagged what it calls AI washing: companies that claim to be deploying artificial intelligence to enhance their services in ways that are, generously, imprecise. Less generously, false.

This isn’t a soft concern. The SEC has made clear that false or misleading statements about AI capabilities in public filings, investor presentations, and marketing materials constitute potential securities violations. That’s securities fraud territory. For any company that has publicly promoted AI-driven tools in its product offerings — which is, essentially, all technology companies and a significant number of financial institutions — this creates liability exposure that CFO general counsels didn’t budget for.

The irony of the SEC caring about AI misrepresentation while Congress can’t pass an AI truth-in-advertising law isn’t lost on anyone observing this space.

State-level laws are proliferating despite federal preemption attempts

California, Colorado, Texas. All three have advanced AI-specific legislation in recent years. The December 2025 executive order directed federal agencies to invalidate state-level AI laws they deemed incompatible with a minimally burdensome national policy framework — a preemption signal. But the legislative challenge to that order has been introduced without resolution, and the underlying question of whether an executive order can actually preempt state legislation in this domain remains contested.

The practical consequence: companies operating across US jurisdictions face a patchwork that changes not just by state but by the current litigation status of federal preemption arguments. That’s not a compliance framework. That’s a legal exposure map that updates faster than your privacy policy.

The financial regulators are framing frontier AI as systemic risk

The FCA and Bank of England made news in May 2026 with their joint statement on frontier AI models and cyber resilience. But the SEC — the US equivalent — has been running parallel work more quietly. The shared instinct is what matters: advanced AI deployment is being recategorized from an operational question to a systemic risk question. That shift in framing has enforcement consequences. It creates accountability trails. It makes AI-related decisions board-level decisions rather than engineering decisions. And it means that when the next AI incident creates losses across a financial system, the regulators won’t be asking “did your AI work?” — they’ll be asking “who approved this and why?”

For asset managers — BlackRock, Vanguard, Fidelity, and their peers — who have publicly promoted AI-driven tools in their offerings, this framing means their AI claims are no longer just marketing. They’re potential securities disclosures subject to examination.

The executive order’s reach is genuinely unclear

Trump’s December 2025 order attempted to draw a federal floor under AI regulation, blocking state laws deemed incompatible with minimal government burden. That’s a significant reach for executive power in a domain Congress hasn’t legislated. The challenge is in courts. Until it’s resolved, every company with state-level compliance obligations is managing legal uncertainty at the state-federal interface. Some attorneys are advising clients to prepare for state compliance as if the executive order doesn’t exist, on the theory that courts will likely narrow or invalidate the preemption arguments. Others are advising the conservative path. The divergence means legal advice on this question is now a spectrum, not a answer.

The US federal AI regulatory landscape is unsettled in a way that EU and UK operators probably find surreal. But the SEC’s enforcement agenda isn’t waiting for Congress to act. If your company is making AI claims to investors or the public, you’re already in a compliance regime you probably haven’t mapped.