
AI in Legal Practice

Amy Swaner
Calculating...
TL;DR:
Trump’s June 2, 2026 AI Executive Order is the most carefully drafted of his three AI EOs I’ve written about. It is also the most architecturally significant. It builds a federal channel for pre-release access to the most capable AI models — run by NSA, on a classified benchmark — but disclaims any mandatory authority. The architecture will outlive this administration. Whoever holds the switch next decides whether it stays voluntary. The deeper problem is one I have written about three times now: we keep governing AI by presidential signature rather than by statute. A regime that exists by signature dies by signature. Frontier developers, critical-infrastructure operators, and our allies cannot build durable strategy on rules that vanish with the next election.
This is the third Trump-administration AI executive order I’ve written about. In January 2025, it was Executive Order 14179, “Removing Barriers to American Leadership in Artificial Intelligence,” and I warned DOGE was about to hollow out the National Institute of Standards and Technology (NIST) and the new U.S. AI Safety Institute (AISI). In December 2025, it was Executive Order 14365, “Ensuring a National Policy Framework for Artificial Intelligence,” and I argued that pursuing nationwide uniformity through executive directive — a litigation-and-leverage strategy aimed at states — would create more uncertainty than it cleared. Both critiques still stand.

On June 2, 2026, Trump signed Promoting Advanced Artificial Intelligence Innovation and Security. The December Order looked outward, at states. This one looks inward — at federal systems — and outward at the small handful of companies building the most capable AI models on the planet.
Why the Better-Drafted Order Worries Me More
To be fair, the June Order is better drafted, better staffed, and aimed at a real problem in a way the December Order was not. It addresses cybersecurity threats from advanced AI by setting up a clearinghouse and CISA directives. The express disclaimer of mandatory licensing in Section 3(c) is a meaningful guardrail. If I were grading executive orders on craft, the June Order would receive a higher grade than December’s.
That makes the concern about it harder to articulate, and easier to overlook. What concerns me is the architecture the Order leaves behind — a classified federal evaluation channel for the most powerful AI models, designed under one administration and inheritable by every administration that follows. And it is the deeper pattern, which has now repeated three times: we keep governing the most consequential technology of our time by presidential signature rather than by statute.
A regime that exists by signature dies by signature. The first Trump AI EO revoked two of Biden’s on Day 1. A successor administration — of either party — can revoke this one with a stroke of the pen, then build something new in its place. Frontier developers, critical-infrastructure operators, and our allies cannot build durable strategy on rules that vanish with the next election. They are doing so anyway, because they have no alternative.
Consider what happens when we rely entirely on this kind of ad hoc, “honor-system” governance. In April 2026, Sullivan & Cromwell apologized to a federal bankruptcy judge for an emergency motion containing roughly forty AI-generated errors — fabricated citations, wrong volume numbers, and quotations attached to cases that did not contain them. The firm acknowledged it had internal AI policies that were not followed.
If one of the most elite firms in the country, operating under written policies and decades of partner experience, can produce a filing like that, the limits of voluntary compliance are clear. Honor systems fail without structural, verified enforcement. The same logic applies at the federal level. Voluntary frameworks built by executive order have the same limits.
Hold that thought as you read what the Order actually does.
What the Order Actually Does
Four things, in plain English:
• Hardens Federal Defenses: Hardens federal civilian, the Department of Defense (given the second name by Donald Trump of “Department of War”), and National Security Systems against AI-enabled cyber threats. CISA, NSA, OMB, OPM, Treasury, and DOJ lead, mostly on 30- and 60-day clocks.
• Launches a Cybersecurity Clearinghouse: Creates a Treasury-led “AI cybersecurity clearinghouse” to coordinate vulnerability discovery and patching across industry and critical infrastructure — voluntarily.
• Establishes a Pre-Release Gate: Creates a classified NSA benchmark for when an AI model becomes a “covered frontier model,” and invites developers of those models — voluntarily — to give the federal government access for up to 30 days before public release.
• Prioritizes Criminal Enforcement: Directs DOJ to prioritize criminal enforcement under 18 U.S.C. § 1028, § 1030, and § 1343 against actors who use AI to break into systems or commit fraud.
Subscribe to receive analysis, information, and best practices on AI for lawyers.
The Silent Pivot Away From NIST
To me, the most consequential thing about this Order is something it does not announce. Federal AI policy now runs through the intelligence community rather than the standards community.
In January 2025 I worried that DOGE-driven cuts at NIST and AISI would hollow out the government’s capacity to evaluate frontier AI. The June Order does just that — though not the way I expected. The administration did not need to defund NIST. It simply routed around it.
Under Biden’s Executive Order 14110, NIST’s U.S. AI Safety Institute was the federal interface with frontier developers. Labs signed voluntary agreements to share access for safety evaluation. The framing was open: bias, dual-use risks, civil rights, safety. The methodology was public. NIST’s counterparts at the U.K. AISI and the EU AI Office could coordinate with it.
Trump revoked EO 14110 on his first day back in office. The June Order is the realization of his transition. NIST, once considered the gold standard, is named only as a consultant. National Security Administration (NSA) leads, with Cybersecurity and Infrastructure Security Agency (CISA), the National Cyber Director, and the Department of War a/k/a the Department of Defense. The benchmark is classified. The threshold for what counts as a “covered frontier model” will be set inside the IC — never published, never peer-reviewed.
The rebrand reflects more than rhetoric. It signals a fundamental shift in how the administration views this technology. By passing the core responsibilities from a civilian standards agency like NIST to an intelligence agency and a defense department explicitly focused on warfare, the administration is effectively treating advanced AI less as a commercial platform and more as a national-security asset.
This is part of the fragile architecture of EO’s I’m describing. The AI Security Institute (AISI) was a Biden-era institution built by signature. The June Order sidelines it by signature. Whatever NSA builds in its place will be built by signature. None of these rests on a statute. Likewise, none of these has to survive 2029.
The real costs to the shift, beyond the by-signature problem:
• Measuring success will be hard if not impossible. This plan includes a classified benchmark. But a classified benchmark cannot be peer-reviewed, replicated by independent researchers, or used to drive system-wide commercial standards.
• The U.S. can’t speak with allies about methods. The U.S. position at the OECD, the G7, the UN, and the Seoul/Bletchley network of AI safety institutes is instantly weaker, because the lead U.S. agency cannot speak publicly about its methods.
• Conflict of interest. NSA both develops offensive AI cyber capabilities and now defines what counts as a powerful AI model. That’s a massive concentration of authority for governing a powerful technology, and it desperately deserves congressional oversight.
Voluntary Today, Mandatory Tomorrow?
The most architecturally significant thing the Order does is build a federal channel for pre-release access to the most capable AI models — and then disclaim it.
Section 3(b) tells NSA, Treasury, and CISA to design a voluntary framework: developers can engage the government to determine whether a model qualifies as “covered,” can provide pre-release access for up to 30 days, and can collaborate on selecting trusted early-access partners. (Earlier drafts apparently called for 90 days; the 30 was the compromise that got the Order signed.) Section 3(c) then expressly disclaims any mandatory licensing or preclearance regime.
If you’ve ever drafted a contract that started “For the avoidance of doubt, nothing herein shall…,” you already understand Section 3(c). You don’t disclaim a power you didn’t nearly create.
This is the second piece of that architecture. The Section 3(b) channel will exist whether the next President favors red, blue, or something none of us have heard of yet. Building the channel is the hard part. Flipping the switch from “voluntary” to “mandatory”? That’s easy. The disclaimer in Section 3(c) holds only as long as the Order itself holds — and executive orders do not always hold for long, just as former President Biden.
Note that this is not a partisan observation. It would be equally true if a Democratic president had built this architecture. Once the pipeline exists, the next time a frontier model is implicated in a major cyber incident — or in election interference, or in a critical-infrastructure attack — the political pressure to make participation mandatory will be enormous.
A Frontier Lab’s Dilemma
Consider what happens to a frontier lab — OpenAI, Anthropic, Google DeepMind, xAI, or Meta — preparing a major release in late 2026. Under the Order, the lab is invited (voluntarily) to engage NSA early to determine whether the model qualifies as “covered.” If it does, the lab is invited (voluntarily) to provide 30 days of pre-release access under confidentiality, cybersecurity, insider-risk, and IP terms as yet undefined.
Counsel has to advise on at least:
• The Upside: Goodwill with the intelligence community, a public claim of responsible release, and possibly some real technical value if the NSA finds genuine vulnerabilities.
• The Downside: 30 days of lost release-cycle time, exposure of pre-release internals to an agency with its own offensive cyber mission, and an institutional precedent that may be cited against the lab later.
• The Confidentiality Terms: Stronger protection from public disclosure than a NIST agreement offered, but weaker protection from intra-government use of the lab’s proprietary information.
• The Cost of Declining: Officially nothing. But, the lab might be the only one without a public answer when the next congressional hearing asks who is “participating in the President’s voluntary framework.”
These questions will be answered model by model, lab by lab, with very little public visibility. That is the practical effect of a “voluntary” federal regime backed by classified evaluation — and created entirely by signature.
Geopolitical Fallout
In my January 2025 article I flagged that a U.S. retreat from structured AI governance — the Paris AI declaration, the U.K.’s decision to delay its AI rules to align with the U.S. — would fragment international standards and complicate compliance for U.S. companies operating abroad. The June Order deepens that retreat.
The new Digital Omnibus on AI Regulation (successor to the EU AI Act) requires transparency, documentation, and systemic-risk evaluation for general-purpose AI models, through open civilian standard-setting. The U.S. counterpart is now a classified NSA benchmark that by definition cannot be cross-walked to the EU regime in any public way. A U.S. lab participating in the federal voluntary framework gains no portable credit toward EU AI compliance, and an EU regulator cannot independently verify what the U.S. benchmark measures. Our allies are governing AI by legislation. We are governing it by directive.
Best Practices
For lawyers advising clients in the wake of the June Order, best practices depend heavily on who you represent:
• For Frontier Developers: If your client could plausibly develop a “covered frontier model,” (first, be thankful for a well-funded client, and then) start negotiating the confidentiality, insider-risk, and IP terms for any voluntary access arrangement. The classified threshold is not public, but the population of likely candidates is small and well-known.
• For Critical Infrastructure Operators: If your client runs critical infrastructure — hospitals, community banks, utilities, water systems, or telecom infrastructure — track the forthcoming CISA Binding Operational Directives and the Treasury clearinghouse. Both could change vendor diligence, incident-response obligations, and indemnification posture.
• For Multinational Clients: Maintain separate compliance tracks. Assume U.S. and EU AI frameworks will not align in this administration. Do not assume U.S. participation in any voluntary federal framework provides an ounce of credit toward EU AI Act or U.K. obligations.
• For General Corporate Compliance: Document everything. Voluntary federal evaluations that produce no public record can still produce private liability — and the next administration may treat “participated” and “did not participate” very differently.
• For Litigators: Keep monitoring state AI laws. The December Order’s litigation-and-leverage strategy has not cleared the field. Until Congress acts, state laws remain the most likely source of binding obligations for most clients.

The Role of Congress
For those of us who write about AI governance, the June Order is the third reminder in eighteen months that the United States still does not have a coherent statutory framework for the most consequential technology of our time — as if any of us needed a reminder. We have a December EO pressuring states. We have a June EO inviting frontier developers into a classified evaluation channel. We have a National Cyber Strategy, an AI Action Plan, the Genesis Mission, an AI export framework, an anti-“woke AI” directive, and a pediatric-cancer-AI directive.
And yet, we still do not have a federal statute.
If lawyers and policymakers want a national AI framework that will outlast the next election, the answer is the one I have written each of the last three times. Congress should debate and enact a durable AI framework. And courts should remain the backstop, not the engine, of AI governance.
The June 2026 EO, well-drafted, well-staffed, narrowly scoped, is still an executive order at the end of the day. It can quickly be undone by the next person who occupies the desk.
© 2026 Amy Swaner. All Rights Reserved. May use with attribution and link to article.
More Like This

President Trump’s Most Recent AI Executive Order Is More Concerning Than His Last Two
The June 2026 AI Executive Order marks a major shift in U.S. AI oversight, but its greatest weakness is that it can be undone as easily as it was created.

What the Musk?
Musk v. Altman Can Teach Lawyers A Lot About the “Just In Case” Rule of Document Retention

9 Privacy Myths About Attorney-Client Confidentiality with AI Tools
Misinformation about AI and client confidentiality persists in the legal profession, but the key question is whether lawyers know how to properly vet and govern the technology they use.