White House Framework for AI Regulation to Set the Stage for Congress

President Trump has released a framework for AI regulation for Congress.  The Press Release states:

The Trump Administration is committed to winning the AI race to usher in a new era of human flourishing, economic competitiveness, and national security for the American people. Achieving these goals requires a commonsense national policy framework that both enables American industry to innovate and thrive and ensures that all Americans benefit from this technological revolution.

The Administration recognizes that some Americans feel uncertain about how this transformative technology will affect issues they care about, like their children’s wellbeing or their monthly electricity bill. These issues, along with other emerging AI policy considerations, require strong Federal leadership to ensure the public’s trust in how AI is developed and used in their daily lives.

Today, the Trump Administration is demonstrating that leadership by issuing a comprehensive national legislative framework  that addresses the most pressing policy topics that AI presents. This framework addresses six key objectives:

1. Protecting Children and Empowering Parents: Parents are best equipped to manage their children’s digital environment and upbringing. The Administration is calling on Congress to give parents tools to effectively do that, such as account controls to protect their children’s privacy and manage their device use. The Administration also believes that AI platforms likely to be accessed by minors should implement features to reduce potential sexual exploitation of children or encouragement of self-harm.
2. Safeguarding and Strengthening American Communities: AI development should strengthen American communities and small businesses through economic growth and energy dominance. The Administration believes that ratepayers should not foot the bill for data centers, and is calling on Congress to streamline permitting so that data centers can generate power on site, enhancing grid reliability. Congress should also augment Federal government ability to combat AI-enabled scams and address AI national security concerns.
3. Respecting Intellectual Property Rights and Supporting Creators: The creative works and unique identities of American innovators, creators, and publishers must be respected in the age of AI. Yet, for AI to improve it must be able to make fair use of what it learns from the world it inhabits. The Administration is proposing an approach that achieves both of these objectives, enabling AI to thrive while ensuring Americans’ creativity continues propelling our country’s greatness.
4. Preventing Censorship and Protecting Free Speech: The Federal government must defend free speech and First Amendment protections, while preventing AI systems from being used to silence or censor lawful political expression or dissent. AI cannot become a vehicle for government to dictate right and wrong-think. The Administration is proposing guardrails to ensure that AI can pursue truth and accuracy without limitation.
5. Enabling Innovation and Ensuring American AI Dominance: The Administration is  calling on Congress to take steps to remove outdated or unnecessary barriers to innovation, accelerate the deployment of AI across industry sectors, and facilitate broad access to the testing environments needed to build and deploy world-class AI systems.
6. Educating Americans and Developing an AI-Ready Workforce: The Administration wants American workers to participate in and reap the rewards of AI-driven growth, encouraging Congress to further workforce development and skills training programs, expanding opportunities across sectors and creating new jobs in an AI-powered economy.

Importantly, this framework can succeed only if it is applied uniformly across the United States. A patchwork of conflicting state laws would undermine American innovation and our ability to lead in the global AI race.

The Federal government is uniquely positioned to set a consistent national policy that enables us to win the AI race and deliver its benefits to the American people, while effectively addressing the policy challenges that accompany this transformative technology. The Administration looks forward to working with Congress in the coming months to turn this framework into legislation that the President can sign.

U.S. Government Accountability Office Report on AI Privacy Risks

The U.S. Government Accountability Office has released a report concerning privacy risks associated with utilizing AI in the federal government.  The privacy risks raised by experts include:

 

Risks Associated with Protecting Privacy When Using AI

The experts identified 10 key risks related to privacy when using AI, including potential invasions of privacy from data aggregation and the use of data for purposes exceeding what was originally intended. Table 1 identifies the 10 risks and associated descriptions.

Table 1: Expert-Identified Risks Associated with Protecting Privacy When Using Artificial Intelligence (AI)

Risk name	Associated risk description
Data persistence	Data may continue to exist in AI systems and be difficult to extract/remove once collected.
Data re-identification	AI has the ability to cross-reference multiple data sets from seemingly independent and anonymous outputs to reidentify anonymized data.a
Generation of deceptive or inaccurate outputs	AI may be used to intentionally or unintentionally generate deceptive outputs (e.g., deepfakes) or inaccurate outputs (e.g., hallucinations)b that may result in harm towards individuals.
Improper disclosure	AI can reveal and cause improper sharing of individuals’ data when it infers additional sensitive information from raw data.
Increased accessibility to sensitive information	AI can make sensitive information more accessible to a wider audience (e.g., data brokers) than intended.
Invasion of privacy from data aggregation	AI may combine various pieces of data about a person to make inferences beyond what is explicitly captured in those data (e.g., social scoring),c which can invade an individuals’ personal space and solitude by revealing private information (e.g., health-related, financial, location).
Lack of security over data	Inadequate AI data requirements and storage practices can result in data breaches and improper access.
Lack of transparency related to data use	AI may be used without providing individuals with notice and control over how their data is being used.
Lack of transparency in AI model algorithmic decision-making	The workings of AI models could include decisions based on individual data that one is unaware of and that can lead to privacy risks.
Secondary use of data	The use of personal data for purposes other than originally intended can be exacerbated by AI’s ability to repurpose data.

 

New US DOJ Corporate Enforcement Policy

The U.S. Department of Justice has released a Corporate Enforcement Policy concerning national security which allows U.S. corporations to voluntarily disclose violating white collar crime rules, including importantly, export control laws, and avoid prosecution (except in limited circumstances).  The Press Release states:

The mission of the Department of Justice’s National Security Division (NSD) is to protect and defend the United States against the full range of national security threats, consistent with the rule of law. Business organizations and their employees are at the forefront of protecting the national security of the United States by preventing the unlawful export of sensitive commodities, technologies, and services, as well as unlawful transactions with sanctioned countries and designated individuals and entities. Enforcing our export control and sanctions laws, and holding accountable those who violate them, is a top priority for NSD.

On March 10, 2026, the Department released its first-ever Department-wide corporate enforcement policy (CEP) for criminal matters, promoting uniformity, predictability, and fairness in how it pursues white-collar cases to protect the American people.

As the announcement explains, the “Department-wide CEP provides concrete benefits to incentivize companies to voluntarily disclose discovered misconduct, cooperate with our investigations, and timely and appropriately remediate the wrongdoing. For companies that do, absent certain limited aggravating circumstances, the Department will decline to prosecute the company. Incentivizing corporate self-disclosures — while still permitting prosecutions in appropriate circumstances — allows the Department to quickly pursue culpable individuals, secure justice for victims, and deter white-collar crime, all while not unduly burdening American businesses.”

Under the CEP, “disclosure must be made to the appropriate component of the Department,” CEP n.5, and all resolutions under the CEP “must be approved by the Assistant Attorney General (AAG) for the relevant Division.” CEP Background ¶ 4. The CEP also provides that a “[g]ood faith disclosure to one component where the matter is later brought to another appropriate component for investigation will also qualify” for declination. CEP n.5

As pertaining to national security laws, the Justice Manual (JM) assigns the “enforcement of all criminal laws affecting, involving or relating to the national security, and the responsibility for prosecuting criminal offenses, such as conspiracy, perjury and false statements, arising out of offenses related to national security . . . to the AAG of NSD.” JM § 9-90.010.

The scope of these matters, which includes violations of the U.S. government’s primary export control and sanctions regimes — the Arms Export Control Act (AECA), 22 U.S.C. § 2778, the Export Control Reform Act (ECRA), 50 U.S.C. § 4801 et seq., and the International Emergency Economic Powers Act (IEEPA), 50 U.S.C. § 1701 et seq. – can be found at JM § 9-90.020.

While the conduct of business organizations and their employees has the greatest potential to implicate U.S. national security interests in the enforcement of export control and sanctions laws, the conduct of business organizations and their employees can also violate other U.S. national security laws, including laws prohibiting material support to and financing of foreign terrorist organizations, criminal violations in connection with the work of the Committee on Foreign Investment in the United States (CFIUS), and the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector (Team Telecom). Companies are encouraged to voluntarily self-disclose to NSD any potential criminal violations of U.S. law relating to matters conducted, handled, or supervised by the NSD AAG.

All voluntary self-disclosures concerning potential criminal violations of U.S. national security laws should be sent, with the company name in the subject line, to NSD’s email inbox for voluntary self‑disclosures: NSD.VSD@usdoj.gov.

Regulating AI: A Thoughtful Approach?

Tom Wheeler at the Brookings Institution has published an excellent short paper titled, “Governing the AI Transition: Lessons from the 1996 Telecommunications Act.”  Mr. Wheeler states, in part:

The relevance of the Telecom Act of ’96 to the policy challenges of AI is not because AI is telecom, but because technological transitions produce bottlenecks that become the birthplace of durable private power. 

In 1996, Congress sought to legislate a transition by prioritizing competition. Now, in the AI era, we face an even more consequential transition. The stakes are not merely market structure or consumer pricing. The stakes extend to labor markets, intellectual property, national security, democracy, and the control of the tools of knowledge itself. 

The paper is available, here. 

US FTC Sends Letter to Data Brokers concerning Disclosing Sensitive Data to Foreign Adversaries

The Federal Trade Commission has sent a warning letter to Data Brokers about violating the Protecting Americans’ Data from Foreign Adversaries Act of 2024.  The FTC Press Release states, in part:

The Federal Trade Commission sent letters to 13 data brokers warning them of their responsibility to comply with the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (PADFAA).

PADFAA prohibits data brokers from selling, releasing, disclosing, or providing access to personally identifiable sensitive data about Americans to any foreign adversary, which include North Korea, China, Russia, and Iran, or any entity controlled by those countries. The law defines personally identifiable sensitive data to include health, financial, genetic, biometric, geolocation, and sexual behavior information as well as account or device log-in credentials and government-issued identifiers such as Social Security, passport, or driver’s license numbers.

“The FTC is committed to enforcing PADFAA and ensuring companies are complying with its requirements,” said Christopher Mufarrige, Director of the FTC’s Bureau of Consumer Protection. “These letters should send a message to all data brokers to be aware of the law’s requirements and ensure they are not engaging in practices that violate it.”

The letters note that the agency has identified instances in which some of the letter’s recipients have “offered solutions and insights involving the status of an individual as a member of the Armed Forces. Such information is subject to PADFAA’s requirements.”

The letters warn the companies to conduct a comprehensive review of their business practices to ensure they comply with PADFAA, adding that a violation of the act may result in an enforcement action by the FTC, which could include civil penalties of up to $53,088 per violation.

Jury Convicts Former Google Engineer of Economic Espionage concerning AI

The U.S. Department of Justice has announced in a press release the conviction of a former Google software engineer of economic espionage concerning the theft of trade secrets about artificial intelligence.  The Press Release states:

Yesterday, a federal jury in San Francisco convicted former Google software engineer Linwei Ding, also known as Leon Ding, 38, on seven counts of economic espionage and seven counts of theft of trade secrets for stealing thousands of pages of confidential information containing Google’s trade secrets related to artificial intelligence technology for the benefit of the People’s Republic of China (PRC). The jury’s verdict follows an 11-day trial before U.S. District Judge Vince Chhabria for the Northern District of California.

“This conviction exposes a calculated breach of trust involving some of the most advanced AI technology in the world at a critical moment in AI development,” said Assistant Attorney General for National Security John A. Eisenberg. “Ding abused his privileged access to steal AI trade secrets while pursuing PRC government-aligned ventures. His duplicity put U.S. technological leadership and competitiveness at risk. I commend the trial team and investigators whose exceptional work resulted in this conviction.”

“In today’s high-stakes race to dominate the field of artificial intelligence, Linwei Ding betrayed both the U.S. and his employer by stealing trade secrets about Google’s AI technology on behalf of China’s government,” said Assistant Director Roman Rozhavsky of the FBI's Counterintelligence and Espionage Division. “Not only does this case mark the first-ever conviction on AI-related economic espionage charges, but it also demonstrates the FBI’s unwavering dedication to protecting American businesses from the increasingly severe threat China poses to our economic and national security. We remain committed to working closely with our partners across the private sector to protect our nation’s innovation, safeguard our trade secrets, and hold our foreign adversaries accountable.”

“Silicon Valley is at the forefront of artificial intelligence innovation, pioneering transformative work that drives economic growth and strengthens our national security.  The jury delivered a clear message today that the theft of this valuable technology will not go unpunished. We will vigorously protect American intellectual capital from foreign interests that seek to gain an unfair competitive advantage while putting our national security at risk,” said U.S. Attorney Craig H. Missakian for the Northern District of California.

“This conviction reinforces the FBI’s steadfast commitment to protecting American innovation and national security. The theft and misuse of advanced artificial intelligence technology for the benefit of the People’s Republic of China threatens our technological edge and economic competitiveness,” said FBI Special Agent in Charge Sanjay Virmani for the San Francisco Field Office. “The FBI San Francisco division serves Silicon Valley and the companies who lead the world in innovation, and we are committed to safeguarding their work. This case demonstrates the strength of collaboration between the FBI and the private sector, including leading companies like Google, whose partnership is critical to protecting sensitive U.S. technology. Today’s verdict affirms that federal law will be enforced to protect our nation’s most valuable technologies and hold those who steal them accountable.”

Ding was originally indicted in March 2024. A superseding indictment returned in February 2025 described seven categories of trade secrets stolen by Ding and charged Ding with seven counts of economic espionage and seven counts of theft of trade secrets.

According to the evidence presented at trial, between approximately May 2022 and April 2023, while a Google employee, Ding stole more than two thousand pages of confidential information containing Google’s AI trade secrets from Google’s network and uploaded them to his personal Google Cloud account. Ding also secretly affiliated himself with two PRC-based technology companies while he was employed by Google: around June 2022, Ding was in discussions to be the Chief Technology Officer for an early-stage technology company based in the PRC; by early 2023, Ding was in the process of founding his own technology company in the PRC focused on AI and machine learning and was acting as the company’s CEO. In multiple statements to potential investors, Ding claimed that he could build an AI supercomputer by copying and modifying Google’s technology. In December 2023, less than two weeks before he resigned from Google, Ding downloaded the stolen Google trade secrets to his own personal computer.

The jury found that Ding stole trade secrets relating to the hardware infrastructure and software platforms that allow Google’s supercomputing data center to train and serve large AI models. The trade secrets contained detailed information about the architecture and functionality of Google’s custom Tensor Processing Unit chips and systems and Google’s Graphics Processing Unit systems, the software that allows the chips to communicate and execute tasks, and the software that orchestrates thousands of chips into a supercomputer capable of training and executing cutting-edge AI workloads. The trade secrets also pertained to Google’s custom-designed SmartNIC, a type of network interface card used to facilitate high speed communication within Google’s AI supercomputers and cloud networking products.  

In presentations to investors, Ding called out the PRC’s national policies prioritizing AI development and innovation in the PRC, and in late 2023 Ding applied for a government sponsored “talent plan” in Shanghai, PRC. The jury heard evidence pertaining to the PRC government’s establishment of talent plans to encourage individuals to come to China to contribute to the PRC’s economic and technological growth. Ding’s application for this talent plan stated that he planned to “help China to have computing power infrastructure capabilities that are on par with the international level.” The evidence at trial also showed that Ding intended to benefit two entities controlled by the government of China by assisting with the development of an AI supercomputer and collaborating on the research and development of custom machine learning chips.

Ding is next scheduled to appear at a status conference on Feb. 3, 2026. Ding faces a maximum sentence of 10 years in prison for each count of theft of trade secrets in violation of 18 U.S.C. § 1832 and 15 years in prison for each count of economic espionage in violation of 18 U.S.C § 1831. Any sentence following conviction would be imposed by the Court only after consideration of the U.S. Sentencing Guidelines and the federal statute governing the imposition of a sentence, 18 U.S.C. § 3553.  

Assistant U.S. Attorneys for the Northern District of California Casey Boome, Molly K. Priedeman, and Roland Chang are prosecuting this case, with assistance from Veronica Hernandez and Trial Attorney Yifei Zheng from the Counterintelligence and Export Control Section, National Security Division.  The prosecution is the result of an investigation by the FBI.

US DOJ files action requiring divestiture by Chinese Company of U.S. Company

The U.S. Department of Justice has filed a complaint against China based Suirui Group’s acquisition of California’s Jupiter Systems based on national security concerns.  According to the press release, this is the first time an action like this has been filed. The Press Release states: 

Yesterday, the United States filed a complaint under section 721 of the Defense Production Act of 1950 to enforce a presidential order prohibiting Suirui Group’s acquisition, through Suirui International, of California-based Jupiter Systems and compelling Suirui to divest from Jupiter Systems. On July 8, 2025, the President issued the Order based on his findings that the transaction “threatens to impair the national security of the United States.” This is the first such action ever filed in federal district court.

While foreign direct investment is important to the United States’ economy, foreign investment in certain companies and certain industries, particularly those involved in defense or critical infrastructure, can pose national security concerns. To address these concerns, the President has the authority to take such action for such time as the President considers appropriate to suspend or prohibit such a transaction that threatens to impair the national security of the United States. The Committee on Foreign Investment in the United States (CFIUS) is empowered to review and investigate such transactions.

According to the Complaint, in 2020, Suirui Group, a Chinese company, through its Hong Kong subsidiary Suirui International, acquired all of Jupiter Systems, which provides video communications hardware and software to commercial and U.S. Government customers. On July 8, 2025, the President issued an Order prohibiting the transaction and, among other things, requiring Suirui to divest all its interests in Jupiter Systems within 120 days. According to the Complaint, despite CFIUS granting two extensions of the divestment deadline, to Feb. 3, Suirui and Jupiter Systems have failed to comply with the Order. The United States thus filed this action to protect the country’s national security interests.

The Justice Department’s Civil Division, Federal Programs Branch is handling the matter.  The case is captioned United States v. Suirui Group Co., Ltd., et al., No. 26-cv-00369 (D.D.C.). . . .