President Trump is expected to sign an executive order on Thursday pairing AI oversight with cybersecurity, establishing a voluntary framework that would require developers of frontier models to share their systems with the federal government 90 days before any public release.
Why it matters
A 90-day pre-release disclosure window puts the federal government inside the development cycle of any company shipping large models, but the voluntary framing keeps the regime short of the binding pre-deployment testing mandate that a portion of the AI safety community had pushed for. The order effectively uses procurement and federal contracting leverage — not statute — to set the floor on what "responsible release" means for labs that want to keep selling into the US government.
Market impact
Frontier-model developers, the major hyperscalers, and the cybersecurity vendors that wrap model deployments will all be reading the fine print, since the practical effect of "voluntary" is set by whether federal procurement language adopts the framework as a baseline requirement. Watch the next round of federal AI solicitations: the procurement appendices will be the first live read on whether the 90-day window is being treated as a hard gate.
Frequently asked questions
-
What does Trump's new AI executive order actually require?
It establishes a voluntary framework requiring developers of frontier AI models to share their systems with the federal government 90 days before any public release. Compliance is meant to be enforced through federal procurement leverage, not statute.
-
Is the 90-day disclosure rule mandatory or voluntary?
The framework is described as voluntary, but the practical effect depends on whether federal AI procurement contracts adopt it as a baseline requirement. A voluntary rule embedded in federal contracting language can function as a de facto mandate for any vendor selling into government.
-
Who does the executive order apply to?
The 90-day pre-release disclosure window targets developers of frontier models — the large-scale systems from major labs and hyperscalers — rather than the broader population of AI developers or downstream deployers.
-
Why pair AI oversight with cybersecurity in one order?
The administration is signalling that frontier-AI risk and critical-infrastructure defense are being treated as a single policy track, with model security, software supply chain integrity, and pre-deployment review handled under one framework.
-
How will the order be enforced if it's voluntary?
Enforcement runs through federal procurement — agencies can require the 90-day disclosure and security review as a condition of awarding AI-related contracts, making the framework effectively binding for any company that wants federal business.