WASHINGTON – The order had already been canceled once, pulled from Trump’s desk on May 21 after he told reporters it could give China an opening. Twelve days later, he signed it anyway.
President Trump on Tuesday ordered the creation of a federal AI cybersecurity clearinghouse, instructing the Treasury Department, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency to stand up a centralized body within 30 days that will coordinate vulnerability scanning and patch distribution across the artificial intelligence industry and critical infrastructure operators. The body would work on a voluntary basis with the private sector – a design choice that reflects both the order’s ambition and its limits.
The directive, titled “Promoting Advanced Artificial Intelligence Innovation and Security,” expands federal cybersecurity programs, instructs the Justice Department to pursue criminal accountability for those who exploit AI to hack government and commercial systems, and calls for a framework to accelerate AI adoption across federal agencies. What it conspicuously avoids is the one thing its critics had argued mattered most: mandatory oversight.
Former White House AI czar David Sacks and National Economic Council deputy director Ryan Baasch pushed for language explicitly barring mandatory government licensing of AI systems, according to a source familiar with the deliberations cited by Axios. That prohibition made it into the final text, drawing a clear ideological line: the administration intends to police AI’s security implications without regulating AI’s development.
The clearinghouse represents the most concrete structural commitment in the order. Treasury will formally lead it, with NSA and CISA serving in coordinating roles – a configuration that marks a shift for CISA, which has historically held the central position in federal vulnerability management. James Lewis, a former U.S. cyber diplomat and fellow at the Center for European Policy Analysis, described the downgraded CISA role to Axios as “probably the best that we can expect now,” a tepid endorsement that captures the mood among many cybersecurity professionals who had advocated for a stronger institutional hand.
Within 60 days, the NSA is required to lead a classified benchmarking process – developed alongside CISA, Treasury, and White House officials – to assess the advanced cyber capabilities of AI models and determine when a particular system should be treated as a “covered frontier model,” subject to a higher tier of national security scrutiny.
The order also instructs the Office of Management and Budget to determine within 30 days whether existing federal grant programs can be directed toward developers of AI-based vulnerability detection tools. That provision matters less for its immediate funding implications – the amounts are unlikely to be transformative – than for what it signals: the administration is trying to knit together the commercial AI sector and the national security apparatus without compelling either to share anything they would rather keep proprietary.
Trump scrapped the Biden-era AI oversight order on his first day back in the White House. Biden’s 2023 directive had required AI companies to share safety test results with the government and leaned heavily on voluntary commitments – already a lighter touch than many experts had called for, as NBC News reported. Tuesday’s order does not restore those disclosure requirements, nor does it create new ones. The government will know what companies choose to share through the clearinghouse, and nothing more.
Whether the voluntary architecture can actually surface meaningful vulnerability data is the question the order cannot answer. Critical infrastructure operators – power grids, financial systems, water utilities – have historically been reluctant to disclose security flaws to federal bodies, fearing regulatory consequences or competitive exposure. A clearinghouse that depends on those same operators to flag their own weaknesses faces a structural tension the 30-day formation deadline does nothing to resolve.
The signing itself carried an undercurrent of the administration’s own ambivalence. The original May 21 ceremony was canceled after Trump, in a brief exchange with reporters, said he did not want to do anything that would “get in the way” of America’s lead over China in AI. The version he ultimately signed hews closely to that instinct: it moves the institutional furniture, assigns agencies new responsibilities, and gestures at a unified federal posture on AI security – without imposing on the industry that produces it.
The AI competition with China that preoccupied Trump on May 21 remains the implicit backdrop for every provision in the order. NSA’s elevated role, the classified benchmarking process for frontier models, the criminal accountability provisions targeting AI-enabled intrusions – each of these is legible as a response to a threat environment where adversarial AI capabilities are advancing rapidly and federal systems have yet to catch up. Whether voluntary coordination is equal to that challenge, the White House has not said. What it has done is order the question studied, within 30 days, by the same agencies that have been watching it develop for years.
—Inputs from Sputnik.
