Most coverage of President Donald Trump’s June 2 Executive Order on AI frames it as a reversal of his deregulatory stance, or as Trump quietly borrowing from Biden. Both interpretations miss the significance of what’s actually there.
The clause that matters most in the Executive Order is buried in Section 3(c). Nothing in the order, it says, authorizes “mandatory governmental licensing, preclearance, or permitting” for developing or releasing AI models. In effect, the order slams the door on the idea that had been circulating in Washington for weeks: an FDA for AI.
And yet, the same section does something that it seems designed to disclaim. It builds the scaffolding that a workable mandatory regime would need: a government benchmark that can actually measure when a model has crossed a dangerous threshold, specifically in the cybersecurity domain. This is a sturdy foundation for frontier model review, but one that is undermined by the administration’s unwillingness to make it binding.
The idea of a mandatory pre-deployment review for frontier AI models gained real traction by spring of this year. Kevin Hassett, the National Economic Council director, floated vetting new AI models before release “just like an FDA drug”— echoing a proposal made by the NYU Stern Center for Business and Human Rights Director, Mike Posner, whom I work for, and a number of others. But neither the draft Trump pulled hours before its May signing ceremony—over concerns that it could slow American firms racing to compete with China’s AI sector—nor the version he signed this week made the pre-deployment framework mandatory. What changed between them was a matter of degree in terms of the time period allotted for pre-deployment review—the review window was cut from 90 days to 30 in section 3(b)(ii)—plus the addition of the explicit clause in section 3(c) disclaiming the creation of a mandate.
Admittedly, the FDA model is not a perfect fit for frontier AI, the most powerful, large-scale models at the cutting edge of technology. Scientists can test a discrete drug compound with a known formula. With AI, the underlying system—the billions of numerical parameters, called “weights,” that encode what the model has learned—behaves differently depending on fine-tuning, how users interact with it (including malicious “prompt injections”), and what other systems it connects to online. Many of the potential harms flowing from frontier AI are still unknown, and the tests (or “benchmarks”) to measure whether a model causes harm are contested and underdeveloped in some domains.
But there is one category of harm where benchmarks are more advanced and can feasibly be developed: cybersecurity. Determining whether a model can find and exploit a software vulnerability is a relatively objective question. The vulnerability either exists and the model exploits it, or it doesn’t. That is precisely the kind of testable criterion on which a regulatory threshold can be built, and is far less contested than whether a model could help build a bioweapon or promote self-harm, for example.
Cybersecurity is the area that Trump’s order is explicitly built around. It instructs the National Security Agency (NSA), working with the Cybersecurity and Infrastructure Security Agency (CISA), the Treasury Department, and the National Institute of Standards and Technology (NIST), to develop “a classified benchmarking process to assess the advanced cyber capabilities of AI models” and to set the threshold at which a model becomes a “covered frontier model,” which makes it subject to pre-release government review. That, in itself, is a worthwhile endeavor. The Trump order’s main flaw is its failure to make this pre-deployment regime mandatory.
A voluntary regime cannot do the one thing a safety regime exists to do: bind the developer who would rather not be bound. The labs cooperating today seem inclined to do so for now. A voluntary framework reaches them but is silent on what to do with a lab that is reckless, controlled by a foreign adversary, or simply changes its mind on the value of cooperation with the U.S. government down the road.
Public assurance is only as strong as its ability to bind actors who will not voluntarily opt in, or ones who might opt in today but not tomorrow. The difficulty of benchmarking a model’s capabilities, and in turn the risks it poses, is what makes mandatory pre-approval seem unworkable. In the area of cybersecurity, this order quietly solves that problem. What remains is not a technical obstacle but a political choice. The administration has drawn the right map but stopped at the trailhead.
