President Donald Trump signed an executive order on June 2 that creates a voluntary framework for frontier AI model deployment, establishes a classified benchmarking process to designate “covered frontier models,” and directs agencies to harden federal cybersecurity systems. The order, outlined by Mayer Brown, explicitly states that it does not authorize mandatory licensing, preclearance, or permitting for any AI model, including frontier models.

The directive builds on the Administration’s July 2025 AI Action Plan, which contained more than 90 policy recommendations. The new order operationalizes the plan’s emphasis on cybersecurity and securing the AI technology stack. But the headline takeaway is what the order does not do: it rejects the licensing and preclearance models that the European Union’s AI Act and several state-level bills in the US have pursued. Instead, it bets on voluntary collaboration between the federal government and frontier labs.

The order’s central innovation is a classified benchmarking process to assess AI models’ cyber capabilities. The Secretaries of Treasury, War, and Homeland Security must develop this process within 60 days. The Director of the National Security Agency, in consultation with other national security officials, will ultimately designate which models are “covered frontier models.” Once designated, developers can voluntarily provide the federal government early access for up to 30 days before broader release. That access comes with confidentiality, cybersecurity, insider-risk, and intellectual property protection requirements.

This framework is a direct response to the capability jumps seen in models like GPT-4o, Claude 3.5 Opus, and Gemini 2.0 Ultra. Frontier labs have publicly struggled with how to handle models that can autonomously write exploits, conduct reconnaissance, or deploy AI agents for cyberattacks. The order gives them a structured off-ramp: bring the model to the government before launch, get a security review, and then release with some assurance that the government is not caught flat-footed.

The voluntary nature is the key political compromise. It keeps the labs happy by avoiding mandatory preclearance, which the industry has argued would slow innovation and entrench incumbents. It keeps the national security establishment happy by creating a mechanism for early awareness. And it keeps the courts out of it: no new regulatory authority, no new statutes, just a standing offer to cooperate.

Section 2 of the order mandates a rapid, government-wide hardening of federal information systems. The Committee on National Security Systems must prioritize cyber defense of National Security Systems. The Secretary of War must do the same for Department of War systems. CISA must issue Binding Operational Directives to expedite federal cyber defense and expand programs that enhance AI-enabled defensive tools. The Treasury Secretary must form an “AI cybersecurity clearinghouse” with the AI industry and critical infrastructure operators to coordinate vulnerability scanning, validation, and remediation. Most of these actions are due within 30 days.

The clearinghouse is an interesting structural choice. It places the Treasury Department, not CISA or the NSA, at the center of industry-government vulnerability coordination. That reflects Treasury’s existing role in financial services cybersecurity and its access to the private sector through the Financial and Banking Information Infrastructure Committee. But it also means the clearinghouse will operate with Treasury’s institutional culture, which is less technical and more regulatory than the intelligence community.

Section 4 directs the Attorney General to prioritize enforcement of existing federal criminal statutes against AI-enabled cybercrime. Specifically, the order targets 18 U.S.C. sections 1028 (identity theft), 1030 (computer fraud and abuse), and 1343 (wire fraud), as well as all other applicable federal laws. This covers anyone who uses AI to illegally access or damage a computer system, or who uses AI agents to unlawfully access data subsequently used for a criminal purpose.

The enforcement directive is notable for what it does not do: it does not create new AI-specific crimes. The Administration is betting that existing statutes, applied with priority and resources, can handle AI-enabled cybercrime. That is a defensible position. The Computer Fraud and Abuse Act is broad enough to cover most AI agent misuse. The question is whether prosecutors will have the technical expertise to build cases that attribute specific actions to specific AI systems.

For AI builders, the order creates a new compliance horizon. Frontier labs that want to participate in the voluntary framework will need to build internal processes for the classified benchmarking process. They will need to decide whether to submit models for early access, and if so, how to handle the 30-day delay. They will need to engage with the Treasury-led clearinghouse on vulnerability coordination. And they will need to ensure their models do not run afoul of the enforcement priorities.

The order also creates a strategic question for labs that choose not to participate. If a lab releases a frontier model without going through the voluntary framework, and that model is later used in a significant cyberattack, the political and legal consequences could be severe. The order does not mandate participation, but it creates a clear record of who cooperated and who did not.

The 60-day deadline for the classified benchmarking process means the criteria for “covered frontier model” designation will be set by early August. That is when the real work begins. The benchmarking process will define what counts as a frontier model for the US government, and that definition will shape everything from export controls to procurement to international coordination. The labs that engage early will help write those rules.