Public Policy & Governance

President Trump signed the 'Promoting Advanced Artificial Innovation and Security' executive order on June 2, establishing a voluntary framework under which tech companies are asked — not required — to share frontier AI models with the federal government prior to public release. This is analytically significant not because it imposes compliance obligations, which it does not, but because it marks a deliberate departure from the administration's earlier posture of near-total deregulation. The White House is now asserting a national security and cybersecurity rationale for government pre-visibility into AI capabilities, a framing that opens a legal and institutional path toward future mandatory measures. The Guardian reports the order gives an enhanced role to the intelligence community in model review — a detail with long-term governance implications distinct from consumer or competition-focused AI regulation.

The Institute for AI Policy and Strategy (IAPS) flagged concrete implementation challenges: voluntary frameworks with no defined participation incentives, no penalty structures, and no independent verification mechanism are historically poor compliance drivers in the tech sector. Politico notes that pro-regulation voices are treating the order as a political concession, interpreting the White House's retreat from laissez-faire as momentum for eventually mandatory regimes. Critically, OpenAI has already diverged from the White House framework, releasing its own regulatory proposal that splits from voluntary vetting and the intelligence community role — Politico reports this as a direct public disagreement between the dominant frontier lab and the administration that has largely protected it from regulation. This divergence is itself a governance signal: even the industry's most prominent actor is not aligned with the White House's framing.

The European Commission on June 3 published the proposed Cloud and AI Development Act (CADA) as part of a broader Technology Sovereignty Package covering semiconductors, AI, cloud infrastructure, and open source. The framing is explicitly geopolitical: the Commission wants to eliminate what it describes as 'risky dependencies' on foreign — specifically US and Chinese — providers, and to ensure no foreign government or company can access a 'kill switch' over critical European digital infrastructure. The Guardian notes the Commission directly acknowledged this risks further tensions with the Trump administration, which has previously criticised European digital regulation as trade discrimination against American firms.

This is a proposal, not yet a regulation — it requires co-decision between the Council and European Parliament, a process that typically takes 18-24 months and involves substantial amendment. However, the political signal is unambiguous: the Commission is legislating for a European cloud and AI infrastructure that is structurally insulated from extraterritorial US law, including CLOUD Act access and potential executive-order-based service disruptions. For policy professionals, the CADA sits in a trifecta with the AI Act (now in implementation phase) and the Data Act — together these constitute the most comprehensive attempt by any jurisdiction to regulate the full AI stack from infrastructure to application. A simultaneously opened stakeholder survey on AI in healthcare and pharmaceuticals European Commission suggests the Commission is building sectoral evidence bases in parallel with horizontal legislation.

The UK Competition and Markets Authority issued a binding order requiring Google to provide publishers with a mechanism to block their content from appearing in AI-generated search summaries. This is not a consultation or a proposal — it is an enforceable decision under the CMA's Strategic Market Status powers, which allow bespoke obligations on designated digital gatekeepers without requiring new primary legislation. The Guardian characterises this as having 'global ramifications': because Google's systems are not jurisdiction-siloed at the content-indexing level, a UK opt-out mechanism will require structural changes to how Google handles publisher consent across its AI search infrastructure worldwide.

The CMA's intervention is notable for its speed and legal mechanism compared to EU and US approaches. The EU is handling similar publisher-AI disputes through the AI Act's transparency obligations and Digital Markets Act provisions, both of which have longer enforcement timelines. The US has no equivalent federal mechanism — publisher-AI content disputes in the US are proceeding through copyright litigation. The CMA action therefore represents the fastest route to an enforceable publisher remedy in any major jurisdiction, and will be studied by regulators in Australia, Canada, and the EU as a template. Publishers have previously complained of significant drops in click-through traffic following Google's AI Overviews rollout — The Guardian frames this as a revenue and sustainability issue for news organisations, not merely a copyright question.

Florida became the first US state to file a lawsuit directly against OpenAI and Sam Altman, a development Politico describes as the first such state-level action. This follows Florida legislators making AI regulation a core policy priority — Politico documents a strategy combining legislation, litigation, and political messaging that mirrors the posture blue-state AGs took toward social media platforms in 2021-23. The strategic significance is the political geography: Florida is a Republican-governed state, and its aggressive AI regulation stance fractures the narrative that AI governance is primarily a Democratic or progressive priority.

For federal policy, this creates a structural problem: without a federal AI liability or preemption framework, OpenAI and other frontier developers now face a patchwork of state-level legal exposure. California has existing AI-related legislation; Florida is now litigating; other states are legislating on algorithmic pricing, facial recognition, and content moderation. The Colorado governor's veto of a surveillance pricing bill — The Guardian — shows state-level outcomes are highly variable and governor-dependent, making compliance planning for multistate AI deployments increasingly complex. The absence of federal preemption is now an active business risk, not merely a policy gap.

The UK Home Office announced a contract to deploy AI facial age estimation technology on young asylum seekers, making it the first European government to operationalise biometric AI in immigration age assessment at scale. A coalition of over 100 refugee children's charities has opposed the measure, warning that misclassification errors could result in children being placed in adult detention facilities — a legally consequential outcome with potential human rights liability under the European Convention on Human Rights. The Guardian reports the deployment is proceeding via contract, not primary legislation, meaning parliamentary scrutiny is limited and the AI system's accuracy thresholds, error rates, and appeal mechanisms have not been publicly specified.

The governance gap here is structural: the UK's AI regulatory framework, which relies primarily on existing sector regulators rather than a dedicated AI Act equivalent, does not require pre-deployment conformity assessments for high-risk government AI applications in the way the EU AI Act's Article 9-17 provisions will from August 2026 onward. The Home Office's use of procurement contracts to deploy consequential biometric AI without a statutory framework is legally permissible under current UK law but represents exactly the implementation gap that civil society and parliamentary committees have repeatedly identified. The contrast with the EU approach — where immigration AI systems are classified as high-risk requiring mandatory human oversight and transparency obligations — is directly relevant to the UK's ongoing AI governance review.