US Senate’s New AI Act Has Teeth, Puts Frontier Labs on Notice

TL;DR

• A bipartisan Senate group introduced the Great American AI Act in 2026 — the most comprehensive federal AI bill the U.S. has seen.
• The bill mandates transparency disclosures for large models, safety assessments for high-risk systems, and directs NIST to set technical standards for audits and watermarking.
• It’s the U.S. answer to the EU AI Act — and it signals a hard pivot from voluntary commitments to binding law.
• Civil-liberties advocates and industry lobbyists are already pushing back, warning of compliance burdens and offshore R&D flight.

The Great American AI Act Lands on Capitol Hill

A bipartisan group of U.S. senators just introduced the Great American AI Act, a sweeping federal bill that would impose mandatory transparency and safety requirements on large AI systems. According to the bill text, developers of large-scale AI systems must disclose key model capabilities, training data provenance practices, and evaluation results to designated federal agencies before deployment in high-risk settings. It’s the most ambitious attempt yet to move U.S. AI governance from handshake agreements to hard law.

The legislation directs NIST and other federal agencies to set technical standards for AI audits and watermarking. Certain high-risk systems — think hiring algorithms, credit decisioning, critical infrastructure — would have to undergo formal safety assessments before launch. And the bill doesn’t stop at disclosure: it lays groundwork for incident reporting, model evaluations, and accountability mechanisms that could fundamentally reshape how frontier labs and large AI deployers operate.

This isn’t a voluntary framework. It’s a rulebook.

Why Mandatory Disclosure Marks a Turning Point

Until now, U.S. AI governance has leaned heavily on voluntary commitments coordinated by the White House and the nonbinding NIST AI Risk Management Framework. The Great American AI Act attempts to move those principles into binding law — explicit mandates around evaluations, watermarking, and incident reporting that carry actual consequences. That’s a big deal.

I’ve covered AI policy long enough to know that voluntary pledges sound great in press releases and then quietly fade when quarterly earnings calls roll around. Mandatory disclosure changes the calculus. If you’re OpenAI or Anthropic and you want to deploy a model in a high-risk domain, you now have to hand over capability assessments and data provenance details to federal agencies first. No hand-waving. No trust us, we’re the good guys.

Think of it like moving from a gentleman’s agreement to a signed contract — suddenly the vague promises have teeth, and everyone’s reading the fine print. The bill essentially tells labs: if you want to play in high-stakes markets, you play by federal rules. And those rules include showing your work.

But here’s where it gets thorny. Civil-liberties advocates argue that some mandatory disclosure provisions could entrench incumbent labs by imposing compliance burdens that smaller open-source projects can’t meet. They’ve got a point. If you’re a three-person team training a competitive open model on a shoestring budget, hiring compliance lawyers and filing federal paperwork might kill your project before it ships. Meanwhile, industry lobbyists warn that prescriptive safety requirements risk pushing advanced AI R&D offshore — if compliance costs spike in the U.S., why not move your lab to Singapore or London?

I’m skeptical of the offshore argument. The biggest labs aren’t going to relocate their entire research operations because Congress asked them to document their eval protocols. But the open-source concern? That one’s real. If the bill’s high-risk thresholds are set too low, it could accidentally kneecap the very ecosystem that’s been a counterweight to corporate concentration.

The U.S. Finally Answers the EU AI Act

The Great American AI Act is widely read as the U.S. response to the EU AI Act and the UK’s lighter-touch AI Safety Summit commitments. Europe moved first, and American policymakers spent the last two years watching Brussels set the global standard. Now Washington is making its own bet — one that tries to balance prescriptive safety rules with enough flexibility to avoid stifling innovation.

Major labs like OpenAI, Anthropic, Google, and Meta are already aligning their internal safety and transparency practices in anticipation of federal rules like this. OpenAI reportedly built out its preparedness framework with an eye toward eventual regulation. Anthropic has been vocal about supporting mandatory evals. Google and Meta have both invested heavily in watermarking research. They saw this coming.

What’s interesting is how the bill positions NIST as the technical standard-setter. NIST doesn’t write laws — it writes specifications. That means the actual implementation details — what counts as a high-risk system, how audits get structured, what watermarking protocols look like — will get hashed out in working groups full of engineers, not just lawyers. That’s a smarter approach than trying to legislate technical requirements directly, but it also means the real battle is just beginning.

And make no mistake, this is a battle. The EU AI Act took years to finalize and nearly collapsed under lobbying pressure multiple times. The Great American AI Act will face the same gauntlet. Every clause will get litigated by industry groups, civil-society orgs, and academic researchers, all with competing visions of what safe AI governance actually means.

What Happens When Voluntary Becomes Mandatory

The shift from voluntary to mandatory changes everything. Labs that spent the last year publishing safety cards and model documentation as PR gestures now have to treat those disclosures as legal requirements. That’s a different kind of scrutiny. It means audit trails, internal accountability, and the knowledge that a federal agency might actually read what you submit — and ask follow-up questions.

For high-risk deployments, the bill’s safety assessment requirement could slow down product timelines significantly. If you’re building an AI system for hiring decisions or loan approvals, you can’t just ship and iterate anymore. You have to document your testing, prove your eval methodology, and wait for regulatory sign-off. That’s friction. Whether it’s productive friction or innovation-killing friction depends entirely on how NIST and the designated agencies implement the standards.

The watermarking mandate is another wildcard. Researchers have been working on robust watermarking techniques for generative AI, but the tech is still evolving. Mandating watermarking before the standards are fully baked could lock in suboptimal approaches — or it could force the research community to prioritize solutions that actually work at scale. Either way, it’s a forcing function.

What should worry everyone is the compliance asymmetry. Big labs have legal teams and policy shops. Startups and open-source projects don’t. If the bill’s high-risk definitions sweep too broadly, it could create a two-tier system where only well-funded players can afford to compete in regulated markets. That’s the opposite of what good AI governance should do.

Three Things to Watch as This Bill Moves Forward

First, watch how NIST defines high-risk systems. The bill punts that question to the standards process, which means the real fight will happen in technical working groups over the next year. If the threshold is too broad, you get compliance overload. Too narrow, and the bill’s safety provisions become toothless. Getting that balance right is the whole ballgame.

Second, watch the lobbying war. Industry groups will push hard to water down mandatory disclosure requirements, especially around training data provenance — that’s commercially sensitive information that no lab wants to hand over. Civil-liberties orgs will push for stronger accountability and more transparency. Academic researchers will argue for carve-outs that let open-source work continue without federal paperwork. The bill that emerges from committee negotiations might look very different from what just got introduced.

Third, watch the international response. If the U.S. imposes strict transparency and safety rules, does that push other countries to follow suit — or does it fragment the global AI market into incompatible regulatory regimes? The EU went first. The U.S. is going second. China’s approach is entirely different. At some point, someone has to figure out how these systems interoperate, or we end up with a Balkanized AI ecosystem where models trained under one regime can’t legally deploy in another.