The Great American Artificial Intelligence Act is the most ambitious federal AI bill the United States has ever seen — a 269-page bipartisan discussion draft that would create binding oversight for the largest AI companies, establish federal auditing requirements, protect employee whistleblowers, and freeze state AI regulation for three years. It hasn’t been formally introduced as legislation yet, but its scope and detail make it the clearest signal yet that Congress is getting serious about governing artificial intelligence at the national level.
| Quick Facts | Details |
|---|---|
| Bill name | Great American Artificial Intelligence Act (GAAIA) |
| Released | June 4, 2026 (discussion draft) |
| Sponsors | Rep. Jay Obernolte (R-CA) and Rep. Lori Trahan (D-MA) |
| Length | 269 pages |
| Status | Discussion draft — not yet formally introduced |
| Who it targets | “Large frontier developers” — AI companies with $500M+ annual revenue |
| Key provisions | Audits, whistleblower protections, state preemption (3 years) |
| Annual funding | $100M/year for NIST AI Standards Center (FY2027–2029) |
| Max penalty | Up to $1 million per day for non-compliance |
What the Bill Proposes, at Its Core
The Great American AI Act is organized around four titles. The first — Frontier AI Governance — is where most of the action is. The others cover Workforce impacts, Cybersecurity applications, and Research, Development, and International Cooperation. Together they form something that looks less like a single statute and more like a blueprint for an entirely new regulatory category.
I’ve read a fair number of tech-policy proposals over the years. Most are vague — lots of “the Secretary shall study” and “guidance may be issued.” This one is specific enough to be uncomfortable for the biggest labs in a way most proposals aren’t. There are real definitions, real auditing mechanisms, and real penalty numbers attached.
The core logic goes like this: AI is advancing faster than either the market or state governments can manage on their own, and without federal guardrails the country risks either a patchwork of fifty conflicting state rules or no meaningful oversight at all. The bill tries to thread that needle — setting baseline rules at the federal level while preserving state authority over how AI is actually used by businesses and employers.
Who Gets Regulated — The $500 Million Club
The bill doesn’t try to regulate every AI application. It targets what it calls “large frontier developers” — companies that have both trained a frontier AI model and crossed $500 million in annual gross revenue. That threshold is designed to capture a short list: OpenAI, Anthropic, Google DeepMind, Meta, xAI. Smaller research labs and startups are explicitly outside the scope.
For those that qualify, the obligations are substantial. They would need to publish what the bill calls “frontier AI frameworks” — essentially documented risk assessments and safety protocols. More consequentially, they’d be subject to semi-annual third-party audits conducted by Independent Verification Organizations, or IVOs, licensed through NIST’s Center for AI Standards and Innovation. These aren’t self-reported checklists. They’re structured external reviews, roughly analogous to the financial audits public companies undergo, except the subject is AI safety rather than accounting.
The auditing requirement is the piece the industry is watching most closely. Having to open your training pipelines and safety processes to outside reviewers twice a year is a genuinely significant operational change for labs that have historically operated with very little external visibility into how their systems are built.
Non-compliance isn’t cheap under the draft. Penalties for violating safety requirements can reach $1 million per day — a number large enough to be meaningful even for companies generating billions in revenue. OpenAI’s monthly revenue crossed $2.6 billion earlier this year; a daily $1M penalty is still a rounding error in absolute terms, but the reputational and operational consequences of a compliance failure would be far larger than the fine itself.
The State Preemption Clause — Where the Controversy Lives
The most contested provision in the GAAIA is the three-year preemption clause. The bill would block state laws that specifically regulate the development of frontier AI models for a period of three years. Consumer advocacy groups like Public Citizen have called it a giveaway to large AI companies, arguing that it strips states of the very tools they’ve been building to protect workers and consumers.
The nuance matters here, and it’s been lost in a lot of the early coverage. The preemption only applies to model development. States retain full authority to regulate AI at the deployment and use stage — meaning employment discrimination, housing algorithms, healthcare decisions, financial services, and consumer protection laws would still be fair game for state legislatures. Colorado’s revised AI Act (which now takes effect January 1, 2027) focuses largely on deployers, not developers, so it would likely survive under this framework.
The logic behind the development preemption is straightforward if you’re sympathetic to the sponsors: fifty states writing fifty different rules about how you can train a language model would create impossible compliance burdens and push frontier research overseas. Whether you find that argument compelling probably depends on how much you trust federal oversight to fill the gap — and on that question, reasonable people land in very different places.
For context on how concentrated the AI development landscape has become, our piece on SpaceX’s $60 billion acquisition of Anysphere gives you a sense of how fast capital and talent are consolidating around a handful of major players. That consolidation is exactly the environment the GAAIA was written for — and also exactly why critics worry that preempting state law without strong federal replacement rules could leave the public poorly protected.
Whistleblower Protections and What Happens at NIST
Two provisions in the draft don’t get as much attention as the preemption clause, but they matter. The first is the whistleblower protection section, which would prohibit covered AI companies from retaliating against employees who report safety violations to the government. AI labs have faced employee exits and public statements in recent years — most notably the wave of departures and public letters from safety researchers at OpenAI and Anthropic. This provision would give those employees formal legal recourse if they face retaliation, which is a meaningful change from the current status quo where whistleblowers rely entirely on general employment law protections.
The second is the $100 million per year authorization for NIST’s Center for AI Standards and Innovation for fiscal years 2027 through 2029. NIST already publishes the AI Risk Management Framework, which has become something of an industry reference. This funding would substantially expand its capacity to develop evaluation standards, license and oversee the IVOs conducting audits, and coordinate with international standards bodies on AI governance — work that will matter long after any particular company or model is relevant.
The bill also includes penalties for using AI to impersonate government officials, and directs the Census Bureau and Bureau of Labor Statistics to redesign federal surveys to track AI adoption across industries — a surprisingly practical detail that reflects an awareness that regulators currently lack basic data about how widely AI is actually being deployed in the economy.
Where This Sits in the Broader AI Regulation Picture
The GAAIA arrives at a moment when AI regulation globally is accelerating. The EU AI Act is already in force. The UK is pursuing a principles-based approach. China has implemented rules around generative AI. The US has been the notable absence from that list — relying on voluntary commitments from companies and a patchwork of state laws in lieu of federal rules.
This bill is a serious attempt to fill that gap. Whether it passes in anything like its current form is a different question. It’s a discussion draft, which means Congress is explicitly inviting industry, civil society, and state governments to push back before formal legislation is written. Some provisions will likely shrink; others may disappear. The three-year preemption clause in particular seems like a candidate for significant revision.
Still, the fact that a bipartisan pair of sponsors dropped 269 pages of specific, detailed AI governance requirements — including concrete penalty structures, auditor licensing schemes, and whistleblower remedies — tells you something about where Congress thinks this is going. The industry has had years of largely self-directed development. The era of treating AI governance as something voluntary is getting shorter.
For more on how the AI talent landscape has been shifting alongside these regulatory developments, our coverage of Noam Shazeer joining OpenAI — the co-author of the original Transformer paper — gives you a useful window into the competitive dynamics these laws would ultimately govern.
Frequently Asked Questions
When would the Great American AI Act take effect?
Nothing has taken effect yet — the GAAIA is a discussion draft released June 4, 2026. It has not been formally introduced as a bill, voted on in committee, or passed into law. If it were eventually enacted, specific provisions would have their own effective dates, and agencies like NIST would need time to build the infrastructure (IVO licensing, audit standards) before requirements became enforceable.
Would the Great American AI Act affect regular people who use AI tools?
Not directly. The bill targets companies that train frontier models — a very small number of very large organizations. If you use ChatGPT, Claude, Gemini, or similar products, your experience wouldn’t change because of this law. Indirectly, tighter safety and transparency requirements on the developers of those products might eventually influence what features appear, how models are trained, or how companies communicate about risks.
Does this bill replace state AI laws?
Only partially, and only for model development. States keep full authority to regulate how AI is used or deployed within their borders — employment, housing, healthcare, consumer protection, and similar areas. The three-year preemption in the GAAIA specifically covers laws “regulating the development” of frontier models. Deployment-focused state laws, including Colorado’s revised AI Act, would not be preempted under the current draft language.
How does the Great American AI Act compare to the EU AI Act?
They share a risk-tiered structure but differ significantly in scope and philosophy. The EU AI Act covers all AI systems across all sectors and bans certain applications outright (social scoring, most real-time biometric surveillance). The GAAIA focuses specifically on frontier model developers and doesn’t include use-case prohibitions. The EU framework is already law; the GAAIA is still a draft. Both impose third-party audit requirements, but the EU’s apply much more broadly.
Sofia follows emerging technology, from AI and VR to IoT and blockchain, and translates the hype into plain language. She cares about what these tools mean for everyday users, not just the headlines.