Executive Order on Artificial Intelligence Released
On June 2, 2026, the White House issued an executive order titled “Advancing Innovation and Security in Advanced Artificial Intelligence.” The administration faced challenges in clarifying that this order wasn’t, well, some kind of burden or, as characterized by the Biden administration, a “top-down regulatory approach.” The official fact sheet went into detail about what the order wasn’t—asserting there were no compulsory licenses necessary and no prior permissions required, which, honestly, took a considerable amount of energy just to explain its absence.
This type of governance is somewhat typical for America. There’s a convention there, not to name it outright.
How much should republics delegate technical judgment to their security bureaucracies?
In practical terms, the responsibilities outlined in the order are rather specific. It instructs federal agencies to make cyber defense of information systems a priority within 30 days of signing. The Department of Homeland Security is called upon to issue an operational directive that expands AI-enabled defensive tools to various federal agencies, as well as state and local governments, hospitals, and community banks. In 60 days, a confidential benchmarking process will be set up, managed by the Treasury Department and the NSA, to evaluate when an AI model’s capabilities reach a threshold defined as a “covered frontier model.” Developers can choose to submit their models for government assessment voluntarily. Then the government has 30 days to assess these models before they can be shared publicly.
This order can be seen as the third step in a series of policies dating back to the first Trump administration. In 2019, the president signed an executive order asserting that U.S. leadership in AI is crucial for both the economy and national security, emphasizing public trust and civil liberties. Fast forward to 2023, and the Biden administration issued Executive Order 14110, which noted that AI has both “promise and peril,” promoting a broader social contract regarding issues like safety, labor rights, and reducing bias. When the new Trump administration began on January 20, 2025, it canceled that order, citing ideological contamination and framing Biden’s approach as “burdensome.” The new policy would instead focus on maintaining American AI superiority, or so it claims.
Government as a Limiting Factor
What emerged is a security agreement between the federal government and a select group of frontier model developers. These developers grant the government access to their models for evaluation. They then jointly decide who qualifies as the next “trusted partner.” However, the criteria for these evaluations remain classified, and the status thresholds are kept confidential. Organizations like Google and individuals such as Sam Altman have expressed approval of the order, which adopts a “voluntary, step-by-step approach” that tries to present the NSA’s management process as simply a collaboration within the industry.
These targeted beneficiaries include “local hospitals, community banks, and local governments,” yet these organizations might lack the staff and capacity to handle sensitive defense information effectively. Their names featured on the fact sheet likely serve to garner sympathy. The real players in the architecture of this policy appear to be frontier developers and those who have been vetted. Others will be waiting to see what the clearinghouse deems appropriate for distribution, assuming they have the know-how to utilize it.
This is a typical model of American governance in the 21st century: centralized technical decision-making, limited public transparency, and a significant reliance on downstream partners. Reports suggest that the government will enhance the infrastructure, but the real questions linger: Who decides? How? What criteria are used to define knowledge?
The order discusses cybersecurity topics fluently, from attack surfaces to patch distribution. In its language, every institution essentially becomes a node: hospitals, banks, utilities, and federal agencies—all nodes in a network of cyber vulnerabilities needing protection. The only real question seems to be whether institutions are being directed to strengthen this network.
Beneath its specific operational focus, this mandate represents a theory of governance as much as it does a technological guideline. Critics, including the Atlantic Council, have drawn attention to the confidentiality standards and the delegation of executive discretion, which create significant accountability gaps—a concern that’s integral to the design.
Bureaucratic Complexity
Despite attempting to reject bureaucracy, the order establishes complex bureaucratic mechanisms with deadlines, interagency consultations, directives, classifications, and enforcement priorities. This shifts governance away from the open and collaborative risk management culture of NIST into the realm of administrative security, involving agencies like the NSA, Treasury Department, and National Cyber Directorate. These entities will now determine which AI systems are deemed significant.
It’s important to note that these institutions are serious, technically adept, and act with a sense of integrity. Cybersecurity threats are very real. Research from Frontier Labs has shown that certain advanced models can automate sophisticated attacks against heavily fortified targets, uncover exploits, and chain vulnerabilities at speeds that human teams simply can’t match. The lingering question remains: How much should we trust bureaucracies to make these technical judgments?
Officials express a sense of urgency, relying on their expertise alongside comparisons to China’s competitive technology landscape for legitimacy. They might be right to feel that way. Urgency has historically shaped American policy. Interestingly, this order positions itself as the antithesis of regulation, even though it shares characteristics with regulation—exerting power, minimal accountability, and a much shorter guest list.
