White House Framework for AI Regulation to Set the Stage for Congress

President Trump has released a framework for AI regulation for Congress.  The Press Release states:

The Trump Administration is committed to winning the AI race to usher in a new era of human flourishing, economic competitiveness, and national security for the American people. Achieving these goals requires a commonsense national policy framework that both enables American industry to innovate and thrive and ensures that all Americans benefit from this technological revolution.

The Administration recognizes that some Americans feel uncertain about how this transformative technology will affect issues they care about, like their children’s wellbeing or their monthly electricity bill. These issues, along with other emerging AI policy considerations, require strong Federal leadership to ensure the public’s trust in how AI is developed and used in their daily lives.

Today, the Trump Administration is demonstrating that leadership by issuing a comprehensive national legislative framework  that addresses the most pressing policy topics that AI presents. This framework addresses six key objectives:

1. Protecting Children and Empowering Parents: Parents are best equipped to manage their children’s digital environment and upbringing. The Administration is calling on Congress to give parents tools to effectively do that, such as account controls to protect their children’s privacy and manage their device use. The Administration also believes that AI platforms likely to be accessed by minors should implement features to reduce potential sexual exploitation of children or encouragement of self-harm.
2. Safeguarding and Strengthening American Communities: AI development should strengthen American communities and small businesses through economic growth and energy dominance. The Administration believes that ratepayers should not foot the bill for data centers, and is calling on Congress to streamline permitting so that data centers can generate power on site, enhancing grid reliability. Congress should also augment Federal government ability to combat AI-enabled scams and address AI national security concerns.
3. Respecting Intellectual Property Rights and Supporting Creators: The creative works and unique identities of American innovators, creators, and publishers must be respected in the age of AI. Yet, for AI to improve it must be able to make fair use of what it learns from the world it inhabits. The Administration is proposing an approach that achieves both of these objectives, enabling AI to thrive while ensuring Americans’ creativity continues propelling our country’s greatness.
4. Preventing Censorship and Protecting Free Speech: The Federal government must defend free speech and First Amendment protections, while preventing AI systems from being used to silence or censor lawful political expression or dissent. AI cannot become a vehicle for government to dictate right and wrong-think. The Administration is proposing guardrails to ensure that AI can pursue truth and accuracy without limitation.
5. Enabling Innovation and Ensuring American AI Dominance: The Administration is  calling on Congress to take steps to remove outdated or unnecessary barriers to innovation, accelerate the deployment of AI across industry sectors, and facilitate broad access to the testing environments needed to build and deploy world-class AI systems.
6. Educating Americans and Developing an AI-Ready Workforce: The Administration wants American workers to participate in and reap the rewards of AI-driven growth, encouraging Congress to further workforce development and skills training programs, expanding opportunities across sectors and creating new jobs in an AI-powered economy.

Importantly, this framework can succeed only if it is applied uniformly across the United States. A patchwork of conflicting state laws would undermine American innovation and our ability to lead in the global AI race.

The Federal government is uniquely positioned to set a consistent national policy that enables us to win the AI race and deliver its benefits to the American people, while effectively addressing the policy challenges that accompany this transformative technology. The Administration looks forward to working with Congress in the coming months to turn this framework into legislation that the President can sign.

U.S. Government Accountability Office Report on AI Privacy Risks

The U.S. Government Accountability Office has released a report concerning privacy risks associated with utilizing AI in the federal government.  The privacy risks raised by experts include:

 

Risks Associated with Protecting Privacy When Using AI

The experts identified 10 key risks related to privacy when using AI, including potential invasions of privacy from data aggregation and the use of data for purposes exceeding what was originally intended. Table 1 identifies the 10 risks and associated descriptions.

Table 1: Expert-Identified Risks Associated with Protecting Privacy When Using Artificial Intelligence (AI)

Risk name	Associated risk description
Data persistence	Data may continue to exist in AI systems and be difficult to extract/remove once collected.
Data re-identification	AI has the ability to cross-reference multiple data sets from seemingly independent and anonymous outputs to reidentify anonymized data.a
Generation of deceptive or inaccurate outputs	AI may be used to intentionally or unintentionally generate deceptive outputs (e.g., deepfakes) or inaccurate outputs (e.g., hallucinations)b that may result in harm towards individuals.
Improper disclosure	AI can reveal and cause improper sharing of individuals’ data when it infers additional sensitive information from raw data.
Increased accessibility to sensitive information	AI can make sensitive information more accessible to a wider audience (e.g., data brokers) than intended.
Invasion of privacy from data aggregation	AI may combine various pieces of data about a person to make inferences beyond what is explicitly captured in those data (e.g., social scoring),c which can invade an individuals’ personal space and solitude by revealing private information (e.g., health-related, financial, location).
Lack of security over data	Inadequate AI data requirements and storage practices can result in data breaches and improper access.
Lack of transparency related to data use	AI may be used without providing individuals with notice and control over how their data is being used.
Lack of transparency in AI model algorithmic decision-making	The workings of AI models could include decisions based on individual data that one is unaware of and that can lead to privacy risks.
Secondary use of data	The use of personal data for purposes other than originally intended can be exacerbated by AI’s ability to repurpose data.

 

New US DOJ Corporate Enforcement Policy

The U.S. Department of Justice has released a Corporate Enforcement Policy concerning national security which allows U.S. corporations to voluntarily disclose violating white collar crime rules, including importantly, export control laws, and avoid prosecution (except in limited circumstances).  The Press Release states:

The mission of the Department of Justice’s National Security Division (NSD) is to protect and defend the United States against the full range of national security threats, consistent with the rule of law. Business organizations and their employees are at the forefront of protecting the national security of the United States by preventing the unlawful export of sensitive commodities, technologies, and services, as well as unlawful transactions with sanctioned countries and designated individuals and entities. Enforcing our export control and sanctions laws, and holding accountable those who violate them, is a top priority for NSD.

On March 10, 2026, the Department released its first-ever Department-wide corporate enforcement policy (CEP) for criminal matters, promoting uniformity, predictability, and fairness in how it pursues white-collar cases to protect the American people.

As the announcement explains, the “Department-wide CEP provides concrete benefits to incentivize companies to voluntarily disclose discovered misconduct, cooperate with our investigations, and timely and appropriately remediate the wrongdoing. For companies that do, absent certain limited aggravating circumstances, the Department will decline to prosecute the company. Incentivizing corporate self-disclosures — while still permitting prosecutions in appropriate circumstances — allows the Department to quickly pursue culpable individuals, secure justice for victims, and deter white-collar crime, all while not unduly burdening American businesses.”

Under the CEP, “disclosure must be made to the appropriate component of the Department,” CEP n.5, and all resolutions under the CEP “must be approved by the Assistant Attorney General (AAG) for the relevant Division.” CEP Background ¶ 4. The CEP also provides that a “[g]ood faith disclosure to one component where the matter is later brought to another appropriate component for investigation will also qualify” for declination. CEP n.5

As pertaining to national security laws, the Justice Manual (JM) assigns the “enforcement of all criminal laws affecting, involving or relating to the national security, and the responsibility for prosecuting criminal offenses, such as conspiracy, perjury and false statements, arising out of offenses related to national security . . . to the AAG of NSD.” JM § 9-90.010.

The scope of these matters, which includes violations of the U.S. government’s primary export control and sanctions regimes — the Arms Export Control Act (AECA), 22 U.S.C. § 2778, the Export Control Reform Act (ECRA), 50 U.S.C. § 4801 et seq., and the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. § 1701 et seq. – can be found at JM § 9-90.020.

While the conduct of business organizations and their employees has the greatest potential to implicate U.S. national security interests in the enforcement of export control and sanctions laws, the conduct of business organizations and their employees can also violate other U.S. national security laws, including laws prohibiting material support to and financing of foreign terrorist organizations, criminal violations in connection with the work of the Committee on Foreign Investment in the United States (CFIUS), and the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (Team Telecom). Companies are encouraged to voluntarily self-disclose to NSD any potential criminal violations of U.S. law relating to matters conducted, handled, or supervised by the NSD AAG.

All voluntary self-disclosures concerning potential criminal violations of U.S. national security laws should be sent, with the company name in the subject line, to NSD’s email inbox for voluntary self‑disclosures: NSD.VSD@usdoj.gov.