The order is signed. Nothing is required.
That’s the operational reality of the executive order President Trump signed June 2, formally titled “Promoting Advanced Artificial Intelligence Innovation and Security.” According to analysis from WilmerHale and the Council on Foreign Relations, the framework asks covered frontier model developers to voluntarily provide federal government access for up to 30 days before public release. It doesn’t require licensing. It doesn’t require approval. Participation is optional.
So why does it matter to compliance programs? Because voluntary frameworks have a way of becoming baselines faster than anyone expects.
The EO defines a category, “covered frontier models”, but the compute threshold that determines who qualifies hasn’t been publicly specified in available reporting. That gap is consequential. If your organization is near any plausible threshold, your compliance team should be tracking the definition’s evolution, not waiting for a final rule. What the EO establishes today as voluntary access is the architecture Congress or a future administration could mandate tomorrow.
Unanswered Questions
- What compute threshold defines a 'covered frontier model' under this EO?
- Will agency implementation guidance add cybersecurity specifics not yet confirmed in available reporting?
- Does voluntary participation in the 30-day window affect regulatory standing if Congress later mandates participation?
David Sacks, the former White House AI policy lead, reportedly raised industry concerns before the order’s finalization, per Politico’s reporting. The final order reflects that tension: enough structure to signal federal seriousness about frontier AI access, not enough teeth to generate the industry resistance a mandatory framework would have. The 30-day window survived. The mandate didn’t.
Safety advocates, including organizations that have previously called for mandatory pre-launch AI review, are urging Congress to codify and expand requirements the EO leaves voluntary. Whether Congress acts on those calls is uncertain. What’s less uncertain is the direction of travel: federal engagement with frontier AI pre-deployment is moving from informal to structured, even if today’s structure is optional.
The cybersecurity dimension is worth flagging carefully. Initial reporting suggests the order may direct federal agencies to strengthen cybersecurity protocols for AI systems, though that specific directive language hasn’t been independently confirmed from available source excerpts. Compliance teams shouldn’t build programs around unconfirmed provisions, but if your organization works with federal AI deployments, monitoring for implementation guidance on the cybersecurity component is prudent.
What to Watch
What to watch
The definition of “covered frontier model” is the operative unknown. Once the compute threshold is specified, whether in follow-on agency guidance or Congressional action, every frontier developer will know whether it’s in scope. The Alliance for Secure AI and similar organizations have signaled they’ll push for mandatory participation; watch for Congressional hearings on AI oversight as the mechanism where that pressure converts to legislation.
The real question is whether companies that do participate in the voluntary framework end up shaping what mandatory looks like. Early participants set precedent. If the 30-day pre-release window becomes standard practice among major developers, the argument for making it mandatory weakens, and so does the argument for extending it. Compliance teams at frontier AI companies should treat voluntary participation as a strategic decision with regulatory implications, not just a cooperative gesture.