- Bipartisan Draft: Representatives Jay Obernolte and Lori Trahan release the bipartisan discussion draft of the Great American AI Act (GAAIA), aiming to unify the US artificial intelligence regulatory framework.
- Federal Preemption: The draft proposes a three-year federal preemption sunset on state-level AI development regulations, overriding laws like California's SB 53 and AB 2013.
- Scope Split: While model training and development standards fall under exclusive federal oversight, state-level regulations on downstream model deployment remain active.
- Compliance Registry: Developers of frontier models exceeding $100 million in training budget must submit technical specs, safety evaluations, and data sourcing logs to the NIST AI Safety Institute.
STRATEGIC OVERVIEW
Great American AI Act Draft: 3-Year Federal Preemption of State Model Laws By Vatsal Shah · June 4, 2026 · Regulation --- What Happened On June 4, 2026, U.S.
Great American AI Act Draft: 3-Year Federal Preemption of State Model Laws
By Vatsal Shah · June 4, 2026 · Regulation
What Happened
On June 4, 2026, U.S. Representatives Jay Obernolte (R-CA) and Lori Trahan (D-MA) released the discussion draft of the Great American AI Act (GAAIA). The draft legislation represents a bipartisan effort to address the growing conflict between federal policy and state-level artificial intelligence regulations. By establishing a unified federal standard, the Act seeks to replace the current patchwork of state laws with a single national framework.
The core of the draft legislation is a three-year federal preemption sunset on state laws regulating AI model development. This provision would temporarily override state-level mandates concerning model training, data sourcing disclosures, and safety testing guidelines, including California's SB 53 and AB 2013. The preemption period is intended to give Congress time to evaluate a permanent federal framework without placing a double burden of compliance on domestic technology companies.
However, the draft preserves state authority over downstream model deployment. While the federal government oversees model development, states retain the power to regulate specific applications of AI within their jurisdictions, such as AI use in healthcare, hiring practices, and financial evaluations. This compromise aims to balance the need for national development standards with local consumer protection goals.
Technical/Regulatory Comparison
To understand how the Great American AI Act compares to existing state frameworks and international standards, we can evaluate their regulatory boundaries and compliance requirements:
| Regulatory Feature | California State Laws (SB 53 / AB 2013) | Great American AI Act (GAAIA Draft) | European Union AI Act (GPAI Standards) |
|---|---|---|---|
| Jurisdictional Boundary | State of California (with extraterritorial impact) | Federal (United States National Territory) | European Union Member States |
| Preemption Scope | None (acts as a local baseline) | Overrides state development rules for 3 years | Unifies all member state General Purpose AI laws |
| High-Risk Threshold | Domain-specific application risks | Compute-based ($100M+ budget or $10^{26}$ FLOPS) | Compute-based ($10^{25}$ FLOPS) + Systemic Risk |
| Training Disclosures | Detailed public logs of training datasets | Confidential registration with the NIST AISI | Detailed public documentation for down-stream users |
| Safety Testing Requirements | Mandatory red-teaming for specific domains | NIST-certified safety evaluations and reports | Red-teaming, evaluations, and incident tracking |
| Primary Enforcement | California Attorney General | Federal Trade Commission (FTC) & NIST | EU AI Office and National Authorities |
| Fines & Sanctions | Up to $2,500 per violation | Up to $10,000,000 or 2% of annual revenue | Up to €35,000,000 or 7% of annual revenue |
Why It Matters
The Great American AI Act's preemption provision is designed to resolve a growing challenge for software developers: navigating conflicting state regulations. Over the past year, multiple states have introduced distinct AI safety and disclosure rules. For companies deploying models nationwide, managing these varying requirements has added significant operational complexity.
Simplifying the Compliance Landscape
Under GAAIA, companies would register their models with a single federal entity—the NIST AI Safety Institute (AISI)—rather than filing separate compliance disclosures in multiple states. This federal standard provides a clear path forward for developers, helping them direct resources toward core safety evaluations rather than administrative overhead.
For corporate security leaders, this federal baseline simplifies the process of auditing third-party models. Rather than evaluating compliance against a shifting array of state guidelines, organizations can use the NIST registration standards to verify model safety. This structured approach helps companies safely manage the integration of new technologies, a process we outline in our guide on Surviving Shadow AI: Architecting Enterprise Governance.
Preparing for International Compatibility
By aligning its compute-based risk thresholds with international guidelines, GAAIA makes it easier for U.S. developers to coordinate compliance across borders. This alignment is particularly relevant for companies that also need to navigate the EU AI Act GPAI Enforcement Milestones.
To support this compliance workflow, enterprise platform teams can build automated scripts to verify that incoming third-party models meet these federal disclosure requirements. The following TypeScript helper demonstrates how an engineering team might audit model metadata against the GAAIA registration specifications:
import { promises as fs } from 'fs';
interface ModelRegistrationInfo {
modelName: string;
trainingFlops: number;
datasetSizeGb: number;
safetyEvaluations: string[];
nistAttestation: boolean;
}
class ComplianceAuditor {
// Threshold defined under GAAIA for frontier class oversight
private static FLOP_THRESHOLD = 1e26;
public async auditModel(manifestPath: string): Promise<boolean> {
console.log(`[Auditor] Opening model manifest at: ${manifestPath}`);
try {
const data = await fs.readFile(manifestPath, 'utf8');
const manifest = JSON.parse(data) as ModelRegistrationInfo;
console.log(`[Auditor] Inspecting: ${manifest.modelName}`);
console.log(`[Auditor] Training compute: ${manifest.trainingFlops.toExponential()} FLOPS`);
// Verify if model exceeds frontier threshold
if (manifest.trainingFlops >= ComplianceAuditor.FLOP_THRESHOLD) {
console.warn(`[WARNING] Model exceeds frontier compute threshold. Verification required.`);
if (!manifest.nistAttestation) {
console.error(`[COMPLIANCE FAIL] NIST AISI registration attestation is missing.`);
return false;
}
if (manifest.safetyEvaluations.length === 0) {
console.error(`[COMPLIANCE FAIL] Safety evaluations log is empty.`);
return false;
}
}
console.log(`[COMPLIANCE PASS] ${manifest.modelName} meets federal baseline.`);
return true;
} catch (error) {
console.error('[Error] Failed to complete compliance audit:', error);
return false;
}
}
}
// Instantiate and execute the compliance audit
const auditor = new ComplianceAuditor();
auditor.auditModel('/var/manifests/claude-5-fable.json');
What to Watch Next
As the discussion draft circulates, the focus will turn to congressional committee reviews. Bipartisan sponsors plan to introduce the bill to the House Committee on Energy and Commerce later this summer.
The primary debate is expected to center on the preemption timeline. Some state legislators and consumer advocacy groups argue that a three-year preemption period could limit state-level consumer protections. Conversely, industry coalitions are advocating for a permanent preemption clause to prevent the return of state-level patches once the sunset period expires.
Source
Representative Lori Trahan: Bipartisan Discussion Draft of the Great American AI Act · NIST: AI Safety Institute Registration Guidelines and Standards
