President Trump signed an executive order on June 2nd that did two related but distinct things: it established a framework for government access to frontier AI models, and it asked AI companies to voluntarily submit their models for cybersecurity review before public release.

Read those details carefully. Asked. Voluntarily.

What the Order Actually Does

Section 3 of the order calls for developing guidelines that would give the federal government the ability to review frontier AI models — particularly those with potential national security implications — before they’re released widely. The idea is that if an AI system could meaningfully assist in cyberattacks, bioweapon creation, or other security threats, the government would like some visibility into that before it hits the internet.

That’s the theory. The practice is softer. The order doesn’t mandate pre-release review. It creates a voluntary submission process and encourages AI companies to participate. The Attorney General is directed to prosecute criminal misuse of AI under existing laws — which is本来就 existing authority, not something new.

There’s also an expansion of the federal cybersecurity workforce, which is orthogonal to AI but related in the broad “make government better at security” sense.

The States Say No

Here’s the part that makes the order interesting from a regulatory standpoint: Trump tried to head off state-level AI regulation six months ago, warning states not to go their own way. They’re doing it anyway.

Six months after that warning, states are increasingly passing their own AI laws. California has its revised AI framework. Colorado has been working on its own approach. Several others are in various stages of the legislative process.

The federal government is trying to set national AI policy through executive order; state governments are ignoring that and legislating anyway. This is a familiar dynamic in US tech regulation — think of privacy law, where the federal stall has produced a patchwork of state rules — and it’s playing out the same way with AI.

Voluntary Model Reviews: Does It Work?

The cybersecurity review mechanism is the most substantive part, and the hardest to evaluate. Would OpenAI, Anthropic, Google, and Meta voluntarily hand over their frontier models to federal agencies before release? The companies have historically resisted anything that looks like pre-publication government review, on grounds of both IP protection and the practical delay it would introduce.

On the other hand: these same companies have internal red teaming, safety evaluations, and security reviews. A government review process that’s credentialed, fast, and non-political might actually be something they’d cooperate with. The question is whether such a process could be built quickly enough and kept clean enough to maintain credibility with the industry it’s trying to work with.

The Real Story

Trump’s order acknowledges AI risks in ways that are worth noting. Previous administrations’ AI approaches ranged from full deregulation to vague concern. This order actually identifies specific risk categories — cybersecurity, biosecurity — and tries to build a mechanism around them.

Whether that mechanism works depends entirely on implementation. As written, it’s a request, not a requirement. The AI labs will do what they always do: cooperate where it doesn’t cost them much, resist where it does.

The states, meanwhile, are moving regardless. In the absence of meaningful federal action, they’re writing their own AI laws. That fragmentation is probably the bigger story — and the one that US AI companies will have to actually deal with.