VERIK / V057 / 03 JUN 2026
Mythos AsymmetryGovernance

The Two Postures the White House Signed Into Effect

On Executive Order 14409, the mandatory review it is not, and the audit-first architectures it now sits beside rather than inside.

On June 2, 2026, President Trump signed Executive Order 14409, Promoting Advanced Artificial Intelligence Innovation and Security. The order's stated policy is to promote AI innovation and security by working with the private sector to harden government and private information systems, protect American intellectual property, and cultivate the country's AI-enabled capabilities. It establishes a voluntary framework under which the National Security Agency, in consultation with other agencies, will develop a classified benchmarking process to determine when a model qualifies as a "covered frontier model," and under which developers may voluntarily share such models with the federal government for up to 30 days before releasing them to other trusted partners. The order explicitly states that nothing in it authorizes a mandatory licensing, preclearance, or permitting requirement for developing, publishing, or distributing any AI model, including frontier models.

That final clause is the order's load-bearing sentence. It forecloses, by its own text, the possibility that this instrument becomes a mandatory pre-deployment gate. Everything else in the order, the cyber-defense directives to the Committee on National Security Systems and the Department of War, the Binding Operational Directives CISA is instructed to issue for civilian federal systems, the AI cybersecurity clearinghouse the Treasury Department is to stand up with industry, the Department of Justice's instruction to prioritize prosecution of AI-assisted cybercrime, sits downstream of a framework whose central review mechanism is opt-in.

What the Order Replaced

The order arrived after a documented reversal. Reporting from the New York Times and other outlets described a draft executive order the administration prepared for signing on May 21, 2026, which would have required a 90-day pre-deployment review of frontier models by the NSA and Treasury before public release. That signing ceremony was cancelled hours before it was scheduled, reportedly after opposition from major technology executives, with the President telling reporters he "didn't like certain aspects of it." The order that was eventually signed on June 2 shortened the review window from 90 days to 30, and converted what had been reported as a framework with mandatory characteristics into one that is voluntary on its face, with no legal consequence specified for a developer that declines to participate.

The shift matters because it establishes what the finalized order is measured against. Executive Order 14409 is not simply "an AI security order." It is the second, narrower attempt at a federal pre-deployment review mechanism, arriving after the first, stronger version did not survive contact with industry pressure. The gap between the 90-day mandatory-leaning draft and the 30-day voluntary final text is a direct measure of how much pre-deployment evaluation authority the federal government was willing to claim once the question came into contact with the parties it would apply to.

The Structural Conflict With Illinois

On July 6, 2026, five weeks after the federal order, Illinois Governor JB Pritzker signed Senate Bill 315, the Artificial Intelligence Safety Measures Act, into law. SB 315 applies to frontier AI developers with global annual revenue above 500 million dollars and models trained with more than 10^26 operations of compute, a threshold lawmakers estimate captures the small set of companies building the most capable systems, including OpenAI, Anthropic, Google DeepMind, and xAI. The law requires those developers to publish an annually updated framework describing how they assess catastrophic risk, to publish pre-deployment transparency reports before releasing a new or substantially modified frontier model, and, distinctively among U.S. state AI statutes, to submit to an annual independent third-party audit verifying that the developer is actually doing what its published framework says. Auditors must be free of financial ties to the company they audit and must have access to unredacted materials. The Illinois Attorney General holds exclusive civil enforcement authority, with penalties up to 3 million dollars per violation. The law's core obligations take effect January 1, 2028.

The structural conflict is not that federal and state law say contradictory things about what a model must do. It is that they name different mechanisms as load-bearing. SB 315's audit requirement assumes that a developer's self-reported compliance with its own safety framework is not, by itself, verifiable, and that an outside party with unredacted access must confirm it. The federal order assumes the opposite: that a voluntary 30-day early-access window, extended at the developer's discretion, is a sufficient review mechanism, and that anything stronger risks becoming the mandatory preclearance regime the order's own text rules out. One instrument treats pre-deployment evaluation as something that must be externally verified under legal compulsion. The other treats it as something a developer may offer to a federal counterparty on terms the developer controls.

The Structural Conflict With the EU AI Office

The same posture gap shows up against the EU AI Office's activation of a Scientific Panel and Advisory Forum on June 1, 2026, one day before the U.S. order was signed. The Scientific Panel's sixty members are tasked with evaluating systemic risk in general-purpose AI models and advising the AI Office and national authorities on classification and cross-border market surveillance. Whatever the limits of that structure, discussed elsewhere in this analysis, its premise is that systemic-risk evaluation is a standing institutional function, staffed on a continuing basis, operating under a statute that has already entered into force for general-purpose AI obligations. The American order's premise is that pre-deployment access is a time-limited, developer-initiated courtesy, revisited only through the classified benchmarking process NSA is instructed to build.

Both instruments name pre-deployment evaluation as a meaningful category. Neither treats it the same way. The EU structure is standing, staffed, and statutory. The federal structure is voluntary, time-boxed, and explicitly barred from becoming anything stronger. A frontier developer operating across both jurisdictions faces a standing evaluation body on one side of the Atlantic and an opt-in benchmarking exercise on the other, governing models that do not respect jurisdictional boundaries when they are trained, fine-tuned, and distributed as a single artifact.

Open Questions

Executive Order 14409 forecloses mandatory pre-deployment review in its own text. Illinois SB 315 makes independent verification of safety claims a legal requirement backed by seven-figure penalties. The EU AI Office stood up a standing evaluation body the day before the federal order was signed. Three instruments, three postures, one set of models moving across all three at once. The policy instruments and the deployment tempo are not aligned.