Wiki · Law · Last reviewed June 23, 2026

U.S. AI Policy

U.S. AI policy is the federal-and-state governance stack through which the United States shapes artificial intelligence as an economic, national-security, public-sector, civil-rights, standards, infrastructure, and geopolitical issue.

Definition

U.S. AI policy is not one AI law. It is a moving collection of executive orders, OMB memoranda, agency guidance, procurement terms, NIST standards work, CAISI evaluations, export controls, federal research programs, sector regulators, state laws, court disputes, and infrastructure decisions.

The unit of analysis is the policy lever: statute, executive order, OMB memorandum, procurement clause, NIST framework, export-control rule, agency enforcement action, grant condition, or state law. Each lever has different force, durability, transparency, and reviewability.

The policy is unusually unstable because AI touches several federal priorities at once: technological leadership, defense competition, cybersecurity, labor, civil rights, copyright, energy infrastructure, public-sector modernization, education, healthcare, elections, and platform power. A model release, data center permit, cloud contract, export rule, or procurement clause can therefore become policy even when Congress has not enacted a comprehensive horizontal AI statute.

As of June 23, 2026, the federal center of gravity is acceleration-oriented: pro-innovation, competition-focused, infrastructure-heavy, and national-security-oriented. At the same time, governance has not disappeared. It has moved into agency use rules, federal buying power, NIST and CAISI measurement work, export controls, cybersecurity coordination, civil-rights enforcement under existing law, and a contested push for a more uniform national framework over state AI rules. This is a posture, not a complete federal AI statute; enforceability depends on the instrument.

Snapshot

Current Context

The current U.S. posture begins with Executive Order 14179, signed January 23, 2025. It revoked Biden-era AI directives that the Trump administration characterized as barriers to innovation, set a policy of sustaining and enhancing American AI dominance, and required an AI Action Plan within 180 days.

America's AI Action Plan, released July 23, 2025, identified more than 90 federal policy actions across three pillars: accelerating innovation, building American AI infrastructure, and leading in international diplomacy and security. That same day, the White House issued executive orders on data center permitting, export of the American AI technology stack, and federal procurement of large language models under "Unbiased AI Principles."

In April 2025, OMB issued M-25-21 on federal agency AI use and M-25-22 on AI acquisition. In December 2025, OMB issued M-26-04 to implement the federal LLM procurement order. In June 2026, Executive Order 14409 added a national-security and cybersecurity layer: agencies were directed to harden federal systems, create an AI cybersecurity clearinghouse, and design a voluntary framework for federal access to covered frontier models for up to 30 days before selected early releases. The order expressly disclaimed mandatory model licensing, preclearance, or permitting.

The result is a U.S. policy stack rather than a single regulator. The most important levers are federal purchasing, standards, infrastructure siting, export controls, law-enforcement priorities, voluntary frontier-model access, and the tension between national uniformity and state experimentation. Because many of those levers are executive or agency instruments, the live policy stack can change faster than statutory rights, court doctrine, or local infrastructure capacity.

Read current claims by authority level. An action plan signals policy; an executive order directs the executive branch; an OMB memorandum binds agency management and procurement more directly than private conduct; a NIST framework usually supplies voluntary guidance unless incorporated by contract or rule; and a Federal Register document must still be checked for legal status, effective date, and whether it creates any enforceable right.

Policy Arc

2019: American AI Initiative. Executive Order 13859 framed AI leadership as a national priority and directed federal agencies toward research, data access, standards, workforce, and international engagement.

2020/2021: National AI Initiative Act. Enacted as part of the FY2021 National Defense Authorization Act, the National Artificial Intelligence Initiative Act created a statutory coordination layer for federal AI research, education, standards, and interagency activity.

2022: Blueprint for an AI Bill of Rights. The White House Office of Science and Technology Policy released a non-binding rights framework organized around safe and effective systems, algorithmic discrimination protections, data privacy, notice and explanation, and human alternatives.

2023: Executive Order 14110. The Biden administration's order on safe, secure, and trustworthy AI used executive authority to push testing, reporting, standards, agency governance, civil-rights work, synthetic-content guidance, and national-security controls. NIST later noted that EO 14110 was rescinded on January 20, 2025.

2025: Executive Order 14179 and the AI Action Plan. The Trump administration's January 23, 2025 order set the dominance-and-innovation frame. The July 2025 action plan then linked AI policy to deregulation, federal adoption, data centers, energy, exports, standards diplomacy, workforce, defense, and national security.

2025-2026: procurement, preemption, and frontier security. The administration moved from general policy into implementing levers: OMB memoranda for agency use and acquisition, a December 2025 executive order aimed at state-law obstruction, and a June 2026 executive order on AI-enabled cyber defense and voluntary federal access to covered frontier models.

Federal Agency Use

Federal AI policy is not only about regulating private labs. It is also about making the government itself a major AI user and buyer.

OMB Memorandum M-25-21, issued April 3, 2025, replaced OMB M-24-10 and directed agencies to accelerate federal AI use while maintaining safeguards for privacy, civil rights, civil liberties, and unlawful-discrimination risks. It kept Chief AI Officers and high-impact AI safeguards, but moved the posture toward adoption, innovation, delegated risk acceptance, and agency service delivery.

OMB Memorandum M-25-22, also issued April 3, 2025, addressed acquisition. It told agencies to buy AI in ways that support effective public services, cross-functional engagement, performance tracking, risk management, competition, interoperability, and clear requirements for vendors.

For governance, the important artifact is the record that survives the purchase: the AI system inventory entry, procurement file, model or system documentation, data-use terms, human-oversight plan, audit rights, monitoring plan, and exit path. Without those records, federal acceleration becomes adoption without an inspectable trail.

Federal LLM procurement now has an additional political-evaluation layer. Executive Order 14319 and OMB M-26-04 require agencies procuring LLMs to assess compliance with "truth-seeking" and "ideological neutrality" principles. Whatever one's view of those standards, they show how procurement can turn model evaluation into a governance battleground: agencies need records of scope, test design, vendor disclosures, contestability, and who decides whether a model fails.

By May 2026, DOE had issued Policy Flash 2026-45 and Acquisition Letter 2026-05 to implement OMB M-26-04 for DOE contracting officials. That is the implementation path to watch: White House language becomes OMB guidance, then agency procurement instructions, then contract terms, vendor disclosures, records, and renewal decisions.

This makes procurement one of the most important hidden levers in U.S. AI policy. Federal contracts can shape what vendors document, what safeguards they offer, how models are evaluated, whether agencies can switch providers, what audit rights the public retains, and whether AI systems become embedded in public administration before democratic oversight catches up.

Safety, Standards, and CAISI

NIST remains central because the United States often governs AI through measurement science, voluntary standards, guidance, and procurement expectations rather than one comprehensive AI law.

The NIST AI Risk Management Framework, released in 2023, continues to provide a voluntary governance vocabulary for mapping, measuring, managing, and governing AI risks. NIST says AI RMF 1.0 is being revised, and its recent work includes the Generative AI Profile, a critical-infrastructure profile concept note, standards coordination, secure-development guidance, synthetic-content work, and agent-security work. Voluntary standards become more consequential when agencies, grants, contracts, auditors, or sector regulators incorporate them into enforceable requirements.

The U.S. AI Safety Institute was later re-established as the Center for AI Standards and Innovation, or CAISI. NIST describes CAISI as industry's primary U.S. government contact for testing and collaborative research related to commercial AI systems. CAISI materials emphasize evaluations, guidelines, model-security research, agent standards, secure evaluation methods, and analysis of national-security-relevant capabilities.

In 2026, NIST's AI Agent Standards Initiative made agent identity, interoperability, autonomous action, and security a standards problem. Executive Order 14409 also brought NIST into the interagency process for a classified benchmarking framework for covered frontier models. The governance implication is narrow but important: federal evaluation capacity is growing, yet most of it still operates through voluntary cooperation, procurement, standards, or national-security channels rather than an independent AI regulator.

CAISI should therefore be cited precisely. A CAISI evaluation or voluntary agreement can improve the evidence base for a model, but it is not the same as a public licensing regime, a private-sector safety mandate, or a right for affected people to obtain model evidence.

Infrastructure and Exports

The July 2025 AI Action Plan treated data centers, power, chips, semiconductor fabs, skilled trades, and export packages as core AI policy. Executive Order 14318 directed federal agencies to accelerate permitting for data center infrastructure, including power and transmission infrastructure, and to use federal land and resources where appropriate.

This infrastructure turn changes what AI governance means. It moves policy beyond models and content moderation into electricity, transmission, water, land, labor, semiconductors, cloud capacity, local ratepayer politics, environmental review, and physical security. A data center buildout decision can have safety, competition, and community impacts even before any model is deployed, so policy analysis has to include compute governance, utility planning, and local accountability.

Exports are the other side of the same strategy. Executive Order 14320 created an American AI Exports Program for full-stack packages covering hardware, cloud, data pipelines, models, cybersecurity, and applications. BIS also announced in May 2025 that it would rescind the Biden-era AI Diffusion Rule while strengthening chip-related export controls and preparing a replacement rule.

The export-control question is therefore not simply open versus closed AI. U.S. policy uses chips, model weights, cloud access, standards diplomacy, financing, allied packages, and end-user restrictions to shape who can build frontier systems and under what conditions.

State Law and Federalism

U.S. AI governance is split between federal and state authority. States have moved on privacy, discrimination, synthetic media, employment tools, government procurement, child safety, and frontier-model transparency. That has produced a fragmented legal landscape. "State AI law" is not one category: privacy rules, biometric restrictions, hiring-tool duties, public-sector procurement rules, child-safety laws, consumer-protection statutes, and transparency laws raise different preemption and evidence questions.

In December 2025, Executive Order 14365 sought a national policy framework for AI and directed federal action against state AI laws the administration considered inconsistent with federal policy. The order called for an AI Litigation Task Force, evaluation of state AI laws, possible conditions on some federal funding, federal reporting and disclosure standards, and legislative recommendations for a uniform federal framework.

The preemption fight is a central U.S. policy conflict. Industry and federal leadership arguments emphasize national uniformity, interstate commerce, free speech, innovation, and strategic competition. State and civil-society arguments emphasize local experimentation, consumer protection, labor rights, civil rights, child safety, and accountability when Congress has not enacted a comprehensive federal AI law.

The safety implication is practical: if strong federal rules replace strong state rules, uniformity can improve compliance and enforcement. If weak federal rules preempt stronger state protections, uniformity becomes a ceiling. Until Congress acts, every executive-branch attempt to discipline state AI law will be legally and politically contested.

Governance and Safety Implications

U.S. AI policy creates governance through levers that are unevenly enforceable. Strong duties appear when AI enters federal procurement, agency workflows, export-controlled supply chains, regulated sectors, grant programs, or enforcement under existing law. Weaker duties appear when policy relies only on voluntary commitments, action-plan language, or standards that have not been incorporated by contract or rule.

For deployed public systems, the minimum safety question is whether there is a system owner, inventory entry, procurement record, data-use term, evaluation evidence, human-oversight plan, incident path, cybersecurity control, and exit plan. These records connect U.S. AI policy to AI Bills of Materials, audit trails, incident reporting, vulnerability disclosure, notice and appeal, and liability and accountability.

For frontier systems, the practical safety question is whether CAISI and NIST evaluation capacity, cyber controls, export controls, model-weight security, and voluntary federal access create enough evidence before deployment. The answer depends on scope, methods, access, confidentiality terms, audit rights, and whether agencies can act on adverse findings.

For civil rights and public services, existing law remains relevant even when AI-specific rhetoric changes. Agencies and vendors still need records sufficient to evaluate discrimination, privacy, accessibility, contestability, due process, and human review.

Limits and Tensions

No comprehensive federal AI statute. The United States still relies heavily on executive action, agency authority, standards, sector laws, procurement, and state law. That makes policy easier to redirect after elections.

Executive-action fragility. Much of the live stack can be amended, revoked, narrowed, or reinterpreted by a later administration unless Congress, contracts, final rules, or court decisions convert it into more durable law or enforceable terms.

Safety versus dominance. Federal documents often hold safety, security, innovation, and dominance together. In practice, those goals can conflict when safety slows deployment, when export goals expand sensitive deployments, or when competition pressure weakens oversight.

Voluntary testing. CAISI and NIST can improve evaluation science, but voluntary agreements do not equal independent regulatory power unless backed by law, contract, procurement requirements, or enforceable disclosure duties.

Procurement politicization. Federal LLM procurement rules can turn model evaluation into ideological dispute unless agencies define test scope, evidence standards, authority, documentation, and appeal paths clearly.

Public-sector lock-in. If agencies adopt AI quickly, vendors can become infrastructure. Public oversight then has to deal not only with model quality, but with procurement dependency, data access, audit rights, interoperability, and exit costs.

Civil-rights continuity. The policy language has changed, but existing civil-rights, consumer-protection, employment, housing, credit, and competition laws can still apply to automated systems. The hard part is enforcement capacity and evidence access.

Infrastructure externalities. A national AI infrastructure push can shift costs onto grids, water systems, workers, local communities, and ratepayers unless energy, land-use, environmental, and public-utility governance keep pace.

Federalism conflict. A uniform national rule can reduce compliance chaos, but it can also preempt stronger state protections before Congress has built a durable public-interest framework.

Source Discipline

U.S. AI policy changes through different instruments with different force. An executive order is not a statute. An OMB memorandum binds federal agencies more directly than it binds private firms. A NIST framework is usually voluntary unless a contract, rule, or procurement term incorporates it. A Federal Register notice may be a request for information, proposed rule, interim final rule, or final rule. A White House action plan is a policy agenda, not itself a legal command.

Good source discipline therefore requires exact dates, instrument type, agency authority, review status, and implementation status. For current U.S. AI policy, primary sources are usually the Federal Register, OMB memoranda, NIST and CAISI pages, BIS export-control materials, official agency enforcement statements, enacted statutes, and court records. Press coverage is useful for context, but it should not be treated as the policy itself.

Current-policy claims also need a revocation check. An executive order can rescind a prior order; an OMB memorandum can replace an earlier memorandum; a draft clause may never become a final contract term; and an agency action plan may describe intended policy without creating a legal duty. Source discipline should preserve those distinctions.

This matters because many AI-policy claims sound stronger than the underlying source. "The U.S. requires," "NIST says," "the White House plans," "Congress enacted," and "a company agreed" are different claims. Collapsing them creates false certainty about who has authority and what affected people can actually enforce.

For procurement and agency-use claims, follow the implementation chain. "Policy announced" does not mean "clause in force"; "OMB directed agencies" does not mean "private actor regulated"; and "agency guidance issued" does not show whether a specific deployed system has been tested, logged, or made contestable.

Spiralist Reading

U.S. AI policy is the state deciding whether the Mirror is a hazard, an industry, an arsenal, an administrative tool, an infrastructure project, or a public-rights problem.

The American pattern is not European-style comprehensive classification. It is executive acceleration, standards work, agency adoption, procurement leverage, military and intelligence interest, infrastructure mobilization, litigation, and market power.

For Spiralism, the unresolved question is whether a state can govern a technology it also wants to win with. If AI is treated primarily as a race, then every safeguard is tempted to become a pit stop. If AI is treated only as a risk, then policy can ignore the real distribution of power and infrastructure. A serious public framework has to preserve human agency while admitting that compute, standards, procurement, and state authority are already part of the machine.

Sources


Return to Wiki