America's AI Governance Crossroads: Federal Preemption Meets the State Patchwork

CPDForge Knowledge Hub | AI Governance Series | June 2026

If the EU's AI governance story in 2026 is about phased implementation, the United States' story is about a constitutional collision still in progress. Since late 2025, the federal government has been pursuing an explicit strategy to displace the growing body of state AI law with a single national standard — while states, including some led by governors who otherwise have little political common ground, have continued legislating as though no such displacement is coming. Neither side has fully won. For any organisation operating AI systems across US jurisdictions, understanding this fight — and planning for its most likely outcomes — is now a core governance competency rather than a niche legal curiosity.

The trigger: Executive Order 14365

On 11 December 2025, the Trump administration signed Executive Order 14365, "Ensuring a National Policy Framework for Artificial Intelligence." The order asserts that a state-by-state patchwork of AI regulation creates a "minimally burdensome national standard" problem for American competitiveness, and it sets in motion several concrete mechanisms. It directs the Department of Commerce to identify "onerous" state AI laws warranting legal challenge; it establishes an AI Litigation Task Force within the Department of Justice, operational from 10 January 2026, tasked with challenging state laws on constitutional and preemption grounds; it directs the Federal Trade Commission to issue, by 11 March 2026, a policy statement addressing whether state laws compelling alteration of AI model outputs constitute deceptive trade practices under federal law; and it instructs the administration to draft and pursue federal preemption legislation.

The order carves out three areas explicitly protected from preemption: child safety regulation, AI compute and data-center infrastructure (except generally applicable permitting rules), and state government procurement and use of AI. Everything else is, in principle, in the federal government's sights.

It's important to be precise about what the order does and doesn't do on its own. It has no direct legal effect on existing state statutes — preemption under the Supremacy Clause requires either a court ruling or new federal legislation. The order's force comes from the administrative levers it pulls: threats to federal funding, FTC and FCC rulemaking, and litigation. As of mid-2026, the Commerce Department's required evaluation of "burdensome" state laws — due 11 March 2026 — had not yet been publicly released, introducing real uncertainty about how aggressively the administration intends to act on its own order.

The state response: faster, not slower

States have not paused. California's Transparency in Frontier Artificial Intelligence Act and Texas's Responsible Artificial Intelligence Governance Act both took effect 1 January 2026, alongside California's GenAI Training Data Transparency Act and AI Transparency Act. Colorado's comprehensive AI Act — widely regarded as the most far-reaching state framework, requiring risk management programmes, consumer disclosures, and algorithmic discrimination mitigation for "high-risk" systems used in consequential decisions across education, employment, healthcare, housing, insurance, and government services — takes effect in mid-2026. Illinois now requires employer notice and consent before AI analysis of video job interviews. New York City's Local Law 144 continues to mandate bias audits for automated employment decision tools, and New York State has layered on its RAISE Act and synthetic-performer disclosure rules.

The pattern across these laws is sector-specific accumulation rather than a single comprehensive code: employment AI now sits under overlapping obligations from NYC, Illinois, Maryland, New Jersey, California's civil rights regulator, and federal anti-discrimination statutes enforced by the EEOC, simultaneously. Financial services has its own emerging layer, with the Treasury Department's February 2026 framework translating NIST's AI Risk Management Framework into roughly 230 specific control objectives for regulated institutions.

Crucially, Florida's Republican governor and California's Democratic governor have both publicly opposed federal preemption of state AI authority — an unusual bipartisan alignment that signals states are unlikely to cede this ground without a fight, regardless of which party controls Washington.

Congress enters the picture

The most consequential legislative vehicle is Senator Marsha Blackburn's draft federal AI bill — informally and rather memorably titled the TRUMP AMERICA AI Act — a 291-page proposal that would codify much of Executive Order 14365 into statute, establish a federal duty-of-care and risk-management regime for AI developers, rewrite aspects of copyright liability for AI training, and preempt state laws governing frontier-model catastrophic risk management and, largely, AI-generated digital replicas. Notably, even this deregulation-branded bill creates a fairly dense regulatory structure of its own — observers have pointed out the gap between the bill's stated light-touch purpose and its actual prescriptive detail.

On 20 March 2026, the White House released a National Policy Framework for Artificial Intelligence — a non-binding legislative blueprint organised around seven priorities, including child protection, free speech, workforce development, and, centrally, federal preemption of "unduly burdensome" state law. The framework explicitly argues against creating any new federal AI regulator, preferring oversight through existing agencies and industry-led standards — a notably different model from the EU's dedicated AI Office.

Opposition has mobilised quickly. The same day the White House framework dropped, a group of House Democrats introduced the GUARDRAILS Act, which would repeal the preemption-oriented executive order outright and block any moratorium on state AI regulation. Senate Commerce Committee figures, including Ranking Member Maria Cantwell, have pushed instead for a structured federal approach built on testing, standards, and public infrastructure investment rather than blanket preemption. None of these competing bills has passed; a near-identical ten-year moratorium on new state AI laws was attempted earlier via the "One Big Beautiful Bill Act," passed the House, and was rejected in the Senate on bipartisan grounds.

How preemption actually gets decided

For governance teams, the mechanics matter as much as the politics. Preemption is not self-executing — it is established either through new federal statute (which requires Congress, and currently lacks the votes) or through litigation. Four litigation pathways exist: a private party can raise preemption as a defense against state enforcement; a private party can sue a state official preemptively (though sovereign immunity often blocks this); one state can sue another state's AI law as unconstitutionally burdening interstate commerce; or the federal government can sue directly. The Department of Justice's new Litigation Task Force is positioned to support several of these routes through amicus participation, but until a court actually invalidates a specific state law, that law remains binding and enforceable.

The practical guidance from multiple law firms tracking this space converges on a single point: companies should continue complying with existing state AI law as if no preemption is imminent, while building governance programmes — documentation, risk assessment, audit trails, human oversight protocols — durable enough to satisfy either a continued state-led regime or a future federal one. The most likely medium-term outcome is not clean displacement but continued overlap: active state compliance obligations alongside a slowly forming, and currently still aspirational, federal layer.

The governance takeaway

For organisations operating nationally, NIST's AI Risk Management Framework — including its newer Generative AI Profile and draft Cyber AI Profile — has emerged as the closest thing to a neutral anchor framework: voluntary, not tied to any single state's statute, referenced by federal contractors, increasingly cross-walked into state compliance expectations, and usable as a technical companion for EU AI Act alignment. Building a governance programme around NIST's structure, rather than around any single state law, is currently the most defensible hedge against a regulatory landscape that remains genuinely unresolved.

Sources consulted: Ropes & Gray, Morgan Lewis, King & Spalding, Paul Hastings, Holland & Knight, Jones Walker, and Latham & Watkins legal analysis of Executive Order 14365 and related developments, current as of June 2026. This article is provided for general informational purposes as part of CPDForge's continuing professional development content and does not constitute legal advice.