Trump postpones AI security executive order amid industry pushback

The postponed executive order would have formalized pre-release testing access — letting US and UK regulators see frontier models before public deployment. Crucially, a former federal official who reviewed the latest draft said it largely codified existing voluntary cooperation between labs and government, not new obligations. The fact that the order was postponed anyway despite codifying status-quo behavior signals industry sensitivity to ANY formalization that could ratchet over time.
The contrast with California is stark. Governor Newsom signed a first-of-its-kind labor-focused EO this same week (exploring subsidies for firms that don't replace workers with AI), while the federal AI security framework gets paused. State-vs-federal divergence on AI policy is now structural, not episodic — Sacramento moves, Washington pauses. For AI labs, that means navigating a patchwork rather than a single regime.
The security context matters: this week alone saw a max-severity RCE in ChromaDB's FastAPI build, the CISPA study showing third-party 'shadow' LLM APIs misrepresent underlying models (a fake Gemini-2.5 proxy scored 37% on a medical benchmark where the real endpoint scored 84%, affecting 116 of 187 academic papers), and Microsoft launching Rampart/Clarity continuous red-team tools. Each underscores that the LLM stack is materially less audited than the public discourse assumes — and that the case for SOME regulatory testing access is getting stronger, not weaker.
Watch: whether the EO comes back in revised form, whether state AGs (especially California) move to fill the federal vacuum on AI safety testing, and whether the UK presses ahead unilaterally on the pre-release access framework that the joint US-UK draft was built around.