President Donald Trump signed an executive order on June 2 that attempts to thread a narrow needle: promote AI innovation while hardening national security systems against threats made possible by that same innovation. The order, Promoting Advanced Artificial Intelligence Innovation and Security, is short on specific mandates and long on voluntary collaboration with the private sector. It explicitly bans the creation of any mandatory government licensing or preclearance requirement for new AI models.

The core of the order is a new concept: the “covered frontier model.” Within 60 days, the Treasury Secretary, the Secretary of War, and the Homeland Security Secretary — through the NSA and CISA — must develop a classified benchmarking process to assess the advanced cyber capabilities of AI models. The NSA Director, in consultation with the National Cyber Director, the Assistant to the President for Science and Technology, and CISA, will determine the threshold at which a model earns that designation. Once a model is designated, developers can voluntarily engage the Federal Government to determine if their model under development qualifies. If it does, they can provide the government with access for up to 30 days before releasing it to other trusted partners.

The order is careful to state what it is not. Section 3(c) reads: “Nothing in this section shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models, including frontier models.” That language is a direct rebuke to the more interventionist approaches floated in the European Union’s AI Act and by some Congressional proposals. The White House is betting that voluntary cooperation, combined with the threat of classified benchmarks that remain opaque to the public, will be sufficient to manage risk without chilling innovation.

The cybersecurity provisions are the most concrete part of the order. Section 2(d) establishes an AI cybersecurity clearinghouse within 30 days, formed by the Treasury Secretary, the NSA Director, and the CISA Director, in voluntary collaboration with the AI industry and critical infrastructure operators. The clearinghouse will coordinate vulnerability scanning, validate discovered vulnerabilities, and prioritize remediation and patch distribution. This is a practical move: it acknowledges that the same AI models that can generate novel attack vectors can also be deployed to defend systems, and that coordination across agencies and companies is currently fragmented.

Section 2(c) directs CISA to release Binding Operational Directives within 30 days that expedite cyber defense of civilian federal information systems, expand federal programs for AI-enabled defensive tools, and facilitate access to cybersecurity tools — including, where appropriate, “covered frontier models” — for agencies, state and local authorities, and operators of critical infrastructure like rural hospitals and community banks. The inclusion of rural hospitals and community banks is notable. It signals that the administration sees frontier model access not as a luxury for well-funded federal agencies, but as a defensive necessity for the least-resourced parts of the national infrastructure.

The order also prioritizes enforcement against criminal actors using AI. Section 4 directs the Attorney General to prioritize prosecution under existing federal computer fraud and abuse statutes — 18 U.S.C. 1028, 1030, and 1343 — against anyone who uses AI to illegally access or damage a computer, or who uses AI agents to unlawfully access data for criminal purposes. This is not new law, but it is a clear enforcement signal. The DOJ is being told to treat AI-augmented cybercrime as a priority, not a novelty.

What the order does not address is as telling as what it does. There is no mention of training data provenance, model transparency, bias evaluation, or the kind of civil-rights and equity concerns that dominated the previous administration’s AI policy. The word “bias” does not appear. The word “safety” appears only in the context of national security. The frame is purely about defending American systems from external threats and maintaining global AI dominance. The “America First” cybersecurity language in Section 1 makes the geopolitical intent explicit.

The classified benchmarking process is the most consequential and the most opaque element. Developers will not know the exact capabilities that trigger the “covered frontier model” designation, because the benchmarks are classified. That creates a dynamic where AI labs must guess at the government’s red-teaming criteria, or engage voluntarily to find out. The voluntary framework in Section 3(b) gives developers a way to learn the threshold, but only by engaging with the government and potentially subjecting their models to a 30-day pre-release review period. For companies that move fast and ship often, that 30-day window is a real cost.

The order’s reliance on the Department of War — the formal name for the Department of Defense, restored by the current administration — is a structural choice. The NSA, which sits under the Secretary of War, will be the lead agency for determining which models are covered. That places the intelligence community at the center of AI governance, rather than a civilian agency like the Department of Commerce or the National Institute of Standards and Technology. NIST is consulted, but it does not lead.

For AI builders, the immediate takeaway is that the voluntary framework is real and the classified benchmarks are coming. Labs like OpenAI, Anthropic, and Google DeepMind will need to decide whether to engage early and shape the process, or wait and risk being surprised by a designation that limits their ability to deploy models to partners. The order does not create a mandatory licensing scheme, but a voluntary one backed by the NSA’s assessment authority could function as a de facto gate if the government chooses to withhold access to its own classification of a model’s capabilities.

The clearinghouse for vulnerability scanning is a more immediate operational concern. AI developers who build models capable of generating exploit code or discovering zero-days will need to coordinate with a government entity that expects early notification and patch coordination. That is a new compliance burden, even if it is framed as voluntary.

The order closes with a boilerplate general-provisions section that limits its legal enforceability. Section 5(c) states that the order does not create any right or benefit enforceable at law. That is standard language for executive orders, but it reinforces the message that this is a policy signal, not a regulation. The real test will be whether the voluntary framework attracts enough participants to function, or whether the absence of mandatory requirements leads to a fragmented response where only the most cooperative labs engage.