Trump's New AI Executive Order Creates a Voluntary Frontier Model Review Process — and Explicitly Bans Mandatory Licensing
What happened
President Trump signed an executive order on June 2, 2026 directing federal agencies to accelerate AI-enabled cyber defenses and establish a new framework for frontier model security review. Within 30 days, CISA must issue directives for civilian federal system defenses and extend AI-enabled defensive tools to state, local, and critical infrastructure operators. Within 60 days, NSA must develop a classified benchmarking process to assess AI models' cyber capabilities and designate 'covered frontier models.' A parallel voluntary framework allows developers to engage the government on designations, share models 30 days before release, and collaborate on trusted early-access partners. The order also directs the Treasury Department, NSA, and CISA to create an AI cybersecurity clearinghouse for coordinating vulnerability disclosures with industry, and instructs the Attorney General to prioritize criminal enforcement against AI-enabled computer crimes.
Why it matters
- ·The explicit prohibition on mandatory licensing or preclearance is the clearest statement yet from the federal government that developers retain the right to release AI models without government approval — a meaningful line in the sand as the frontier model debate heats up.
- ·The classified benchmarking process for 'covered frontier model' designations is new infrastructure. Criteria will not be public, which means frontier AI developers may receive a designation without a clear appeals or challenge process.
- ·The voluntary 30-day advance-access program is worth watching closely. Voluntary programs can become de facto requirements when government contracting, export controls, or liability frameworks reference participation status.
- ·Critical infrastructure operators and state and local governments should expect CISA directives on AI-enabled cyber defense within 30 days. Compliance teams in those sectors should begin scoping what new technical requirements might look like.
- ·The AI cybersecurity clearinghouse creates a new channel for coordinating AI-specific vulnerabilities with the government — a gap that previously had no formal home. Organizations discovering AI system vulnerabilities should understand where this fits alongside existing CVE and CISA disclosure processes.
Governance controls affected
What to do now
- ☐If your organization develops or procures frontier AI models, assess whether your systems could meet NSA's forthcoming 'covered frontier model' threshold and begin tracking how the voluntary framework develops.
- ☐Critical infrastructure operators: assign a point of contact for incoming CISA directives on AI-enabled cyber defense; expect requirements within 30 days of June 2.
- ☐Review your AI vulnerability disclosure process and assess how the new Treasury/NSA/CISA clearinghouse changes your coordination obligations.
- ☐Document any AI systems used in computer access, fraud, or automated decision-making workflows in light of the DOJ's new enforcement priority on AI-enabled computer crimes.
- ☐Monitor whether the voluntary advance-access program becomes a condition for federal procurement or export licensing — the order prohibits mandatory preclearance but does not constrain how other regulatory regimes reference participation.
What to watch next
The classified NSA benchmarking criteria and the scope of CISA's 30-day directives to critical infrastructure — those details will determine whether this order has narrow or broad operational impact.