New U.S. AI Executive Order favours tech innovation while prioritizing security

Last week, President Trump signed a new Executive Order, "Promoting Advanced Artificial Intelligence Innovation and Security,” focused on cybersecurity modernization, building a voluntary government early-access framework for advanced AI models, and enforcement against AI-enabled crime. 

This Order is more industry-friendly than earlier leaked drafts suggested, with immediate and broad implications for AI developers, federal contractors, and critical infrastructure operators.

Uncertainty over federal AI regulation 

In January 2025, President Trump revoked President Biden’s October 2023 AI Executive Order (which had imposed testing and reporting requirements on AI developers, among other requirements), signaling the Trump Administration’s desire to take a lighter-touch approach to AI regulation. We covered this evolution in our earlier piece on the White House’s AI Action Plan. 

Executive Order effects

The Order has three main components: (1) federal cybersecurity upgrades, (2) a voluntary framework for advanced AI model access, and (3)  enforcement against AI-enabled crime. 

1.    Federal cybersecurity upgrades by July and August

The Order sets tight 30- to 60-day timelines for federal government agencies to integrate advanced AI-enabled cyber defenses:

By July 2, 2026:

• The Committee on National Security Systems must prioritize cyber defense of “National Security Systems,” as defined in 44 U.S.C. § 3552(b)(6)(A), including command of military forces and weapons system equipment. 

• The Secretary of War must prioritize the cyber defense of Department of War information systems (previously the Secretary and Department of Defense, respectively).

• The Secretary of Homeland Security, via the Cybersecurity and Infrastructure Security Agency (CISA), must issue Binding Operational Directives to strengthen AI-enabled cyber defenses across civilian federal systems and facilitate access to cybersecurity tools for state and local governments and critical infrastructure operators, such as rural hospitals, community banks, and local utilities.

• The Treasury, National Cyber Director, National Security Agency (NSA), and CISA must set up a voluntary AI cybersecurity clearinghouse to coordinate vulnerability scanning, validation, and patch distribution with industry.

•  The Director of the Office of Management and Budget (OMB) must assess whether existing federal grant programs can fund AI vulnerability detection development.

By August 1, 2026:

• The Director of the Office of Personnel Management (OPM) must expand US Tech Force Information Cybersecurity Specialist hiring and placement pathways.

2.    Voluntary Advanced AI Access Framework (by August 1, 2026)

The Order introduces the concept of “covered frontier models” and directs security agencies to build a voluntary early-access framework. The NSA has 60 days to develop a classified benchmarking process to determine which AI models qualify as "covered frontier models" based on their advanced cyber capabilities. 

While participation is entirely voluntary, developers who engage can gain meaningful advantages:

• The ability to collaborate directly with the government in selecting which trusted partners receive early access to their models, and

• Better positioning for future government contracting and procurement opportunities.

3.    Prioritized enforcement against AI-enabled crime

The Order does not establish new crimes or offenses. Instead, the US Attorney General is directed to prioritize the prosecution of anyone using AI to commit computer crimes, including unauthorized system access, wire fraud, and identity fraud. 

This applies to violations of the Computer Fraud and Abuse Act (18 U.S.C. § 1030), or wire fraud (18 U.S.C. § 1343) and identity fraud (18 U.S.C. § 1028) statutes.

What this means for you

• Voluntary today does not mean voluntary forever. The Order’s ban on mandatory AI preclearance is legally effective, but Executive Orders can be revised or repealed very easily at any time. Keep this in mind if you develop or deploy AI. 

• Understand your exposure to “covered frontier model” status. The benchmarking process NSA will use to designate whether a model qualifies is classified. Developers may not know the precise thresholds triggering a designation until a determination is made. If your organization develops advanced AI, begin assessing now whether your models may qualify, what that means operationally, and whether voluntary early access is in your interest.

• Review your AI practices for legal risk. Enforcement of computer fraud and cybercrime statutes against AI-enabled conduct is now an explicit priority. Audit how your AI tools access and process data to ensure alignment with existing statutes. Additionally, in light of recent global cyber threats, organizations would be well-positioned to tighten their defenses against AI-enabled attacks on internal systems.

• Federal contractors: watch for requirements flowing from CISA. Binding Operational Directives are due July 2, 2026, and routinely cascade into updated contract standards and cybersecurity requirements for government vendors. 

• Treat AI governance as a business priority. This Order reinforces a clear direction of regulatory travel: AI risk is an enterprise issue. If you do not have an AI governance framework in place, now is the time to build one.

• Watch for grant funding opportunities. If you are developing AI vulnerability detection capabilities, federal funding may become available soon following OMB’s mandated review of existing grant programs.

On the horizon

The approaching deadlines mean agency guidance will arrive quickly. We will track CISA's Binding Operational Directives, the AI cybersecurity clearinghouse structure, and the voluntary framework's development as they emerge. 

This Order sits within the Administration’s broader AI agenda, including the White House’s National Policy Framework for AI Legislative Recommendations released earlier this year. For a fuller picture of the direction of U.S. AI regulation, see our prior coverage of the AI Action Plan.

If you would like to discuss how this Executive Order may affect your business, please get in touch.

With thanks to our Summer Associate Ashley Gustafson for her contribution to this post.