The US bets on voluntary frontier-AI security — the June 2026 executive order

Where the European Union regulates frontier AI through a binding statute, the United States has just chosen the opposite instrument. On 2 June 2026 the White House issued the executive order "Promoting Advanced Artificial Intelligence Innovation and Security." It is the most substantive federal action on frontier models to date, and its defining feature is what it refuses to do: the order expressly forbids the creation of "a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models." The American answer to the safety question is voluntary, benchmark-driven and routed through national security, not product law.

Three tracks

The order organises federal action along three lines.

First, cyber defence. A cluster of Section 2 directives, almost all on a 30-day clock, instruct the government to harden its own systems against AI-enabled threats: the Committee on National Security Systems prioritises the defence of National Security Systems, the Department of War does the same for military systems, and DHS/CISA must issue Binding Operational Directives for civilian federal networks. The Treasury Secretary — together with the NSA and CISA — is to stand up an AI cybersecurity clearinghouse that coordinates vulnerability scanning, discovery and remediation with industry and critical infrastructure operators on a voluntary basis. OMB is to identify grant programmes that can fund AI-driven vulnerability detection, and within 60 days OPM is to widen cybersecurity hiring pathways.

Second, a voluntary frontier framework. Within 60 days the relevant agencies are to develop a benchmarking process and a voluntary framework under which developers of "covered frontier models" may give the government access to their models up to 30 days before a planned release. Which models are "covered" is to be settled through a classified benchmarking process — run under national-security authorities, with the NSA assessing the advanced cyber capabilities of AI models — rather than through a public statutory threshold of the kind California and New York use. Engagement is offered, not compelled.

Third, criminal enforcement. Within 60 days the Attorney General is to prioritise enforcement of existing federal criminal law against AI-driven cybercrime and other malicious uses of AI. This is enforcement of laws already on the books, not the creation of a new AI offence.

What it is not

The order creates no new regulator, no registration duty, no conformity assessment and no obligations that bind private developers as a matter of law. Its frontier-model engagement is an offer; its cyber clearinghouse is a coordination venue; its security benchmarks are, for now, classified criteria rather than published rules. The aggressive 30- and 60-day deadlines mean the operative detail — what the benchmarking actually measures, what the voluntary framework asks of a laboratory — will only become visible in July and August 2026, when the tasked agencies report back. Until then the order sets a direction more than a rulebook.

Why it matters beyond the US

Read alongside the December 2025 preemption order and the March 2026 National Policy Framework — both analysed in our US state AI laws entry — a consistent federal posture emerges: Washington wants a single, light-touch national approach and is actively resisting both heavy state regulation and the EU's statutory model. For the global frontier laboratories, the practical contrast is now sharp. The same developer that must publish a safety framework and report serious incidents under the EU AI Act's GPAI rules, and under California's frontier law and the New York RAISE Act, is invited — but not required — to share pre-deployment access with US security agencies. Europe binds; the United States benchmarks. That divergence, not any single deadline in the order, is what European organisations watching transatlantic AI policy should take from 2 June 2026.