Public Policy & Governance

A coalition including the Center for Democracy and Technology wrote to Rep. Ted Lieu (D-CA) urging him to ensure his bipartisan American Leadership in AI Act is not bundled with, or used as political cover for, broader congressional efforts to preempt state AI laws. The letter is a concrete intervention in an accelerating legislative fight: proponents of federal preemption argue that a patchwork of state laws creates compliance burdens for industry, while civil society groups and many state officials contend that state-level regulation — including laws covering algorithmic discrimination, automated decision-making in employment, and consumer protection — represents the only active layer of enforceable protection given federal inaction. CDT

This is a legislative process concern, not a substantive objection to Lieu's bill itself — the coalition expressed support for its underlying goals. The risk they are identifying is procedural: attaching a bipartisan, relatively uncontroversial measure to a sweeping preemption rider in order to force through the latter. This tactic has precedent in tech policy. The outcome of this fight will determine whether states such as California, Colorado, and Texas retain authority to enforce their own AI rules, or whether federal legislation creates a ceiling rather than a floor.

The European Commission opened a consultation on draft guidelines covering transparency obligations under the AI Act on May 8, with a closing date of June 3. This is a narrow but significant procedural milestone: it represents the first set of implementation guidelines under the Act to be opened for structured external feedback, moving the regulation from political text to operational compliance standard. The transparency obligations in question cover requirements for providers to disclose when users are interacting with AI systems, and to label AI-generated content — areas where the draft guidelines will set the interpretive baseline that national market surveillance authorities are expected to apply. European Commission

A separate EU call for proposals under the Digital Europe Programme — DIGITAL-2025-AI-DATA-10-COMPLIANCE — is seeking projects developing digital tools for regulatory compliance through data, with an information session scheduled for June 8. Taken together, these two actions signal that Brussels is moving to build both the interpretive framework and the technical infrastructure for AI Act enforcement simultaneously, which is ambitious given that member state authorities are still building capacity.

UK MPs issued a formal warning that NHS England has granted Palantir and other contractors access to identifiable patient data before adequate data governance frameworks were in place, in the course of building an AI-integrated NHS platform. The parliamentary intervention — characterising the arrangement as 'dangerous' — is a political escalation that carries real procedural weight: it creates a record for the Information Commissioner's Office and could trigger a formal parliamentary inquiry. The core governance failure identified is sequencing: procurement and data access preceded, rather than followed, the establishment of privacy safeguards and accountability mechanisms. The Guardian

This pattern — where urgency around AI deployment leads public sector bodies to grant commercial access before governance is complete — is not unique to the NHS. CDT and EPIC's objection to HUD's expanded AI use in its CRM system reflects an identical dynamic in the US federal context: a System of Records Notice was filed to expand AI capabilities and data collection categories, but civil society groups argue the privacy framework underpinning it is inadequate. CDT The convergence of UK and US examples in the same news cycle suggests a systemic procurement governance failure, not isolated incidents.

CDT's analysis of the Pentagon-Anthropic procurement dispute broadens the frame beyond defence to examine its effects on civilian federal agencies and state, local, and tribal governments. The core concern is supply chain fragility: if a high-profile contract dispute between DoD and a leading frontier AI provider disrupts or conditions access to that provider's models, civilian agencies that have built workflows or procurement plans around those capabilities face cascading disruption. CDT argues the dispute also raises questions about whether AI providers can assert conditions on government use that effectively constrain lawful agency operations. CDT

This analysis intersects with the broader White House coordination problem identified by Politico, which reports that AI lobbyists are frustrated by what they describe as a lack of organisational coherence in Trump administration AI policy — specifically mixed signals on how rigorously new AI models will be vetted for government use. Politico The combination of a fragmented executive posture and a high-profile procurement dispute creates significant uncertainty for agencies trying to build durable AI procurement strategies.

The Institute for AI Policy and Strategy published a policy memo assessing two recent US government actions on AI distillation attacks — the OSTP National Security Technology Memorandum and the proposed Deterring American AI Model Theft Act of 2026 — and concludes that both leave significant gaps. Distillation attacks allow adversaries to extract the capabilities of a powerful AI model by querying it and training a derivative model on the outputs, potentially circumventing export controls and IP protections. The memo argues that the NSTM lacks enforcement mechanisms and that the proposed legislation does not adequately address the technical vectors through which distillation occurs. IAPS

This is a concrete example of the implementation gap problem: both the executive and legislative actions exist and are directed at a real threat, but the technical specificity required to make them enforceable has not been achieved. The Foreign Policy analysis of definitional incoherence across jurisdictions — governments cannot agree on what AI is — compounds this problem: without agreed definitions of what constitutes a 'model,' 'distillation,' or 'theft' in a technical sense, legislation and executive orders struggle to produce actionable compliance obligations. Foreign Policy