The AI Regulatory Race No One Is Winning (And What to Do While the Pols Figure It Out)


March 2026 brought the most significant federal AI legislative push in American history. It also brought a competing 291-page bill that the industry hates. Here’s what growth-stage tech companies need to know — and do — right now.


The Trump administration has been telling the AI industry for over a year that federal preemption of state AI laws is coming. On March 20, 2026, it finally put a blueprint on paper.

The White House’s National AI Legislative Framework is a four-page document with seven policy pillars and a simple core argument: AI development is inherently interstate commerce, states are creating compliance chaos, and Congress should establish a single national standard that preempts the patchwork. House leadership immediately pledged support. The administration said it will work with Congress in “the coming months” to turn the Framework into legislation.

That’s the good news — if you’re the kind of company that finds a unified federal standard appealing. Here’s the complication: Senator Marsha Blackburn simultaneously introduced a 291-page discussion draft called the TRUMP AMERICA AI Act, and it is not what the AI industry had in mind. Annual bias audits for employment AI. Quarterly workforce displacement reports to the Department of Labor. A new federal liability regime for both developers and deployers. A legislative resolution of the copyright training data question that cuts sharply against the industry’s fair use position.

These two documents are not a unified administration position. They are competing legislative visions. The gap between them tells you exactly how far Congress still has to go before any federal standard actually displaces the state laws you are already obligated to comply with today.

The Legal Reality Nobody Wants to Hear

Let me be direct about something that gets lost every time a new executive order or legislative framework drops: none of it changes your compliance obligations right now.

Executive orders bind the federal executive branch. They do not override state law. The Supremacy Clause is not a presidential policy instrument. EO 14365 created a DOJ AI Litigation Task Force to challenge state AI laws in court — but constitutional challenges take years, and the dormant Commerce Clause theory the administration is running against Colorado’s anti-discrimination framework faces substantial headwinds against a law with a concrete protective purpose.

The White House Framework is explicitly non-binding. It is a set of legislative recommendations. Until and unless Congress enacts a statute — which has to survive a narrow House majority, significant Democratic opposition to broad preemption, and intra-GOP tensions about the Blackburn bill — Colorado’s CAIA, California’s multi-statute architecture, Texas’s TRAIGA, and the emerging state law frameworks in New York, Illinois, and elsewhere remain fully operative and fully enforceable.

Your state law compliance timeline is not contingent on the federal legislative outcome. It is the federal legislative outcome’s predecessor.

What the Framework Actually Does for You (and What It Doesn’t)

There are provisions in the White House Framework that genuinely matter to growth-stage tech companies, independent of whether the broader legislation passes.

On copyright: The administration has now taken the explicit position that training AI models on copyrighted material does not violate copyright. This doesn’t resolve the pending federal litigation — New York Times v. OpenAI and Getty Images v. Stability AI will proceed regardless — but it signals the administration’s amicus posture and reduces the regulatory risk of adverse action from federal agencies on this question. What it doesn’t do is resolve California’s AB 2013, which requires training data disclosure and is being challenged by xAI on First Amendment grounds. Comply with AB 2013 now; don’t wait for the constitutional case.

On third-party developer liability: The Framework proposes that Congress preclude states from imposing liability on AI developers for unlawful conduct by third parties using their systems. This is Section 230 logic applied to the AI layer. If enacted, it matters significantly for foundation model providers and for SaaS companies whose platforms are used by customers in ways the company didn’t design or endorse. It has not been enacted. Your current exposure under existing common law and state consumer protection frameworks is unaffected.

On regulatory sandboxes: The Framework endorses supervised deployment environments with reduced compliance burden in exchange for reporting obligations. The Utah sandbox model is the working domestic precedent. If your company is in an early-deployment phase with novel AI use cases, tracking sandbox availability — Utah now, potentially federal in the future — is worth active attention.

The Blackburn Bill Provisions You Cannot Ignore

Discussion drafts don’t usually survive floor consideration intact. But the TRUMP AMERICA AI Act has two provisions with strong bipartisan appeal that are more likely than the rest to survive in some form: the employment AI audit requirement and the workforce displacement reporting obligation.

The employment AI audit provision would require annual independent bias audits for any AI system used in employment decisions. That’s hiring, promotion, performance evaluation, task allocation. This is a national codification of New York City’s Local Law 144, extended to every employment context and every state. The audit results will be discoverable in Title VII litigation. If you use AI anywhere in your HR stack — and if your platform includes AI-assisted HR features — you should be designing those systems to generate audit-ready demographic performance data today, under current EEOC disparate impact guidance, regardless of what the Blackburn bill ultimately becomes.

The workforce displacement reporting provision would require quarterly reports to the Department of Labor attributing workforce changes to AI deployment. The causation methodology alone would be an operational challenge. More importantly: those reports would be discoverable in wrongful termination and WARN Act litigation. If this provision advances, your documentation strategy for AI-driven workforce decisions becomes a litigation document.

Five Things to Do Right Now

The regulatory landscape is not waiting for Congress. Here is what growth-stage tech companies should be doing before the midterms, regardless of how the federal legislative picture resolves.

Complete your AI asset inventory. You cannot comply with Colorado, California, Texas, or any eventual federal framework without knowing what AI systems you are running — including shadow AI adopted by employees without formal procurement review. The inventory is the prerequisite for everything else.

Audit your vendor agreements. Your existing contracts with foundation model providers and AI system vendors almost certainly predate the current state law landscape. They almost certainly lack the impact assessment documentation rights, incident notification obligations, and NIST alignment warranties that Colorado’s CAIA and analogous frameworks require. Retrofit now; don’t wait for the first incident.

Build demographic performance data for employment AI. Whether it’s the Blackburn audit requirement, current EEOC guidance, New York City Local Law 144, or Illinois HB 3773, the compliance trajectory for AI in employment runs through demographic performance testing. Build the data infrastructure before you need to defend against a disparate impact claim.

Start your EU conformity assessment if you have EU operations. August 2, 2026 is five months away. The high-risk system requirements of the EU AI Act are not contingent on U.S. legislative developments. If you have EU customers or operations and you haven’t begun the technical documentation process, that work needs to start now.

Design your compliance program to survive preemption. The compliance infrastructure that satisfies Colorado, California, and Texas simultaneously — impact assessments, NIST alignment documentation, vendor audit rights, adverse decision protocols — is the same infrastructure that maps onto every credible federal framework in current circulation. Building against state requirements now does not create stranded investment. It creates the foundation on which federal compliance will be layered.


The federal AI governance race is real. But the finish line has not been moved. State laws are enforceable today, the EU deadline is fixed, and no presidential framework changes either of those facts. The companies that come out ahead are the ones that build compliance infrastructure against present requirements rather than deferring to a federal resolution that may or may not arrive before the next enforcement action finds them.