Frontier AI Goes Federal: How the Great American AI Act Compares to State Laws

Introduction

It has been an unusually active few weeks for AI safety policy. Following a new frontier model safety bill passed in Illinois, and a White House executive order on AI security, Rep. Jay Obernolte (R-CA) and Rep. Lori Trahan (D-MA) released a bipartisan discussion draft for the Great American AI Act of 2026, adding another major federal proposal to the rapidly developing frontier AI landscape.

The draft is broad, covering issues ranging from workforce development and AI literacy to cybersecurity and international standards. But for many AI developers and deployers, the most important provisions are those focused on frontier model regulation. The draft would create requirements related to frontier AI transparency, critical safety incident reporting, employee whistleblower protections, and independent verification organizations. It would also include a three-year preemption clause restricting state laws that specifically regulate AI model development.

This blog highlights four key takeaways of the discussion draft: 

1. The draft is one of the first bipartisan attempts in Congress to address both frontier model safety and preemption of AI. These aspects make it a notable legislative effort, even if its prospects are uncertain. 
2. The draft incorporates many of the frontier model safety provisions in existing state laws but also has key distinctions. Compared to recent state frontier AI laws in California, New York, and Illinois (pending signature), the bill makes some important adjustments, like adding a revenue threshold for “frontier developers,” modifying the definition of “critical safety incident,” and utilizing a different penalty structure. 
3. The draft brings the preemption debate back into the federal AI policy conversation. It includes a three-year preemption clause focused on state laws that specifically regulate AI model development. 
4. The draft also reaches beyond frontier model safety. Other notable provisions include a study content moderation, a federal voluntary model testing program, and disclosure requirements for AI-related mass layoffs.

The Act Enters the AI Safety and Preemption Debate 

Amidst a crowded but unsettled federal AI policy landscape, the Great American AI Act is notable for its regulatory focus, bipartisan backing, and what it may signal for federal AI governance ahead. Though Congress has introduced no shortage of AI bills, there has been limited movement toward enacted legislation. Congress has considered sector-specific bills on chatbots¹, regulatory sandboxes, defense, elections, and financial scams, as well as broader proposals aimed at establishing a national AI framework like Sen. Blackburn’s (R-TN) TRUMP AMERICA AI Act.

Amid this activity, the Great American AI Act steps into two of the most active and contested AI policy debates: frontier model safety and federal preemption. On AI safety, the draft follows a period of growing attention to frontier model oversight at both the state and federal levels, where policymakers are trying to balance concerns about catastrophic risks and national security with concerns that overly burdensome requirements could slow AI innovation or weaken U.S. competitiveness.

On preemption, the draft arrives less than a year after Congress rejected a much broader effort to pause state AI regulation. In July 2025, the Senate voted 99-1 to remove a proposed 10-year moratorium on state AI laws from the budget reconciliation package. By contrast, the Great American AI Act includes a narrower three-year preemption provision focused on state laws that specifically regulate AI model development.

The draft is also significant because of both who introduced it and how they introduced it. Other federal AI bills have addressed AI safety or included preemption language, but this proposal comes from bipartisan sponsors who have been closely involved in federal AI policy². In introducing the draft, the sponsors emphasized that “policy for a technology this transformative can only be built to last if it’s written by both parties.” Just as importantly, they have framed the draft as a starting point rather than a final product, describing it as “the start of a serious national conversation.” Whether the bill advances in its current form remains uncertain, especially given the sensitivity of federal preemption and the range of issues addressed. Even if the draft changes, it may help shape the terms of future federal debates over AI safety. At a minimum, it is another sign that Congress is increasingly focused on how to govern AI systems and how federal rules should interact with the fast-moving state AI landscape.

Frontier AI Requirements: Where the Draft Aligns with State Laws

The draft’s frontier model provisions are not starting from scratch. They closely track the framework emerging from California’s SB 53, New York’s RAISE Act, and Illinois’ SB 315 (awaiting signature), including requirements for frontier AI frameworks, transparency reports, safety incident reporting, enforcement, and whistleblower protections. But the federal draft makes some important adjustments, including a revenue threshold for “frontier developers,” a definition of “critical safety incident” that is broader in some respects and narrower in others, and a federal enforcement structure with penalties of up to $1 million per day.

Key Definitions

The Draft largely aligns with recent state frontier AI laws’ definitions of “large frontier developer,” “frontier model” (encompassing foundation models trained using more than 10^26 computational operations), and “catastrophic risk” (covering certain risks of death, serious injury, or major property damage arising from frontier models). For more background on SB 53 and the RAISE Act, see FPF’s prior analysis. There are, however, a few notable differences. 

First, unlike the state laws, the Draft requires “frontier developers” to have a gross revenue exceeding $50 million. The state laws only include a gross revenue qualifier in the definition of “large frontier developer.”

Second, the draft’s definition of “catastrophic risk” does not  specify that the death, serious injury, or property damage must arise from a “single incident,” as in the state laws.

Finally, the draft’s definition of “critical safety incident” differs from the state laws by not mandating actual harm occur (such as death, bodily injury, or property loss), nor does it include scenarios where the model uses deceptive techniques to evade developer controls or monitoring.

Core Frontier Model Obligations

The draft would impose several obligations on frontier developers and large frontier developers that also largely mirror the recent state frontier AI laws. The main requirements include:

• Frontier AI Framework: Large frontier developers would need to write and publicly post a frontier AI framework addressing catastrophic-risk thresholds and mitigations, model weight cybersecurity, internal governance, and decisions about internal use and deployment. Developers would need to review the framework at least annually and publish any material modification within 30 days. These requirements closely track the state laws.
• Transparency Reports: Before, or concurrently with, deploying a new frontier model or a model with a substantial modification, frontier developers would need to publish a transparency report covering information such as release date, supported languages, output modalities, intended uses, restrictions, risk assessments, third-party involvement, and mitigation steps. These requirements largely align with recent state frontier AI laws.
• Reporting Mechanisms: The draft would require confidential reporting mechanisms for critical safety incidents and for catastrophic risks arising from a large frontier developer’s own use of its frontier models, including internal use and internally deployed models. This is similar to the state laws in allowing both frontier developers and members of the public to report critical safety incidents, but the draft adds a separate mechanism for reporting catastrophic risks from developers’ own model use.
• Critical Safety Incident Disclosures: Frontier developers would need to report critical safety incidents to the Center for AI Standards and Innovation (CASI) within 15 days of discovery, or within 24 hours if the incident poses an imminent risk of death or serious injury. This mirrors California’s SB 53, while New York and Illinois require a shorter 72-hour reporting window.
• Enforcement: Violations can result in fines of up to $1 million per violation, with each day treated as a separate violation. Federal and state attorneys general may also seek injunctions. This penalty structure may be less stringent than the state laws: SB 53 allows penalties of up to $1 million per violation, while the RAISE Act and SB 315 allow penalties of up to $3 million for subsequent violations. However, unlike the draft, those laws do not clearly cap penalties for a continuing violation at $1 million per day, meaning multiple violations could potentially be enforced in a single day.
• Definitional Updates and Rulemaking: Beginning by January 1, 2028, the CAISI Director would need to issue annual recommendations on whether key definitions should be updated. The Secretary of Commerce would also have authority to adopt rules implementing the provisions, including criteria for determining when model modifications are “substantial” or “material.” California’s SB 53 includes a similar definitional update requirement, while New York’s RAISE Act similarly provides rulemaking authority.
• Employee Whistleblower Protections: In a separate section, the draft would prohibit AI companies from retaliating against employees for lawfully reporting violations of federal AI laws and would provide remedies for employees who experience retaliation. This provision is similar to whistleblower protections in California’s SB 53 and Illinois’ SB 315, though those laws go further by requiring frontier developers to provide covered employees with clear notice of their rights and access to a reasonable internal process for anonymously disclosing information.

Taken together, the draft would bring much of the emerging state frontier AI framework into federal law. The broad architecture is familiar, but the federal draft contains key distinctions. It also does not carry over every state-law mechanism, most notably the frontier developer disclosure programs in the RAISE Act and SB 315, which require large frontier developers to maintain current filings with state agencies on ownership and business information. 

Independent Verification Organizations and Audits

The draft would also put independent auditors at the center of its frontier AI framework. Within one year of enactment, and every six months thereafter, large frontier developers would need to retain a licensed independent verification organization (IVO) to verify compliance with the draft and assess whether the developer’s risk mitigation efforts are adequate to address catastrophic risks. 

The provision reflects a broader trend toward independent evaluation of frontier models. Illinois SB 315 would also require large frontier developers to undergo independent third-party audits, but it does not create a licensing and oversight system for IVOs like the one proposed in the draft. However, other states, like Virginia, have begun exploring this model. Virginia enacted SB 384 this year, which directs the Joint Commission on Technology and Science to study the future development of an IVO framework (after earlier versions of the bill would have created an IVO licensing structure akin to this draft).

These provisions would require:

• Access: Large frontier developers would have to provide IVOs with timely access to unredacted materials and other information reasonably necessary to conduct audits and assessments. Developers could impose reasonable security protocols and access limitations to protect trade secrets and confidential business information.
• Audit and Assessment Content: IVO reports would have to describe the scope, time period covered, materials reviewed, methods used, and any limits on the assessment. They would also assess the developer’s compliance efforts; the adequacy of its frontier AI framework, and risk-monitoring; any “failure, deficiency, or material weakness;” and internal controls.
• Ad Hoc Audits and Assessments: The Director of CASI could require additional audits when necessary to verify compliance, validate prior findings, or monitor significant changes in risk, including after a critical safety incident or substantial modification.
• Supplemental Reports: IVOs could also need to submit supplemental reports when new information, unexpected model capabilities, or major model changes call into question an earlier finding that the developer was adequately managing catastrophic risks.

Additionally, the Bill would create a federal licensing and oversight system for the auditors themselves, making IVOs a potential new layer of AI governance.

Together, these proposals suggest that policymakers are increasingly looking to independent verification as a middle ground between company self-assessment and direct government review. The Great American AI Act would take that idea further by specifying who can serve as an independent verifier, what they must review, and how their findings may be shared with enforcement authorities.

Federal Preemption and the State AI Landscape

One of the draft’s most consequential provisions is its three-year preemption clause. The draft would prohibit states from establishing, continuing in effect, or enforcing any law or regulation that specifically regulates the development of an AI model (emphasis added). It would not preempt laws of general applicability, state authority granted under the draft, or laws governing post-deployment activities, including the implementation, distribution, offering, or use of AI systems, products, or services.

This approach differs significantly from the AI moratorium Congress considered last year as part of the One Big Beautiful Bill Act. That proposal would have broadly restricted states from enforcing laws or regulations that “limit,” “restrict,” or “regulate” AI models, AI systems, or automated decision systems, while allowing laws viewed as “facilitating” AI. It also evolved from a proposed ten-year pause to a five-year compromise before ultimately being removed from the package. By contrast, the Great American AI Act uses narrower language: it applies only to laws that specifically regulate AI model development and sunsets after three years.

However, as always, preemption would be complicated. Many state AI laws do not neatly separate development from deployment. They may impose obligations on developers and deployers, or require pre-deployment documentation or risk assessments for systems that are ultimately used in employment or other high-impact contexts.

As drafted, the draft’s preemptive effect would likely be greatest for state laws focused on frontier model development, such as California’s SB 53, New York’s RAISE Act, and Illinois SB 315. But the clause could also create uncertainty for other AI laws. For example, a chatbot law focused on how companies offer chatbots to the public would likely be easier to preserve under the post-deployment carveout. But if a law requires changes to how a model is trained, fine-tuned, tested, or designed before release, the line between deployment and development may be harder to draw.

The result is a preemption provision that is far narrower than last year’s proposed 10-year moratorium, but still raises significant interpretive questions. The answer to those questions is likely to have an impact on both developers and deployers, and would likely depend on how regulators and courts characterize specific laws and their requirements.

Other Key Provisions

Although the frontier model provisions are the most significant for most AI developers, the draft reaches well beyond AI safety: It also includes several provisions focused on the broader AI ecosystem, including workforce development and displacement. This section highlights three additional provisions worth watching: a study on government engagement with AI platforms, new federal AI testbeds and voluntary model testing, and disclosure requirements for AI-related mass layoffs.

• Study on Protecting Free Speech: The draft would direct the Secretary of Commerce to study how the government encourages or pressures AI companies on content moderation, information prioritization, and output generation. The report must examine legal frameworks governing federal agency interactions with AI platforms and recommend legislation providing individuals with redress against unlawful government censorship, including transparency and oversight mechanisms. While this section is only a study requirement, it signals congressional interest in how the government communicates with AI companies about content moderation and model outputs. For AI companies, this study may lead to future regulation on transparency and government oversight.
• AI Testbeds: The draft would direct the establishment of an AI testbed program for testing, evaluating, and assessing AI systems, including automated evaluations, security vulnerability assessments, and computational resource assessments. It would also establish a voluntary foundation model testing program for vendors of foundation models, AI virtual agents, and robots that incorporate foundation models. This provision parallels recent federal activity around voluntary AI testing and evaluation, including the White House’s June 2026 executive order establishing a voluntary framework for certain frontier AI developers to share models with the federal government before public release for national security and cybersecurity assessment.
• Disclosures for AI Layoffs: The draft would require employers to provide 60 days’ advance notice when AI is a “substantial factor” in a mass layoff, including information on the AI involved, the estimated share of job losses attributable to AI, and pre-layoff upskilling or retraining efforts. A similar requirement was recently enacted in Connecticut’s SB 5, which requires employers issuing mass layoff notices to tell the state’s Labor Department whether the layoffs are related to the employer’s use of AI. This provision reflects growing interest in how AI may affect workforce displacement and whether existing worker-notice frameworks should account for AI-related job losses.

Conclusion

The Great American AI Act is still a discussion draft; whether it will advance in its current form remains uncertain. Federal AI legislation has faced a difficult path in Congress and the draft touches on issues, especially frontier model safety and preemption, that are likely to generate significant debate.

But the draft is still an important marker in the federal AI conversation. It shows that Congress is continuing to consider how to regulate frontier model development, how to structure independent oversight, and how federal rules should interact with the growing number of state AI laws. Even if this bill changes substantially, these questions are unlikely to go away.

In the meantime, states are likely to continue to test different approaches to AI regulation, including laws that regulate frontier model development, deployment, or both. That could make the draft’s preemption language especially important to watch. The next phase of AI policymaking could be defined not only by the rules new proposals would set, but also by the coalitions advancing them and the venues where they move forward: Congress, the Executive Branch, the states, or all three.

1. Five major federal chatbot proposals have been introduced: the CHAT Act (S.2714/H.R. 7218), GUARD Act (S.3062/HB 8623), SAFE BOTs Act (H.R. 6489), Youth AI Privacy Act (S. 4199), and the CHATBOT Act (S 4407). ↩︎
2. Rep. Obernolte (R-CA) previously co-chaired the bipartisan House Task Force on Artificial Intelligence, which released its final report in December 2024. Rep. Trahan (D-MA), a member of the House Energy and Commerce Committee’s Innovation, Data, and Commerce Subcommittee, has also been active on technology accountability issues. ↩︎