Trump’s New AI Order Mandates Safety Reviews, Eases Rules on Labs

TL;DR

• Trump’s new AI executive order requires a mandatory 90-day pre-deployment safety review for powerful frontier models used in critical infrastructure, defense, and election systems.
• The order eases some reporting requirements from Biden’s 2023 framework while directing NIST and DHS to define new risk thresholds for high-risk models.
• Civil society groups warn the order tilts too far toward industry by softening transparency rules, while labs worry about regulatory uncertainty around what counts as high-risk.
• The move reshapes U.S. AI governance and will influence global safety regimes as the EU AI Act ramps up and the UK explores voluntary approaches.

Trump’s 90-day review requirement targets frontier model deployments

The White House issued a sweeping AI executive order that directs U.S. agencies to establish a mandatory 90-day pre-deployment safety review for high-risk frontier models. The order specifically targets models used in critical infrastructure, defense, and election-related applications — sectors where AI failures could trigger cascading consequences. According to Reuters, the order requires companies developing the most powerful AI models to undergo a 90-day safety review before those systems can be used in critical sectors, while streamlining rules that industry leaders said were stifling innovation.

The order also tasks NIST and DHS with defining new risk thresholds to determine which models fall under the review mandate. Biden’s 2023 executive order had set a reporting requirement for models trained with computational power above roughly 10^26 floating-point operations — a threshold that captured only the largest frontier systems. Trump’s order appears to shift the focus from sheer scale to use-case risk, though the specifics won’t be clear until the agencies publish their criteria.

And it accelerates AI adoption across federal agencies, signaling a more industry-aligned posture. Federal AI spending reportedly surpassed $3 billion annually prior to the new order, according to administration figures cited in coverage. That number will almost certainly climb as agencies race to integrate AI tools under the new directive.

Why the 90-day window matters — and why it might not

Here’s the thing: a 90-day safety review sounds rigorous on paper, but its teeth depend entirely on what happens inside that window. If NIST and DHS publish weak technical standards or lack the resources to conduct deep audits, the review becomes a bureaucratic checkbox rather than a meaningful gate. I’ve watched enough regulatory theater to know that timelines without enforcement mechanisms are just wishful thinking.

The order represents the most significant shift in U.S. federal AI policy since 2023. It moves the governance needle from post-deployment transparency — where Biden’s framework leaned — toward pre-deployment gatekeeping for specific high-stakes use cases. That’s a fundamentally different regulatory philosophy. It says: we don’t trust the market to self-correct fast enough when the downside is a grid failure or election interference.

But civil society groups aren’t buying it. They warn the order tilts too far toward industry by softening some transparency requirements that Biden’s framework had baked in. The argument goes like this: if you ease reporting rules while adding a 90-day review that might lack real scrutiny, you’ve handed labs a PR win without materially improving safety. And some labs worry about regulatory uncertainty around what counts as a high-risk model — will a general-purpose model used by a utility company trigger the review, or only models purpose-built for critical infrastructure?

Think of it like airport security. A 90-day review is only as good as the scanners, the training, and the willingness to actually stop someone at the gate. If the process becomes a rubber stamp because agencies are understaffed or the criteria are vague, you’ve built a Potemkin checkpoint — impressive from the outside, hollow up close.

The real test will be enforcement. Does the administration fund the technical talent needed to red-team frontier models in 90 days? Do agencies have the authority to block deployment if a model fails? And what happens when a lab argues that delaying a model’s release costs millions in lost revenue or hands an advantage to a foreign competitor?

How this reshapes the race between OpenAI, Anthropic, Google, and Meta

Major U.S. labs — OpenAI, Anthropic, Google, Meta — must now integrate pre-deployment reviews into their release pipelines for certain use cases. That’s a non-trivial operational shift. If you’re Anthropic and you want to sell Claude to a defense contractor or a state election board, you’re now looking at a 90-day buffer before deployment. That changes your product roadmap and your sales cycle.

Non-U.S. players could face scrutiny when servicing U.S. critical-infrastructure clients. If a European lab wants to deploy a frontier model for a U.S. utility, does it fall under the same review? The order doesn’t spell that out yet, but the implication is clear: the U.S. is asserting jurisdiction over any AI system touching its critical sectors, regardless of where the model was trained.

And this will ripple globally. U.S. rules will influence global AI safety regimes as the EU AI Act ramps up and the UK explores a more voluntary, lab-centric model. If the U.S. mandates pre-deployment reviews and the EU doubles down on transparency requirements, labs will face a patchwork of compliance burdens. That could slow frontier model releases — or it could push labs to design modular systems that can be configured differently for different jurisdictions.

The competitive stakes are high. If U.S. labs spend 90 days in review while a Chinese lab deploys a comparable model immediately, does that tilt the global AI race? Or does it force other countries to adopt similar safety gates to maintain trust with their own critical infrastructure operators?

The order builds on Biden’s 2023 framework but pivots on transparency

The order builds on the 2023 Biden AI executive order, the voluntary commitments signed by leading AI firms that year, and the 2024 AI Safety Institute workstreams. Biden’s framework emphasized transparency and reporting — labs had to disclose training details for the largest models and share safety test results with the government. Trump’s order keeps the safety focus but eases some of those reporting requirements, betting that a targeted pre-deployment review is more effective than blanket transparency mandates.

Legislators have struggled to pass comprehensive AI legislation, making executive action the main near-term governance lever for frontier models in the U.S. That’s why this order matters so much. Congress isn’t moving, so the White House is writing the rules unilaterally. And those rules will shape how labs design, test, and release frontier models for years.

The order also signals a philosophical shift. Biden’s approach treated transparency as a public good — the more we know about how models work, the safer we’ll be. Trump’s approach treats deployment gates as the critical chokepoint — stop risky models before they reach critical systems, but don’t burden labs with exhaustive reporting on every training run. Which philosophy wins will depend on whether the 90-day reviews actually catch dangerous capabilities before deployment.

Three things to watch as agencies draft the rules

First, watch how NIST and DHS define high-risk. If the threshold is too broad, every major model release grinds to a halt. If it’s too narrow, the review becomes irrelevant because labs route around it by tweaking use cases. The definition will determine whether this order reshapes the industry or becomes a footnote.

Second, watch for the technical standards that underpin the 90-day review. Will agencies require red-teaming by independent auditors? Will they mandate specific benchmarks for adversarial robustness or alignment? Or will they accept self-reported safety cases from labs? The devil is entirely in the implementation details, and those details will emerge over the next few months as agencies draft guidance.

Third, watch how labs respond. Do they lobby to narrow the definition of high-risk, or do they embrace the review as a way to build public trust? Do they staff up internal safety teams to prepare for reviews, or do they restructure products to avoid triggering the mandate? The industry’s reaction will tell you whether this order is a speed bump or a genuine inflection point in AI governance.