On June 2, 2026, President Trump signed an Executive Order titled “Promoting Advanced Artificial Intelligence Innovation and Security” (the “Order”). The Order reflects the Administration’s stated policy of advancing U.S. AI leadership through collaboration with the private sector, while taking steps to harden government and critical infrastructure systems against emerging cyber threats. Importantly, the Order maintains the Administration’s approach of favoring voluntary, industry-collaborative mechanisms over mandatory regulatory mandates, expressly disclaiming any authority to create licensing, preclearance, or permitting requirements for the development or distribution of AI models. In this post we highlight select key provisions of the Order that private sector companies should be aware of.
Federal Cybersecurity Initiatives for Advanced AI
Section 2 of the Order directs several agencies to take action within aggressive timelines to prioritize cyber defense across federal systems. Within 30 days, the Secretary of Homeland Security, through the Director of the Cybersecurity and Infrastructure Security Agency (“CISA”), in consultation with the Director of the Office of Management and Budget (“OMB”), the Assistant to the President for National Security Affairs, and the National Cyber Director, is directed to release Binding Operational Directives and other guidance to expedite the cyber defense of civilian federal government information systems, establish or expand federal programs that enhance AI-enabled defensive tools, and facilitate access to cybersecurity tools and services, including, where appropriate, “covered frontier models,” for agencies, state and local authorities, and operators of critical infrastructure such as rural hospitals, community banks, and local utilities. Even those companies that may not be considered critical infrastructure but that otherwise support the government should evaluate whether their existing contracts and commitments account for the AI-enabled defensive capabilities the Order is pushing forward.
The Order also establishes an AI cybersecurity clearinghouse, led by the Secretary of the Treasury in voluntary collaboration with the AI industry and operators of critical infrastructure. This clearinghouse is tasked with coordinating and deconflicting scanning for software vulnerabilities, discovering and validating such vulnerabilities, and coordinating and prioritizing remediation and distribution of vulnerability patches.
Secure Frontier Model Deployment
Section 3 of the Order introduces a framework for “covered frontier models,” a new designation under the Order for AI models that meet a certain threshold of advanced cyber capabilities. Within 60 days, the Secretary of the Treasury, the Director of the National Security Agency (“NSA”), and the Director of CISA, in consultation with the White House Chief of Staff (through the National Cyber Director), the Assistant to the President for Science and Technology (“APST”), and the Director of the National Institute of Standards and Technology, must develop and maintain a classified benchmarking process to assess the advanced cyber capabilities of AI models and determine the threshold at which a model should be designated a “covered frontier model.” The determination is to be made by the Director of NSA, in consultation with the National Cyber Director, the APST, the Director of CISA, and other representatives of the Department of War.
The Order also calls for the design of a voluntary framework with AI developers through which developers would be able to engage the federal government to determine whether their model(s) under development meet the “covered frontier model” designation, provide the government with access to covered frontier models for a period of up to 30 days before planned release to other trusted partners (subject to appropriate confidentiality, cybersecurity, insider-risk, and intellectual property protections), and collaborate with the government to select trusted partners for early access to promote secure innovation and strengthen the cybersecurity of critical infrastructure.
Notably, the Order explicitly states that nothing in Section 3 “shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.” This provision underscores the Administration’s consistent emphasis on voluntary cooperation over prescriptive regulation, a theme that has distinguished the current Administration’s approach to AI governance from that of its predecessor.
Enforcement Against Criminal Actors
Section 4 of the Order directs the Attorney General to prioritize enforcement of existing federal criminal statutes — including 18 U.S.C. § 1028 (identity fraud), 18 U.S.C. § 1030 (computer fraud), 18 U.S.C. § 1343 (wire fraud), and all other applicable federal criminal laws — against anyone who utilizes AI to illegally access or damage a computer without authorization, or who utilizes AI while engaged in such illegal access to further any other crime. This includes breaching any public or private information technology system or employing AI agents to unlawfully access data or information that is subsequently used for a criminal or unlawful purpose. No new criminal authority is created; rather, the Order sharpens the enforcement posture under laws already on the books.
Key Takeaways
The Order continues a pattern of the Administration leveraging the federal government’s position to enhance cybersecurity while avoiding mandates that could be perceived as burdensome to the AI industry. Several aspects merit particular attention:
- The voluntary nature of the frontier model framework is significant. While the Order creates a pathway for developers to engage with the government and provide pre-release access to frontier models, participation is explicitly voluntary. Companies developing advanced AI models should nevertheless closely monitor the forthcoming classified benchmarking process and voluntary framework, as these will define the practical scope of what constitutes a “covered frontier model” and shape expectations around pre-release government access.
- The creation of the AI cybersecurity clearinghouse represents a notable step toward coordinated vulnerability management. Organizations operating in critical infrastructure sectors should watch for developments regarding the clearinghouse’s structure and opportunities for voluntary participation.
- The Order’s aggressive timelines, with most directives requiring action within 30 to 60 days, suggest that the practical shape of these initiatives should become clearer over the summer of 2026. Companies should watch for the forthcoming CISA Binding Operational Directives and the covered frontier model framework, as those documents will provide more concrete guidance on how these provisions may affect day-to-day operations.
- The Order’s enforcement provisions in Section 4, while not creating new criminal authority, signal an increased focus on the use of AI as a tool for cyberattack and data theft. Organizations should continue to assess their cybersecurity posture in light of the evolving threat landscape, particularly as AI-enabled attack vectors continue to proliferate.
We will continue to monitor developments related to this Order and will provide updates as the implementing guidance and frameworks are released.
