President Trump signed an executive order on June 2, 2026 creating a voluntary framework that lets frontier AI labs share their next models with the federal government up to 30 days before public release. The order routes vendors through the Commerce Department's Center for AI Standards and Innovation (CAISI) and is explicit that it is neither a mandatory licensing regime nor a preclearance requirement. Companies that opt in receive confidentiality protections for the artifacts they hand over, and federal agencies get a runway to build the cyber-risk assessments that will eventually decide which model classes are in scope.
The signing reverses the April postponement, when the White House pulled an earlier draft because the President was worried any pre-release process could slow the United States in its race against China. The final text keeps participation optional, narrows the review window from the 14-to-90 day range that had been circulating, and leans on a roster of labs that have already volunteered. It is a softer instrument than what safety advocates wanted, but it is the first formal federal touchpoint for frontier models since the Biden-era voluntary commitments.
Inside the 30-day CAISI window
The mechanism is narrower than press shorthand suggests. A participating lab notifies CAISI of an upcoming release, hands over model weights or scoped access plus evaluation materials, and CAISI runs its cyber-capability tests during a window that closes no later than 30 days before the public ship date. The agency cannot block the release. It can flag findings, request mitigations, and route classified concerns through the relevant national security channels. The order frames the entire arrangement around "secure innovation" and the protection of critical infrastructure rather than around model behavior writ large, which keeps content moderation, copyright, and bias questions out of CAISI's remit.
Confidentiality is the carrot. Labs have long argued that any disclosure regime risks leaking architectural details or red-team findings to competitors and foreign intelligence services. The executive order responds by promising statutory-style protections for shared information, though the durability of those protections under a future administration is the obvious open question. There is no civil penalty for non-participation, and no public registry of who did or did not submit.
Why the April delay collapsed
The proximate cause, according to people quoted across the coverage, was Anthropic's limited April rollout of its Mythos model, which surfaced thousands of high-severity vulnerabilities spanning every major operating system and web browser. Brad Carson of Americans for Responsible Innovation captured the mood inside the West Wing with the line that "the White House is officially Mythos-pilled." The demonstration gave the administration a politically usable answer to the question of why any pre-release process is needed at all: a single frontier model run had, in effect, generated a national vulnerability disclosure event.
That shift also displaces the earlier posture associated with former AI czar David Sacks, who had publicly downplayed catastrophic-risk framings. The order does not name him, but it concedes ground on the central premise his camp resisted: that some model capabilities warrant a federal look before the public gets them.
Who is already in the room
The participating lab list is short and predictable. Google, Microsoft, and xAI agreed last month to pre-release review by CAISI. OpenAI and Anthropic have been working with CAISI since 2024 under arrangements that began in the Biden administration. That covers the five labs most likely to ship a frontier-class model in the next year. Meta, Mistral, and the Chinese frontier labs are not on the roster, and the order has no extraterritorial reach to pull them in.
The participation list intersects with active litigation and regulatory pressure on the same companies. OpenAI is already navigating a high-profile state action, as covered in our piece on Florida's lawsuit against OpenAI and Sam Altman over AI harm claims, and Anthropic is preparing public-market scrutiny as we noted in our coverage of its S-1 filing for what would be the largest AI IPO yet. CAISI submissions become one more disclosure surface those firms have to manage carefully.
What the cyber-capability trigger actually means
The most important detail in the order is what is missing from it. There is no hard FLOPs threshold, no parameter count, no training-compute number that automatically pulls a model into scope. Instead the order directs federal agencies to develop a framework to assess the "advanced cyber capabilities" of AI models, and that framework will set the trigger. Until CAISI and its partner agencies publish the criteria, every lab will be operating on its own read of what counts as advanced.
That ambiguity is deliberate. A capability-based trigger lets the government move with model progress instead of locking in a compute number that becomes obsolete in eighteen months. It also gives CAISI room to expand scope quietly if internal red-teaming surfaces something new. The cost is predictability: vendors cannot tell their boards today whether the next training run will require a federal submission, and procurement teams on the buy side cannot tell their auditors which vendors will have gone through review.
Operator take: vendor contracts and EU AI Act exposure
For European buyers, we read this order as a contract-clause problem before it is a policy story. The EU AI Act's general-purpose AI obligations already require providers to document training data, evaluations, and systemic-risk mitigations. A CAISI submission generates exactly the kind of artifact a Conformité Européenne file wants to cite, but only if the buyer has the right to see it or to receive an attestation that it exists. Today most enterprise AI contracts do not contain that right.
We are adding a CAISI-disclosure clause to our AI vendor renewal template. The clause requires the vendor to notify us within ten business days of any frontier model submission to CAISI or any successor body, to provide a summary attestation suitable for our AI Act technical file, and to flag any material findings that affect the model version we are licensed to use. We are pairing it with a right-to-pause clause that lets us hold a model upgrade in our environment until we have reviewed the attestation. None of this requires the vendor to leak confidential CAISI material; it requires them to confirm the process happened and to surface anything that changes our risk picture.
The first real test of the framework lands in Q4 2026, the window in which a GPT-6-class OpenAI release and a Claude Opus 5 from Anthropic are both widely expected. Those will be the first models large enough, and capable enough, to plausibly clear whatever cyber-capability bar CAISI sets. If either ships without a visible submission, the voluntary framework will have failed its first public exam, and the calls from Carson and Brendan Steinhauser of the Alliance for Secure AI to have Congress codify mandatory protections will get a lot louder. Procurement teams who have not updated their contracts by then will be reading about the gap in their own audit findings.
