Trump signs scaled-back AI cybersecurity order

President Trump signed an executive order on Tuesday establishing a framework for the federal government to evaluate artificial intelligence models prior to public release. The directive, developed by the Office of the National Cyber Director, requires AI companies to voluntarily submit their most powerful models for government review 30 days before launch. This timeframe represents a significant reduction from an earlier draft that proposed a 90-day review period, a change driven by pressure from the tech industry and the president’s own reservations about the original proposal.

The order aims to identify software vulnerabilities in AI systems, such as Claude Mythos, and share this information with critical infrastructure operators, including banks, utilities, and hospitals, prior to deployment. The signing occurred following a high-level White House meeting where Trump and his advisors agreed on the scaled-back version. The president had originally been expected to announce the order on May 21, but the ceremony was postponed after industry insiders raised objections to the more stringent requirements.

Notably, the final order explicitly states that it does not authorise the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development or release of new AI models. This provision addresses concerns from industry officials who had advocated for a shorter review window, with some pushing for a period as brief as 14 days. The voluntary nature of the submission process distinguishes this directive from previous regulatory attempts by the administration.

The move marks a departure from the Trump administration’s previous approach to artificial intelligence. In his AI Action Plan from the previous summer, the White House outlined a policy vision with few guardrails on companies like OpenAI. Previous regulation attempts focused on ideological grounds, such as limiting the procurement of "woke" AI systems and challenging state-level AI restrictions in Colorado and New York via a Department of Justice litigation task force.

Samir Jain, vice-president of policy at the Centre for Democracy and Technology, told Engadget that while the idea of testing for critical infrastructure providers makes sense, the procedure remains opaque. Jain warned against arbitrary power over model releases, noting that without transparency, security could be used as a pretense to block models for political reasons. However, he acknowledged that the order signals a recognition that AI poses real security risks requiring mitigation, a shift from the administration’s previously laissez-faire stance on potential harms.

The executive order was signed in a private ceremony, concluding a process that saw significant debate over the balance between national security and industry innovation. By establishing a voluntary review framework, the administration has chosen a middle ground between unrestricted deployment and strict federal oversight, aiming to mitigate security risks without imposing rigid licensing requirements on developers.