New Bipartisan House AI Framework Seeks Federal Standard and Preempts State AI Rules

What the Bill Actually Does

The framework targets what lawmakers call “top AI developers” — think OpenAI, Anthropic, Google DeepMind — and places three core obligations on them.

First, companies must create and implement plans to address catastrophic risks posed by their advanced models, including AI-enabled cybersecurity threats. Second, third-party auditors would verify compliance with those plans. Third, developers must disclose safety and security risks tied to new model releases.

The bill also formally establishes the Center for AI Standards and Innovation (CAISI) — an office within NIST’s Commerce Department — and authorizes $300 million over three years to fund it. CAISI already works with major AI labs on voluntary model evaluations. This bill would give that arrangement legal teeth.

There’s a cybersecurity angle too. CAISI and CISA would be required to support the security of open-source code, including giving eligible US-based software maintainers access to frontier AI models capable of finding and fixing security vulnerabilities.

The Preemption Fight Is the Real Story

Here’s where things get complicated.

The bill would preempt state AI laws — including recently passed legislation in California, New York, and Illinois designed to rein in cutting-edge AI developers. A three-year sunset provision would allow states to eventually resume regulating advanced AI development, but critics argue that’s not enough.

Brad Carson, president of Americans for Responsible Innovation, put it bluntly: the proposal would turn

“the current floor on state AI regulation” into a ceiling.

He called it “a generational mistake.”

Brendan Steinhauser of the Alliance for Secure AI praised the bipartisan approach but said the bill “falls short” by blocking states from going further. His position — shared by many critics — is that Congress should set a federal floor, not a federal ceiling.

Even Republican governors aren’t on board. Ron DeSantis called a similar proposed moratorium on state AI rules “AI amnesty.” Florida’s GOP gubernatorial frontrunner Rep. Byron Donalds publicly broke with President Trump on the preemption question.

Why Trahan Is Taking the Political Risk

Rep. Trahan’s decision to co-author this bill with a Republican has drawn real blowback — from state lawmakers in her home state of Massachusetts, from New York legislators, and from AI safety advocates within her own party.

She’s co-chair of the House Democratic messaging arm and is reportedly eyeing a future leadership role. Pushing a bipartisan AI deal — even a contentious one — signals she’s willing to govern from the center on tech policy.

The political calculus is clear: get something done before the midterms, or watch the window close entirely.

The Trump Administration’s Fingerprints

This bill doesn’t exist in a vacuum. It reflects an attempt to merge Trump’s broadly light-touch regulatory philosophy with Obernolte’s push for a structured bipartisan framework.

Just days before the draft dropped, Trump signed an executive order asking AI companies to voluntarily submit powerful new models for government cybersecurity review 30 days before public release. In March, the White House sent Congress an AI blueprint that sought to preempt state laws governing model development.

House Speaker Mike Johnson has already expressed support for federal preemption. The administration’s direction is clear — and this bill largely tracks it.

What It Means for AI Developers and Builders

If you’re building with or on top of frontier AI models, this framework matters in several ways.

Compliance costs go up for top developers. Safety plans, third-party audits, and risk disclosures aren’t free. Expect those costs to filter down through API pricing and partnership terms.

The regulatory environment becomes more predictable — at least temporarily. A federal standard, even an imperfect one, is easier to navigate than 50 different state regimes. For startups and enterprise teams deploying AI, that clarity has real operational value.

Cybersecurity gets elevated. The bill’s focus on AI-enabled cyber threats and open-source security support signals that security-aware AI development is becoming a compliance expectation, not just a best practice.

The three-year state preemption window is a countdown. Developers operating under a federal standard today should plan for a more complex, multi-jurisdictional landscape by 2029.

Who’s Watching — and Who’s Pushing Back

Tech trade association NetChoice praised the bill as a “strong” bipartisan framework, particularly its creation of a federal developer standard, while flagging concerns about audit and data-sharing provisions.

Democrats are still sorting out their official AI policy positions through the Democratic Commission on AI — a partisan working group formed after Speaker Johnson declined to renew the bipartisan AI task force from the previous Congress.

Reps. Suhas Subramanyam, Scott Peters, Scott Franklin, and Erin Houchin are expected to sign on to the framework, broadening its bipartisan footprint.

The Bottom Line

This bill is the most serious attempt yet to create a unified federal AI governance structure in the United States. It addresses real risks — catastrophic model failures, cybersecurity threats, open-source vulnerabilities — and it brings both parties to the table.

But the preemption fight reveals a deeper tension: whether federal AI regulation becomes a floor that protects people or a ceiling that protects companies.

That question won’t be resolved in this draft. It’ll be resolved in the months of negotiation, lobbying, and political maneuvering that follow.

Watch this space closely. The rules governing AI in America are being written right now — and the window to influence them is narrowing fast.