🔴 Act now

On June 2, President Trump signed a new AI executive order. Two weeks after the White House killed a near-identical order under pressure from tech executives, a narrower version went through. The title is “Promoting Advanced Artificial Intelligence Innovation and Security.” The substance is more modest than what was nearly signed on May 21, and considerably more modest than the original draft.

The core provision is a voluntary pre-release model access programme. AI companies are invited (not required) to give the federal government access to frontier models up to 30 days before public release. Government agencies run benchmarking tests during that window, focused on cybersecurity and national security risk. The order explicitly bars any mandatory licensing, pre-clearance, or permitting requirement for new models. Companies that don’t participate face no penalty.

The 30-day window replaced a 90-day proposal. That was the main concession. The voluntary framing was never seriously in dispute.

For most founders, the direct effect is nil. You’re not a frontier model lab. But the order matters for what it signals. The White House has now staked out a philosophy: voluntary industry engagement, no mandatory oversight structure, and criminal enforcement as the primary tool. That philosophy has a practical consequence: federal preemption of state AI laws stays rhetorical. Without a substantive federal framework on the books, there’s nothing to preempt with.

Connecticut’s October 1 deadline doesn’t move because of this order. Colorado’s January 1, 2027 date doesn’t move. Those are still your US compliance targets.

One near-term practical effect: enterprise procurement teams will start referencing this executive order in vendor questionnaires within weeks. Customers will ask whether you participate in the voluntary access programme and what your government access policy is. Have an answer ready.

Action: Write a one-paragraph internal policy on voluntary pre-release government access. Not because you need one today, but because you’ll be asked.

🟡 Heads up

🇪🇺 EU | Article 50 transparency consultation just closed

The Commission’s consultation on draft Article 50 transparency guidelines closed yesterday, June 3. These guidelines will become the practical rulebook for AI transparency obligations when enforcement powers activate on August 2. The final version isn’t published yet. Watch for it in the coming weeks, and compare it against the draft when it drops. The gap may require you to update consent language and disclosure copy for EU users before August 2. If your product runs a chatbot, generates content, or operates any interface where users interact with AI without knowing it, the guidelines apply to you.

🇪🇺 EU | Omnibus formal adoption still isn’t done

The Digital Omnibus provisional agreement was confirmed by the Council on May 13. Parliament and Council still need to formally vote, and the text needs to be published in the Official Journal before August 2 for the high-risk deadline extension to take effect. A July publication is plausible. It hasn’t happened yet. GPAI obligations under Articles 51-55 weren’t moved by the Omnibus in any case. August 2 is live for GPAI providers regardless. Don’t stand down compliance work based on a delay that isn’t legally in force.

In focus

🇪🇺 | August 2 and what Commission enforcement powers actually mean

The date has been in the tracker since March. What hasn’t been unpacked properly is what these enforcement powers actually do in practice.

The August 2 deadline is the third phase of AI Act activation. Prohibited practices and AI literacy obligations went live in February 2025. GPAI compliance obligations went live in August 2025. What’s new on August 2 isn’t new obligations for GPAI providers. Those already apply. What’s new is that the Commission can now actually come and look.

The powers include the right to request access to code, model weights, and infrastructure. The Commission can commission independent evaluations of models, particularly those above the systemic-risk threshold of 10^25 FLOPs. It can request corrective measures and, if a provider doesn’t comply, impose fines of up to 3% of global annual turnover. Systemic-risk GPAI providers face a separate obligations tier: adversarial testing, incident reporting, and cybersecurity assessments. Fines for non-compliance sit at 1% of turnover. Providing incorrect information to the Commission carries 1.5%.

The AI Office has said explicitly that the first thing it will examine when a provider comes under scrutiny is whether they’ve signed and complied with the GPAI Code of Practice. The Code is technically voluntary. But “voluntary” has a specific meaning here. If you’re a GPAI provider who hasn’t signed, you need a documented alternative compliance pathway. Undocumented non-compliance is just a liability waiting to land.

For deployers, August 2 adds the Article 50 transparency obligations. If you’re running a chatbot for EU users and users can’t tell they’re talking to AI, that needs to be fixed before August 2. If you’re generating synthetic content or video without labelling it as AI-generated, same problem. These are obligations with enforcement powers behind them from that date, not aspirational guidelines.

If you’re building on top of models rather than training and releasing foundation models, the GPAI obligations don’t apply to you directly. You’re a deployer. Your compliance focus is Article 50 plus whichever high-risk categories might apply to your use case.

The Omnibus didn’t move any of this. August 2 is 59 days away.

🟢 On the radar

• 🇺🇸 USA | Bartz v. Anthropic distributions expected from June 11. The court was due to finalise distribution calculations this week. The ~$3,000-per-book settlement benchmark remains in force. Worth watching if you’re operating an AI model trained on literary text.

• 🇺🇸 USA | Colorado SB189 signed by Governor Polis. The replacement AI disclosure framework is now law. The original Colorado AI Act is repealed. The new framework is narrower, focused on transparency for automated decision-making systems rather than the broader risk-based approach. Effective January 1, 2027.

• 🇪🇺 EU | High-risk classification guidelines consultation closes June 23. The Commission’s 148-page draft on interpreting Annex III scope under Article 6 is open for three more weeks. If your product might sit in a high-risk category, this is the document to read and respond to.

• 🇬🇧 UK | ICO ADM consultation closed May 29. Final guidance on automated decision-making expected this summer. The ICO already wrote to 16 employers found to be operating outside UK data protection law. That wasn’t a warning shot. More scrutiny is coming.

• 🇬🇧 UK | Statutory duty to draft ADM Code of Practice now in force. SI 2026/425, in force May 12, places the ICO under a legal duty to produce a Code of Practice on AI and automated decision-making. The Code itself isn’t drafted yet, but the obligation is live.

The one thing to do this week

If you’re a GPAI provider and haven’t signed the Code of Practice, get your alternative compliance documentation in order. August 2 is 59 days away and the Commission’s inspection powers are real.

Deadline tracker

EU | Article 50 transparency guidelines: final version pending | Consultation closed 3 June 2026 | Awaiting Commission publication; enforcement starts August 2

EU | GPAI enforcement and Article 50 transparency obligations go live | 2 August 2026 | 59 days; unchanged by Omnibus

EU | High-risk AI classification guidelines consultation | 23 June 2026 | 148-page draft under Article 6; respond via EC portal

EU | Digital Omnibus Official Journal publication | Estimated July 2026 | Council endorsed May 13; Parliament vote pending; must publish before 2 August for deadline relief to take effect

EU | AI-generated content watermarking and labeling (Article 50) | 2 December 2026 | Moved by Omnibus from August 2

EU | Nudification app ban | 2 December 2026 | Omnibus prohibition; non-consensual intimate AI imagery

EU | Annex III high-risk AI systems (employment, credit, biometrics, education) | 2 December 2027 | Contingent on Omnibus publication before August 2

EU | High-risk AI embedded in regulated products (Annex I) | 2 August 2028 | Moved by Omnibus

USA | Connecticut AIRTA: employment notification obligations | 1 October 2026 | Signed; hiring AI in scope; disclosure and opt-out rights required

USA | Connecticut AIRTA: companion chatbot and frontier model obligations | 1 January 2027 | Age verification, manipulative design prohibitions, minor access controls

USA | Colorado SB189 (replacement AI disclosure framework) | 1 January 2027 | Signed by Polis; original Colorado AI Act repealed

USA | Texas TRAIGA high-risk AI obligations | 1 January 2026 | In force

USA | Bartz v. Anthropic copyright settlement | Distributions from June 11 | ~$3,000/book benchmark; final approval order imminent

UK | ICO Code of Practice on ADM | Drafting underway | SI 2026/425 in force May 12; publication timeline unknown

UK | ICO ADM guidance (final) | Summer 2026 | Consultation closed May 29

UK | FCA Mills Review report | Summer 2026 | AI in financial services

NOT ADVICE

The information is intended to be helpful, but is in no way a substitute for seeking professional advice for your specific situation or intent. This applies to business, financial, legal, or other matters discussed herein. Please read the full DISCLAIMER