President Trump signed an executive order on Tuesday calling for the creation of a framework that would give the federal government the ability to evaluate AI models. The order tasks the Office of the National Cyber Director with developing a process to share information about software vulnerabilities identified by AI systems with critical infrastructure operators before those models go public.
The new directive represents a significant shift from Trump’s previously hands-off approach to AI regulation. It comes after mounting concerns about the security risks posed by increasingly powerful AI systems and their potential impact on banks, utilities, hospitals, and other essential services.
The order asks AI companies to voluntarily submit their most powerful models for government review 30 days before public release. This timeline represents a compromise after intense industry pressure. Trump was originally expected to announce the order on May 21, but the White House postponed the signing ceremony following pushback from tech industry insiders. The president later told reporters he “didn’t like certain aspects” of the original order.
According to reports, an earlier draft had called for giving the government up to 90 days to review AI models. Some industry officials pushed for this period to be shortened to as little as 14 days before the final 30-day compromise was reached. Trump participated in a small, high-level White House meeting where he and his advisors agreed on the scaled-back version, which was signed in a private ceremony.
The executive order represents a notable departure from Trump’s previous AI policies. His AI Action Plan from last summer outlined a vision with few guardrails on companies like OpenAI. When the administration did seek to regulate AI, it focused primarily on ideological grounds, issuing orders that limited federal procurement of what it termed “woke” AI systems.
Trump has also worked to prevent states like Colorado and New York from passing their own AI restrictions. He ordered the creation of an AI litigation task force within the Department of Justice to challenge state laws the president considers “onerous.”
The cybersecurity focus marks a shift toward addressing practical security concerns rather than ideological ones. The order aims to identify vulnerabilities that AI systems might discover and ensure critical infrastructure operators can patch those weaknesses before the capabilities become widely available.
However, experts have raised concerns about the transparency of the review process. Samir Jain, vice-president of policy at the Center for Democracy and Technology, noted that the order doesn’t give the public much visibility into how the government will benchmark AI models. “We don’t want a situation in which any administration can exercise arbitrary power over whether, when and how models are released, particularly when they could use security as a pretense to block or handicap a model for political or ideological reasons,” he said.
The voluntary nature of the 30-day review period also raises questions about effectiveness. Unlike mandatory disclosure requirements, companies can choose whether to participate in the government assessment process. This approach reflects the administration’s attempt to balance security concerns with industry demands for minimal regulatory interference.
The order signals growing recognition across government that AI poses real security risks requiring federal intervention. As AI capabilities continue to advance rapidly, the tension between innovation speed and security oversight is likely to intensify, making this executive order a potential template for future AI governance approaches.