Trump Signs Executive Order Calling for 30-Day Voluntary Review of AI Models Before Launch

Donald Trump signed an executive order on June 2, 2026, asking developers of frontier models to submit advanced versions to the federal government for up to 30 days prior to public release. The document, titled Promoting Advanced Artificial Intelligence Innovation and Security, maintains the voluntary regime but installs the regulatory framework that was lacking in the second term: a classified benchmark conducted by NIST to identify what will be called a covered frontier model and a federal cybersecurity clearinghouse dedicated to AI.

The 30-day window is half of what the April draft suggested. The earlier version considered 90 days and was rejected following protests from OpenAI, Anthropic, Google, and Meta on the grounds that the timeframe would obstruct release cadences that currently operate on a weekly basis. The Secretary of Commerce, through the director of NIST, is responsible for defining the technical threshold that separates a covered model from others, a decision with direct commercial implications: those that cross the threshold enter the review queue, while those that do not remain unchanged.

Cybersecurity at the Centre, Licensing Out

The order creates the AI Cybersecurity Clearinghouse with a mandate to centralise intelligence on vulnerabilities specific to AI models, and gives federal agencies 60 days to publish the voluntary security framework that will guide collaboration with industry. The text explicitly excludes any mandatory licensing regime: "Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models". The wording was negotiated to preserve the political thesis of the second term, which rejects the AI safety vocabulary of the previous government and frames AI as a sovereignty asset.

The Regulatory Geometry Diverges

The distance to Brussels is clear. The European AI Act, phased in since August 2024, provides for fines of up to €35 million or 7% of annual global turnover for violations of Article 5, and remains the only framework with proven enforcement power. The American order relies on the goodwill of laboratories and offers a low-friction path for companies that were already submitting models for testing by the AI Safety Institute under the Biden administration. The European Code of Practice on marking AI-generated content, linked to Article 50, is set for publication still in June.

For CIOs and CISOs of American companies with clients in the European Union, the coexistence of the two regimes does not simplify matters. A model trained in the United States with a 30-day voluntary review will need to comply with the AI Act for any European client classified as high-risk, and the American framework does not hold equivalent legal weight. The European Commission maintains the planned implementation pace, with obligations for high-risk systems coming into effect on August 2, 2026, a deadline that will not be altered due to Washington.

United Kingdom, China, and the Asian Perspective

In the United Kingdom, the AISI model continues to be the voluntary pre-release testing, but operated by an independent agency, without the intra-governmental clearinghouse design that the American order adopts. The practical consequence is that London could end up attracting tests of models that prefer not to pass through the stamp of a political agency from the United States. In China, the Cyberspace Administration maintains the obligation for algorithm registration before public release, in a mandatory regime that does not align with the voluntary framework of the White House and has been used as a tool for ideological filtering since 2023.

For the consulting industry, the thesis that the United States and Europe would converge on a common regulatory regime has lost another year. Companies operating in North America, Europe, and markets like India and Japan, which are monitoring the regulatory designs on both sides without defining their own, now have three distinct interlocutors for the same model: NIST and the American clearinghouse, the AI Office in Brussels, and the CAC in Beijing.

The order arrives in the same week that Microsoft announced at Build the MAI family of its own models and Anthropic expanded the Project Glasswing to 150 organisations in 15 countries. The American government formalises, in the same cycle, the thesis that the regulatory pathway lies in coordinated cybersecurity intelligence, not in pre-release bottlenecks. For those expecting a tougher text, one question remains: what happens when the first model classified as covered decides not to submit for 30 days and still goes public?