One week produced more AI regulatory activity at the federal level than Congress managed in years of privacy debates: an executive order on AI cybersecurity, a national security memorandum directing the military to adopt commercial AI at scale, and a bipartisan congressional draft proposing the first comprehensive federal AI framework. The pattern matters more than any single item.
The Federal Government Is Moving First
Privacy law in the United States followed a familiar arc. Europe acted, Congress debated, and eventually twenty-plus states passed their own laws. California led. Virginia, Colorado, Texas, and Connecticut followed. By the time comprehensive federal legislation became serious, companies were already managing a compliance patchwork that no single framework could rationalize.
AI is shaping up differently. The Great American AI Act, released as a bipartisan discussion draft on June 4, would preempt state laws specifically governing AI model development for three years. The explicit goal is to prevent the privacy patchwork from repeating. The White House has issued two major executive orders and a national security memorandum on AI in the span of a week. Federal policymakers are aware of the problem and are trying to get ahead of it.
Whether they succeed is a separate question. The discussion draft is not law. Executive orders can be rescinded. The federal-first instinct is real, but it has not yet carried the day.
Transparency Is the Consistent Thread
Look across every proposal currently on the table and one word keeps appearing: transparency.
The Great American AI Act would require independent audits and disclosures from large frontier AI developers. The EU AI Act's transparency obligations for chatbot systems take effect in August. The CREATOR Act, introduced this week, creates a new federal cause of action for commercial AI-generated imitation of artists' styles without their consent. The Bartz v. Anthropic settlement, the largest AI copyright resolution to date, turned in significant part on training data transparency and the obligations that come with building AI on undisclosed sources.
This is the same instinct that drove early privacy regulation. Before regulators could agree on what to prohibit, they reached for notice and disclosure as a proxy for accountability. That approach worked imperfectly for privacy. Expect the same pattern, and the same imperfections, in AI.
The Rules Aren't Final. Governance Can't Wait.
None of this is settled. The Great American AI Act is a 269-page discussion draft with an open public comment invitation. The EU obligations apply narrowly today. Executive orders shift with administrations. The specific compliance requirements your organization will face twelve months from now are genuinely unclear.
But the uncertainty cuts both ways. Look at what every serious proposal has in common: risk assessment, documentation of AI systems in use, human oversight mechanisms, and accountability structures. That infrastructure is not jurisdiction-specific. It is the baseline that every regulatory framework, regardless of its final form, is converging toward.
Organizations that have mapped their AI systems, documented how decisions are made, and established governance structures are not waiting for perfect clarity. They are building what they will need regardless of which rules prevail.
We recommend starting with an AI inventory: what systems your organization uses, what decisions they influence, and what data they process. That single step is the foundation for every compliance obligation currently on the table, and it will remain the foundation for whatever comes next. And even in the scenario where no new AI law passes, that inventory is the same foundation your organization needs to identify which AI tools are actually delivering value and which ones are just adding cost.
Sources:
- https://www.whitehouse.gov/presidential-actions/2026/06/promoting-advanced-artificial-intelligence-innovation-and-security/
- https://www.whitehouse.gov/presidential-actions/2026/06/national-security-presidential-memorandum-nspm-11/
- https://obernolte.house.gov/sites/evo-subsites/obernolte.house.gov/files/evo-media-document/the-great-american-ai-act-discussion-draft-website-compressed-compressed.pdf
- https://vanduyne.house.gov/_cache/files/f/6/f6e6ce85-a9d8-4514-b26b-af882e092358/8BFB865C0CB241F919D328E676FB9D8789261836D754A696D0086D8C308CDFAC.creator-act.pdf
Disclaimer: This blog post does not constitute legal advice, does not create an attorney-client relationship, and is intended for informational purposes only.
Senior CounselMarcus Burnside advises technology companies, private equity-backed businesses, and foreign clients on intellectual property strategy, AI governance, and data privacy. His practice sits at the intersection of three areas most ...