5 Things To Know
- First comprehensive federal AI bill in U.S. history
- Targets OpenAI, Anthropic, Google, Meta, and other frontier developers with $500M+ revenue
- Independent audits become mandatory every 6 months
- AI safety incidents must be reported to a new federal office
- State AI development laws paused for 3 years, but deployment and privacy laws remain
What the Bill Is
On June 4, 2026, Representatives Jay Obernolte (R-CA) and Lori Trahan (D-MA) released a 269-page discussion draft of the Great American Artificial Intelligence Act. It is the first comprehensive federal AI governance bill in the United States.
The bill is not yet law. It is a discussion draft explicitly released for public feedback. But it represents the most concrete attempt at federal AI regulation to date, and its provisions draw directly from state laws already in effect in California, New York, and Illinois. The bill signals where federal AI governance is heading, regardless of whether this specific draft passes.
Who It Applies To
The mandatory requirements apply to "large frontier developers": companies with more than $500 million in annual revenue that have trained a frontier AI model. This threshold captures a small number of companies with an outsized impact on the AI ecosystem:
OpenAI, Anthropic, Google (DeepMind), Meta, Microsoft, and xAI all meet this definition. ConductAtlas tracks governance documents for all of these platforms except xAI. Together, these companies maintain the AI infrastructure that thousands of downstream applications depend on.
Most businesses using AI will not be directly subject to the bill. If you use OpenAI APIs in your product, the bill regulates OpenAI, not you. But changes to how OpenAI operates under federal regulation will flow downstream to every application built on its infrastructure. That is the dependency governance pattern ConductAtlas tracks.
What It Requires
The bill is organized into four titles: Frontier AI Governance, Workforce, Cybersecurity, and Research. The governance requirements are the most operationally significant:
Frontier AI Framework (Section 111). Large frontier developers must publish a framework documenting how they identify, assess, and mitigate catastrophic risks. This is not optional and not voluntary. The framework must be a public document addressing specific categories of severe harm.
Transparency Reports (Section 111). All frontier developers must publish transparency reports containing detailed information about their models, capabilities, limitations, and risk assessments. These reports must be issued before deploying new or substantially modified frontier models.
Critical Safety Incident Reporting (Section 111). Frontier developers must report critical safety incidents to the Director of the Center for AI Standards and Innovation (CAISI), a new office within the Commerce Department funded at $100 million per year.
Independent Verification (Section 112). Large frontier developers must retain licensed Independent Verification Organizations (IVOs) for semi-annual audits. The IVOs verify compliance with the developer's framework and assess whether risk mitigation measures achieve acceptable levels. IVOs have full access to company records, personnel, and systems.
Whistleblower Protection (Section 113). Employees and independent contractors cannot be retaliated against for reporting AI violations, defined as any violation of federal law related to the development, deployment, or operation of AI.
AI Layoff Disclosure. Employers must provide 60 days advance notice when AI is a "substantial factor" in a mass layoff, including information about the AI systems involved and the estimated share of job losses attributable to AI.
The Preemption Question
The most controversial provision: the bill would prevent states from enforcing laws that specifically regulate the development of AI models. This preemption lasts three years and includes a sunset clause.
This matters because several states have already passed or are considering AI governance laws. California's Transparency in Frontier AI Act took effect January 1, 2026. Colorado's AI Act is effective June 30, 2026. Illinois passed a frontier AI audit mandate in May 2026. New York's RAISE Act is pending. The federal bill would freeze this state-level activity for three years.
What preemption does NOT cover: state laws governing AI deployment, use, privacy, consumer protection, employment, healthcare, financial services, civil rights, and common-law claims all remain in effect. The preemption applies only to the development of AI models, not what happens after they are deployed.
Critics, including a coalition of 36 state attorneys general, argue that preemption strips states of tools they are already using to protect consumers. Supporters argue that a patchwork of state laws creates compliance confusion for developers operating in all 50 states.
Enforcement and Penalties
Non-compliance carries civil penalties of up to $1 million per violation per day. Enforcement can be brought by the U.S. Attorney General or by state Attorneys General who opt into the enforcement framework. IVOs can refer violations directly to enforcement authorities, with mandatory referrals in cases involving imminent catastrophic risk.
The bill also increases penalties for AI-enabled fraud. Maximum fines for wire fraud and mail fraud affecting financial institutions would double, regardless of whether AI was involved. Additional AI-specific penalty provisions apply to mail fraud, wire fraud, bank fraud, and money laundering when AI is used as a tool.
CAISI: The New Federal AI Office
The bill would formally establish the Center for AI Standards and Innovation within the Commerce Department, funded at $100 million per year for fiscal years 2027-2029. CAISI would develop voluntary guidelines and standards for AI security, evaluate AI systems, license IVOs, receive safety incident reports, and brief Congress on emerging risks.
CAISI would also evaluate foreign AI models to benchmark U.S. AI capabilities against international competitors. The center would coordinate with NIST, CISA, and the National Science Foundation on AI research, standards, and cybersecurity.
What This Means for Businesses Building on AI
If you build products on OpenAI, Anthropic, Google, or Meta AI infrastructure, the bill does not regulate you directly. But it regulates your infrastructure providers in ways that will affect your operations:
More governance documents to track. Frontier developers will be required to publish frameworks, transparency reports, and safety assessments that do not currently exist as mandatory documents. These become governance dependencies for downstream applications.
Audit-driven changes. Semi-annual IVO audits may result in changes to how frontier developers operate their models, APIs, and data handling practices. Those changes will flow downstream without individual notice to developers building on the platform.
Potential service disruptions. If a frontier developer fails an IVO audit or receives an enforcement action, the operational consequences could affect every application dependent on that provider. Understanding the compliance posture of your AI infrastructure providers becomes an operational necessity.
Preemption complexity. For three years, federal rules would govern AI model development while state laws continue to govern deployment. Businesses operating in multiple states must navigate this dual framework, understanding which obligations apply at which stage of the AI pipeline.
What Happens Next
The bill is a discussion draft. Its sponsors are explicitly seeking feedback before formal introduction. Congress breaks for recess in August. Several dynamics will shape the bill's path:
The House Democratic Commission on AI has already stated the draft "does not meet the enormity of the moment," signaling potential opposition from within the bill's own party. The preemption provision faces resistance from state attorneys general and civil society organizations. The Trump administration's AI policy, which emphasizes deregulation and limiting state AI laws, may create alignment on preemption but tension on mandatory oversight.
Regardless of whether this specific draft becomes law, the requirements it outlines, transparency, independent audits, safety reporting, and whistleblower protection, represent the emerging consensus on what federal AI governance will eventually include. Businesses should prepare for these requirements to arrive in some form.
What ConductAtlas Is Tracking
ConductAtlas monitors governance documents for every major frontier developer named in the bill. As these companies respond to the GAAIA discussion draft, update their governance frameworks, and prepare for potential compliance requirements, those changes will appear in the governance documents ConductAtlas tracks daily.
OpenAI has already published a Frontier Governance Framework mapping its practices to California and EU requirements. Anthropic maintains a Responsible Scaling Policy. Microsoft publishes Responsible AI Standards and annual transparency reports. As federal requirements take shape, ConductAtlas will track how each platform's governance documents evolve to meet them.
Tracking AI Regulatory Compliance
ConductAtlas monitors governance documents across the frontier AI platforms this bill would regulate:
- OpenAI: 360 provisions across 15 documents
- Anthropic: 201 provisions across 8 documents
- Meta: 148 provisions across 10 documents
- Microsoft: 191 provisions across 5 documents
- Google Gemini: 79 provisions across 2 documents
Primary Sources
OpenAI governance documents (ConductAtlas)
Anthropic governance documents (ConductAtlas)
Meta governance documents (ConductAtlas)
Microsoft governance documents (ConductAtlas)
Google Gemini governance documents (ConductAtlas)
The first comprehensive federal AI law is taking shape. Whether the Great American AI Act passes as drafted, passes in modified form, or informs future legislation, the requirements it outlines are coming. The governance documents that ConductAtlas tracks daily are the documents that will change first as frontier developers prepare.