Public Policy & Governance

The Trump White House this week simultaneously relaxed and tightened its grip on frontier AI models, revealing an ad hoc governance posture that is neither deregulatory nor consistently protectionist. The administration partially lifted its export ban on Anthropic's Mythos 5, clearing access for a select group of companies and agencies, while a second advanced Anthropic model remains blocked. In a parallel move, OpenAI staggered the release of GPT 5.6 following a direct government request — a step Sam Altman publicly pushed back against, warning it denies access to 'users, developers, enterprises, cyber defenders, and global partners.' The Guardian reported OpenAI's dissatisfaction with the constraint, framing it as a competitive and security cost.

This is not standard export control or national security review — it is direct executive influence over domestic commercial product launches, exercised informally rather than through any rulemaking process. Politico reports that tech lobbyists who backed Trump expecting deregulation are now 'cautiously searching for answers,' having misjudged the administration's willingness to intervene operationally in AI markets. The legal basis for compelling release staggers is opaque; there is no formal statutory authority cited, which makes this pattern difficult to challenge, predict, or plan around. Cross-jurisdictionally, this informal executive control contrasts sharply with the EU's rule-bound, GPAI-model governance under the AI Act, and with the UK's preference for sector-regulator-led guidance — neither of which involves heads of government directing product launch timelines.

Governor Newsom's agreement with Anthropic — making Claude the first AI tool available across all California state agencies and local governments — is the most expansive sub-national AI procurement commitment in the US to date. Politico describes it as an exclusive first-mover arrangement. California's scale (the world's fifth-largest economy, with hundreds of agencies and thousands of local governments) makes this functionally equivalent in reach to a medium-sized national government's AI adoption policy.

The governance questions this raises are substantial. A single-vendor arrangement of this scope creates lock-in risks, audit and accountability challenges, and a procurement model that smaller jurisdictions will likely mirror without the leverage California has to negotiate safeguards. Newsom has previously vetoed major AI safety legislation (SB 1047 in 2024) while simultaneously positioning California as a pro-AI governance leader — this deal is consistent with that posture. The absence of publicly disclosed terms around data handling, model auditing, public employee oversight, or exit clauses is a material implementation gap that legislative oversight committees should prioritize.

The Center for Democracy and Technology's visual analysis of AI-related redress pathways confirms what legal practitioners have long suspected: the EU AI Act does not establish an independent, comprehensive remedy framework for individuals harmed by AI systems. Instead, it offloads rights protection onto GDPR mechanisms — data subject rights, supervisory authority complaints, and Article 82 liability claims — that were designed for data protection violations, not the full spectrum of AI-generated harms such as discriminatory automated decisions, physical safety failures, or manipulation by GPAI models. CDT frames this as a structural design choice rather than an oversight.

This is a concrete implementation gap with enforcement consequences. The AI Act's high-risk system obligations — conformity assessments, human oversight requirements, fundamental rights impact assessments — create compliance duties for deployers and providers but do not directly translate into individual causes of action. Affected individuals must navigate GDPR complaint routes through national data protection authorities, which are already resource-constrained and have uneven enforcement records across member states. The EU AI Liability Directive, intended to bridge this gap, remains stalled. For policy professionals advising on EU compliance strategy, this means the practical enforceability of AI Act rights provisions is significantly weaker than the regulation's framing suggests.

Leading the Future, a pro-AI super PAC, spent heavily to defeat New York Assemblyman Micah Lasher — author of the state's AI safety legislation — in his Democratic congressional primary. The campaign succeeded electorally but generated significant backlash, and Politico reports the PAC and its backers have since gone quiet. The strategic logic was to remove a credible legislative threat at the congressional level before he could nationalize New York's regulatory approach — a playbook similar to what was attempted against California's SB 1047 proponents.

The backlash effect is the more consequential governance story. Heavy-handed political spending against AI safety legislators risks galvanizing state-level regulatory action in New York and peer states by framing AI safety as a populist cause against well-funded industry interests. This mirrors patterns seen in other tech policy fights (net neutrality, data privacy) where industry-backed electoral interventions stiffened rather than softened legislative resolve. The absence of a federal AI framework means state legislatures remain the primary legislative venue, and industry's capacity to neutralize every state-level champion is finite.