The Great American AI Act Bets Federal Uniformity Against State-Level Accountability

The Core Bet

The single most consequential clause in the 269-page Great American Artificial Intelligence Act discussion draft, released June 4 by Reps. Jay Obernolte (R-CA) and Lori Trahan (D-MA), is the preemption scope, not the audit regime or safety incident deadlines. The bill would preempt state laws "specifically regulating the development" of an AI model for three years, while explicitly preserving state authority over the use or deployment of AI models. That single sentence does enormous legal work: it kills California's frontier transparency requirements, New York's RAISE Act model-level obligations, and Colorado's successor law at the development stage—while leaving every state free to regulate what happens after a model ships.

This is not a floor. It is a ceiling on development-side regulation, time-limited to three years. Whether Congress reconvenes the question before that clock expires will determine whether this bill's architecture becomes permanent federal doctrine or a temporary reprieve for labs racing to build.

What the Bill Actually Requires

The draft establishes a framework for federal regulatory control over artificial intelligence organized around four pillars: frontier AI model governance, workforce impact data collection, cybersecurity, and AI research and development.

For operators shipping frontier models, the obligations bite quickly. Large frontier developers must write and implement plans addressing risks prior to releasing new models and report critical safety incidents to CAISI. They must craft an AI framework applying to all their models, demonstrate standards compliance, identify risk thresholds, determine whether a model poses "a catastrophic risk" when managing cybersecurity defenses—particularly regarding private model weights—and disclose release dates.

Before deploying any new frontier model, developers must publish a report disclosing the release date, supported languages, output modalities, intended use, restrictions, risk assessments, and mitigation steps. Redactions are permitted for trade secrets, cybersecurity, public safety, or national security. Developers must file a critical safety incident report with CAISI within 15 days, or within 24 hours if the incident poses imminent risk of death or serious injury.

The enforcement backstop carries teeth. Developers that fail to comply with audit requirements or make material misrepresentations face up to $1 million per day in penalties while the violation continues.

The Audit Architecture

Compliance runs through a licensing regime rather than direct government oversight. Large frontier developers must retain an Independent Verification Organization licensed through NIST's Center for AI Standards and Innovation. IVOs would perform semi-annual verification of developer compliance with safety requirements, assess the adequacy of frontier AI frameworks and risk monitoring, then submit results to CAISI.

CAISI receives $100 million in annual federal funding for 2027 to 2029. That modest budget for an agency expected to set standards, license auditors, and monitor the global frontier model market raises questions about staffing capacity. CAISI will need to compete for talent with the labs it oversees—the bill grants special hiring authorities allowing CAISI to fix pay above the GS scale for critical technical experts. Whether that authority attracts people capable of evaluating GPT-class models remains to be seen, but the structural instinct is sound.

State attorneys general retain a limited role. State AGs can opt in to receive safety reports and IVO audit reports, preserving informational standing without enforcement authority over development-side compliance.

The Preemption Fight Is Already On

The state-versus-federal tension that has defined AI policy for two years did not pause for the bill's release. More than 70 AI-related laws passed in at least 27 states in 2025 alone. An accompanying document from Trahan's office identified which state laws would be preempted: California's AB 2013 (requiring developers to post high-level training data summaries) and portions of SB 942 (content watermarking). It also flagged frontier safety laws in California, New York, and Illinois as subject to "federalization" under the bill.

Critics view that list as proof the bill functions as a ceiling, not a floor. Brad Carson, president of Americans for Responsible Innovation, called preemption of state laws a "generational mistake," arguing: "This bill takes the current floor on state AI legislation and turns it into a federal ceiling, preventing state lawmakers from addressing emerging AI harms in an era of fast-moving technology." The Tech Oversight Project found that 56% of Obernolte's constituents oppose his efforts to weaken California's catastrophic risk laws, and 63% of Trahan's constituents feel the same about local laws.

The political history is instructive. The Trump administration previously pursued the One Big Beautiful Bill Act, which included a 10-year moratorium on new state AI regulations. Although it passed the House, the Senate rejected the moratorium across party lines over concerns about eroding traditional state authority over consumer protection and laws protecting artists and entertainers. The Obernolte-Trahan draft narrows the scope—development only, three years, explicit carveouts—to avoid that fate. Whether the narrowing suffices is the open question.

Who This Benefits and Who It Costs

The frontier model requirements cover only frontier-level models, exempting open-source developers, startups, and lower-resourced organizations. That scope limit has real implications. The audit and risk-framework obligations land on Anthropic, OpenAI, Google DeepMind, and Meta—companies already running internal safety programs that can be repackaged as CAISI submissions. For a mid-sized enterprise AI vendor shipping a fine-tuned model, development-side preemption is largely beneficial: California's Transparency in Frontier AI Act, New York's RAISE Act, and Colorado's successor framework no longer apply, while the federal regime applies only to large frontier developers.

States define artificial intelligence, frontier models, generative AI, and chatbots in diverging ways. These differences become more consequential as more laws take effect, expanding compliance burdens for multi-state operations. Federal preemption on development eliminates that definitional fragmentation at the model layer, though deployment-side fragmentation remains.

The bill is still a discussion draft. Currently, no leading bipartisan bill in Congress comprehensively addresses the risks and regulatory gaps targeted by state laws—a key contention point in the preemption debate. That vacuum is what the sponsors are attempting to fill.

What to Watch

First: Track the formal introduction timeline. Public feedback before filing signals whether this has leadership support to move before midterms or slips into the next Congress.

Second: Watch for Senate companion legislation. The House moratorium from One Big Beautiful died in the Senate. A companion bill with Senate co-sponsors—particularly from California, New York, or Colorado delegations—would suggest real path-to-floor potential.

Third: Monitor CAISI's IVO licensing scope in markup. If the "large frontier developer" definition shifts, the compliance addressable market shifts with it. That threshold matters more than any other single provision for mid-market operators.

Fourth: Track Colorado and California litigation. On April 9, 2026, xAI sued to block Colorado's law on four constitutional grounds. On April 24, the DOJ intervened on xAI's side—the first time the federal government sought to invalidate a state AI law. A ruling before this bill reaches the floor would reshape legislative negotiations entirely. A judicial preemption finding removes the urgency driving the bill's core premise.