The next AI compliance fight may not start inside a data center or model lab. It may start with a question Congress has avoided for years: who gets to make the rules?
A bipartisan House proposal would create a federal AI framework while temporarily limiting some state regulation. For enterprise leaders, the outcome could reshape compliance across hiring, lending, healthcare, cybersecurity, and customer operations.
Where the AI draft draws the line
Reps. Jay Obernolte, R-Calif., and Lori Trahan, D-Mass., released a discussion draft of the Great American Artificial Intelligence Act on June 4, 2026. It is not law and remains open for feedback.
If enacted, Section 121 of the official discussion draft would bar state or local laws “specifically regulating the development” of AI models for three years.
The same section says it would not preempt generally applicable state laws, common-law remedies, state authority granted under the act, or rules covering AI deployment, distribution, offering, or use after deployment. The draft would limit state regulation of model development, not erase every state AI rule.
The proposal follows a broader federal push for a national AI standard. A Dec. 11, 2025, White House order directed the Justice Department to challenge state AI laws it deemed inconsistent with federal policy and said states with “onerous” AI laws could lose some remaining BEAD non-deployment funds. Apple’s EU delay for Siri AI shows how regulatory clashes can shape AI availability and developer access.
Backers say a federal standard would reduce compliance fragmentation for companies operating across state lines. Opponents warn that preemption could block state protections before Congress creates a stronger federal replacement.
The compliance choices enterprises may face
State lawmakers have been moving faster than Congress. The National Conference of State Legislatures tracks AI proposals covering private-sector use, government deployment, healthcare, elections, deepfakes, cybersecurity, discrimination, and consumer protection.
For technology and compliance teams, the practical question is whether programs should be built around state rules, a federal framework, or both. AI systems used in HR screening, credit decisions, insurance, clinical workflows, fraud detection, and customer support could face different rules depending on which approach wins. In healthcare, the same accountability gap is visible in debates over AI liability rules when clinical tools produce errors.
The politics are not cleanly partisan. A 2025 proposal for a 10-year state AI moratorium collapsed after bipartisan opposition from state lawmakers, attorneys general, consumer advocates, and some Republicans. The Senate voted 99-1 to strip that provision from a larger legislative package, according to The Washington Post.
The Great American AI Act draft takes a narrower route than that failed moratorium, but revives the same fight. The official section-by-section summary says it would establish the Center for AI Standards and Innovation, require frontier developers to prepare risk plans before releasing covered models, protect AI whistleblowers, increase AI fraud penalties, and fund AI literacy and research.
For CIOs, CISOs, compliance teams, and AI governance leads, federal preemption would not eliminate the need for AI inventories, vendor documentation, risk reviews, incident reporting, and human oversight. Those controls also matter as model APIs, cloud identities, developer tools, and AI systems move deeper into the attack surface.
The fight now turns on whether sponsors keep the three-year preemption language, whether Congress adds a clearer consumer-protection floor, and whether the White House or lawmakers pursue another preemption vehicle. The question is no longer only whether AI needs rules. It is who writes them.
Also read: AI is now a leading reason employers cite for layoffs, adding another workforce dimension to the debate over AI oversight.