This is a catch-up issue. The weekly newsletter paused after Week 9 (May 8) while the daily digests kept running. Rather than reconstruct each missing week, this single issue covers the whole stretch from May 9 to July 2, 2026, and pulls out the developments that actually moved the map. Normal weekly cadence resumes next issue.
Top Stories: May 9 – July 2, 2026
1. The White House Signs EO 14409 – and the “Freedom to Innovate” Era Ends in Practice
June 2, 2026
The internal deliberation flagged in Week 9 became policy. On June 2, 2026, President Trump signed Executive Order 14409, “Promoting Advanced Artificial Intelligence Innovation and Security”. The order directs federal agencies to accelerate AI adoption for cybersecurity, establishes a framework under which developers of “covered frontier models” can give the government early access before release, and directs the Attorney General to prioritize prosecution of AI-enabled cybercrime.
Crucially, the framework is voluntary, and the order says so twice over. Developers may choose to engage the government to determine whether a model qualifies as a covered frontier model and to provide up to 30 days of pre-release access; the framework for that engagement is to be finalized by around August 1, 2026. The order then draws an explicit line: nothing in it “shall be construed to authorize the creation of a mandatory governmental licensing, preclearance, or permitting requirement for the development, publication, release, or distribution of new AI models.” Legal analyses from Hogan Lovells, Skadden, and Sidley all read the order the same way: a cybersecurity-first, collaboration-over-mandate posture that nonetheless puts the federal government into the frontier-model release process for the first time.
Why it matters: In Week 9 the question was whether the administration would reverse the EO 14179 “remove barriers to innovation” posture. The answer is a carefully hedged yes. The order is designed to look like the opposite of a licensing regime – it bans mandatory preclearance by name – while building the exact machinery (classified benchmarks, a covered-frontier-model designation, a 30-day early-access window) that a licensing regime would need. It is a voluntary pre-release review that the government can lean on case by case. Within three weeks, it did exactly that.
2. OpenAI Restricts GPT-5.6 to “Trusted Partners” at the Government’s Request
June 26, 2026
On June 26, 2026, OpenAI announced it was previewing its new GPT-5.6 model family – Sol (flagship), Terra (balanced), and Luna (fast, low-cost) – only to a “small group of trusted partners,” at the request of the US government. As CNBC, TechCrunch, and Axios reported, the White House Office of the National Cyber Director and the Office of Science and Technology Policy asked OpenAI to limit the rollout while the administration builds out the model-evaluation framework called for in EO 14409.
By multiple accounts this is the first time the US government has preemptively asked an American AI company to hold back a commercial model before launch. OpenAI complied but pushed back publicly, saying it does not believe “this kind of government access process should become the long-term default” and warning that it “keeps the best tools from users, developers, enterprises, cyber defenders, and global partners who need them.” The company framed the restricted preview as a short-term step toward broader availability “in the coming weeks.”
Why it matters: This is the EO’s voluntary framework operating in the real world, and it shows how much the word “voluntary” is carrying. No license was denied and no rule was broken – the government asked, and the largest consumer AI developer restricted its own launch. The precedent is the story: a pre-release government check on frontier models now exists in practice, established not through legislation or a binding rule but through a request that a company found it could not comfortably refuse. Whether this stays a rare, cybersecurity-driven intervention or becomes a routine gate is the central open question of US AI governance for the rest of 2026.
3. Colorado Repeals and Replaces Its Landmark AI Act
May 14, 2026 (signed); effective January 1, 2027
Colorado did what Week 9 said it might. On May 14, 2026, Governor Jared Polis signed SB 26-189, “Automated Decision-Making Technology,” which repeals and reenacts the 2024 Colorado AI Act (SB 24-205) before that law’s June 30 effective date could arrive. As a result, SB 24-205 – the first comprehensive US state AI law – reached June 30, 2026 having never taken effect. The replacement takes effect January 1, 2027.
SB 26-189 converts Colorado’s regime from compliance-and-impact-assessment to notice-and-rights. As law firms including Holland & Knight and Seyfarth summarize it, the new law drops the affirmative duty to prevent algorithmic discrimination, the developer and deployer impact-assessment mandates, and the explainability requirements. It keeps consumer-facing protections: clear notice when an ADMT materially influences a consequential decision, the right to access and correct personal data, and the right to request meaningful human review of an adverse outcome. Developers must give deployers technical documentation on intended uses, training-data categories, and known limitations, and both must retain compliance records for three years. Enforcement runs exclusively through the Attorney General under the Colorado Consumer Protection Act, where a violation is a deceptive trade practice.
Why it matters: The most-watched state AI law in the country was replaced by a lighter one before it ever bound anyone – a template, not a one-off. Colorado’s pivot from a broad “high-risk AI” compliance framework to a narrower automated-decision-making notice regime is the model other states are now weighing, and it hands compliance teams roughly six additional months of runway. It also removes, for now, the head-on collision that a live SB 24-205 would have created with the federal preemption push. The compliance clock does not stop, though: the ADMT obligations arrive January 1, 2027, the same day New York’s RAISE Act takes effect.
4. TAKE IT DOWN Act Enforcement Goes Live
May 19, 2026
The first federal law directly regulating AI-generated content crossed into enforcement. The TAKE IT DOWN Act (S.146, 119th Congress), signed May 19, 2025, gave covered platforms one year to stand up a notice-and-removal system for nonconsensual intimate imagery, including AI-generated deepfakes. That year expired May 19, 2026. As of that date, covered platforms must remove reported material within 48 hours of a valid request, make reasonable efforts to remove known copies, and provide clear and conspicuous notice of the process. The FTC enforces non-compliance as an unfair or deceptive act under the FTC Act; the Congressional Research Service overview lays out the mechanics.
The law passed with unusual breadth – 21 cosponsors split almost evenly between the parties – and its criminal prohibition on publishing nonconsensual intimate imagery took effect immediately on signing in 2025. What changed in May 2026 is the platform-side operational duty and the FTC’s authority to police it.
Why it matters: This is the test of whether a narrow, bipartisan consensus on one concrete AI harm can produce workable enforcement at scale. The 48-hour window and the duty to chase down known copies are operationally demanding, and the FTC’s posture in the weeks after May 19 will signal how aggressive federal AI-content enforcement intends to be. It also converges with state activity – California’s SB 243 chatbot-safety enforcement and the AG’s xAI investigation – so federal and state deepfake regimes are now running in parallel.
5. The EU Blinks: High-Risk Obligations Delayed to December 2027
May-June 2026
The EU changed its own timeline. Under the Digital Omnibus package, EU co-legislators reached a provisional political agreement on May 6, 2026 (confirmed by Council representatives May 13) to defer the AI Act’s high-risk obligations, and the European Parliament approved the agreed text in plenary on June 16, 2026 by 423 votes to 57 with 174 abstentions. Stand-alone high-risk systems under Annex III move from August 2, 2026 to December 2, 2027; high-risk AI embedded in regulated products under Annex I moves to August 2, 2028. The European Council press release and analyses from Gibson Dunn and White & Case confirm the new fixed dates. The amendments become legally effective only on formal Council adoption and publication in the Official Journal, expected before August 2, 2026.
The omnibus is not pure deregulation. It adds a new Article 5 prohibition on AI-generated nonconsensual intimate imagery (“nudifiers”) and child sexual abuse material. And two EU deadlines did not move: the general-purpose AI (GPAI) transparency obligations remain in force from August 2, 2025, with the Commission gaining active enforcement powers over GPAI providers on August 2, 2026; and the Article 50 transparency rules for AI-generated content still bind on August 2, 2026. To that end, the Commission and AI Office published the final Code of Practice on marking and labelling of AI-generated content on June 10, 2026, covering machine-readable marking for providers and deepfake labelling for deployers.
Why it matters: In Week 9 the EU’s August 2 high-risk deadline was described as the most structurally certain development on the board – it would happen on schedule regardless of what Washington or Colorado did. It will not. The EU, facing thin enforcement readiness (as of early 2026 only a minority of member states had designated national competent authorities), chose to move its own goalposts rather than enforce into a capacity gap. The signal matters as much as the substance: the world’s most comprehensive AI law amended its central deadline before that deadline arrived. Companies still face hard August 2, 2026 dates for GPAI and Article 50 transparency – the relief is real but selective.
Analysis: What Eight Weeks Revealed
Three patterns run through the gap, and each is a reversal of an assumption that held at Week 9.
The US federal posture flipped from “freedom to innovate” to pre-release vetting – without admitting it. For eighteen months the through-line of federal AI policy was that regulation stifles American leadership. EO 14409 keeps that rhetoric (it bans mandatory licensing by name) while building the apparatus for exactly the kind of pre-market review the prior posture rejected: classified benchmarks, a covered-frontier-model designation, and a 30-day early-access window. The GPT-5.6 restriction three weeks later showed the apparatus is not theoretical. The cybersecurity frame is what made the reversal politically possible – the government is not claiming to regulate AI for consumer protection, but to manage models capable of nation-state-caliber offensive cyber operations. Reporting through June that the government invoked national-security authorities over access to frontier models underscores how far the national-security lens now reaches into release decisions. Whatever the label, the substance is that the federal government now sits in the room when the most capable models ship.
States pivoted from broad “high-risk AI” compliance regimes to narrower, targeted laws. Colorado is the clearest case: it retreated from the comprehensive SB 24-205 model to a notice-and-rights ADMT framework before the original ever bound anyone. But the broader wave of the past eight weeks was narrow-and-specific rather than broad-and-comprehensive: Connecticut’s SB 5 (the CART Act, signed May 29) targets employment, healthcare, and online-safety AI; Rhode Island’s three health laws (signed June 22) go straight at therapy chatbots and clinical AI. The pattern is legislators trading sweeping horizontal frameworks – which invite both federal-preemption fights and workability complaints – for domain-specific rules that are easier to defend and easier to comply with. Well over a thousand AI bills have been introduced across the states, but the ones that became law skew narrow.
The EU blinked on timelines. The most durable assumption at Week 9 – that the EU deadline was fixed and certain – did not survive contact with enforcement reality. Faced with member states that had not stood up their enforcement authorities, the EU delayed high-risk obligations by sixteen months rather than enforce into a gap. It preserved the transparency and GPAI deadlines and added a new prohibition, so this is timeline relief, not surrender. But the precedent is set: the AI Act’s central compliance date proved movable.
The connecting thread is that the question from Week 9 – who decides what AI can do before it reaches users, and on what basis – got a clearer answer in every jurisdiction. In the US it is increasingly the federal government, via a “voluntary” national-security channel. In the states it is narrower, domain-specific regulators. In the EU it is still the AI Act, but on a schedule the EU is willing to rewrite.
What to Watch
- EO 14409 frontier-model framework (due ~August 1, 2026): The order tasks agencies with finalizing the covered-frontier-model designation and the pre-release engagement process. How “voluntary” it remains in practice – and whether GPT-5.6 sets the template for future launches – is the key US indicator.
- EU GPAI enforcement and Article 50 transparency (August 2, 2026): These deadlines did NOT move. The Commission’s enforcement powers over GPAI providers activate, and the AI-content marking/labelling obligations bind. Watch the Commission’s first enforcement signals and uptake of the June 10 Code of Practice.
- EU Digital Omnibus formal adoption: The Parliament approved the text June 16; formal Council adoption and Official Journal publication are expected before August 2, 2026. The delay to December 2, 2027 is not legally effective until then.
- Colorado SB 26-189 and NY RAISE Act (both effective January 1, 2027): Two very different state models take effect the same day – Colorado’s ADMT notice regime and New York’s frontier-model safety-protocol law (up to $1M / $3M penalties). The first real compliance date for the post-SB-24-205 state landscape.
- Connecticut SB 5 phase-in (October 1, 2026 and October 1, 2027): The CART Act’s employment and transparency obligations begin their staged rollout.
- Federal preemption legislation: Bipartisan draft federal AI frameworks circulated through June proposing multi-year preemption of state AI laws. Whether any advances – and how states respond – will determine if the state-by-state patchwork consolidates or hardens.
- xAI v. Bonta (California AB 2013): Following the March preliminary-injunction denial, the merits case proceeds; watch for the next procedural step.
Sources
- Executive Order 14409, “Promoting Advanced Artificial Intelligence Innovation and Security” (White House, June 2, 2026): https://www.whitehouse.gov/presidential-actions/2026/06/promoting-advanced-artificial-intelligence-innovation-and-security/
- Analysis of EO 14409 (Hogan Lovells): https://www.hoganlovells.com/en/publications/executive-order-on-promoting-advanced-artificial-intelligence-innovation-and-security
- New AI Executive Order (Skadden, June 2026): https://www.skadden.com/insights/publications/2026/06/new-ai-executive-order
- Cyber Strategy at the AI Frontier (Sidley Data Matters, June 4, 2026): https://datamatters.sidley.com/2026/06/04/cyber-strategy-at-the-ai-frontier-president-trump-releases-executive-order-to-promote-advanced-artificial-intelligence-innovation-and-security/
- OpenAI limits GPT-5.6 to trusted partners at US government request (CNBC, June 26, 2026): https://www.cnbc.com/2026/06/26/openai-limits-new-ai-models-to-trusted-partners-request-us-government.html
- OpenAI limits GPT-5.6 rollout, says restrictions shouldn’t be the norm (TechCrunch, June 26, 2026): https://techcrunch.com/2026/06/26/openai-limits-gpt-5-6-rollout-after-government-request-says-restrictions-shouldnt-be-the-norm/
- Trump administration asks OpenAI to limit GPT-5.6 release (Axios, June 25, 2026): https://www.axios.com/2026/06/25/trump-administration-openai-gpt-model-release
- Colorado SB 26-189 official bill page (Colorado General Assembly): https://leg.colorado.gov/bills/sb26-189
- Colorado Governor Signs SB 189 (Holland & Knight, May 2026): https://www.hklaw.com/en/insights/publications/2026/05/colorado-governor-signs-sb-189
- Colorado Enacts AI Replacement Law (Seyfarth Shaw): https://www.seyfarth.com/news-insights/colorado-enacts-artificial-intelligence-replacement-law.html
- TAKE IT DOWN Act, S.146, 119th Congress (Congress.gov): https://www.congress.gov/bill/119th-congress/senate-bill/146
- TAKE IT DOWN Act CRS overview (Congress.gov): https://www.congress.gov/crs-product/LSB11314
- EU Council and Parliament agree to simplify and streamline AI rules (European Council, May 7, 2026): https://www.consilium.europa.eu/en/press/press-releases/2026/05/07/artificial-intelligence-council-and-parliament-agree-to-simplify-and-streamline-rules/
- EU AI Act Omnibus Agreement – Postponed High-Risk Deadlines (Gibson Dunn): https://www.gibsondunn.com/eu-ai-act-omnibus-agreement-postponed-high-risk-deadlines-and-other-key-changes/
- EU agrees Digital Omnibus deal to simplify AI rules (White & Case): https://www.whitecase.com/insight-alert/eu-agrees-digital-omnibus-deal-simplify-ai-rules
- EU Commission publishes Code of Practice on marking and labelling AI-generated content (June 10, 2026): https://digital-strategy.ec.europa.eu/en/news/commission-publishes-first-draft-code-practice-marking-and-labelling-ai-generated-content
- EU AI Act GPAI obligations in force and final GPAI Code of Practice in place (Latham): https://www.lw.com/en/insights/eu-ai-act-gpai-model-obligations-in-force-and-final-gpai-code-of-practice-in-place
- Rhode Island enacts three new AI laws including a therapy chatbot ban (Transparency Coalition): https://www.transparencycoalition.ai/news/rhode-island-enacts-four-new-ai-laws-including-a-therapy-chatbot-ban
- Connecticut Enacts Sweeping AI Law (Ropes & Gray, June 2026): https://www.ropesgray.com/en/insights/alerts/2026/06/connecticut-enacts-sweeping-ai-law-covering-employment-healthcare-and-online-safety
Published: July 2, 2026 Next Issue: Week 11 – resuming normal weekly cadence