On June 4, 2026, Representatives Jay Obernolte (R-CA) and Lori Trahan (D-MA) released a discussion draft of the Great American Artificial Intelligence Act of 2026, or GAAIA. If it passes, it would be the first comprehensive federal law governing AI in the United States.

For business owners running on AI tools, the first question is always: does this affect me? The short answer is: not directly, and probably not immediately. But the longer answer is more interesting.

What the Bill Actually Covers

The GAAIA is primarily aimed at developers of “frontier AI” models — the labs building the most powerful foundation models (think OpenAI, Anthropic, Google, Meta AI). If your organisation uses AI tools rather than builds the underlying models, most of the compliance requirements do not apply to you.

For frontier developers, the bill creates three main obligations:

1. Disclosure requirements — Frontier labs must disclose information about their models to federal authorities
2. Third-party audits — Mandatory audits conducted by designated Independent Verification Organisations (IVOs) that assess model safety and risk
3. Whistleblower protections — Staff at frontier labs who raise safety concerns cannot be retaliated against

It also proposes formally codifying the Centre for AI Standards and Innovation (CAISI) within the Department of Commerce and authorising $100 million per year for voluntary safety guidelines and public-private AI evaluation programs. Large frontier developers would need to report critical safety incidents to the federal government.

The Preemption Clause Is the Real Story

The provision that matters most for the business AI landscape is not about what the GAAIA requires — it is about what it blocks.

If passed, the bill would preempt states from issuing their own laws regulating AI model development for three years. That means no new patchwork of 50 different state AI laws for three years, at least in theory.

This is significant because several US states are already moving. Colorado’s comprehensive AI legislation takes effect June 30, 2026 — just two weeks away — and California’s AI Transparency Act and Texas’s Responsible Artificial Intelligence Governance Act are both in motion. The GAAIA, if it passed immediately, would not undo those existing laws. It would stop new state laws from proliferating further.

What This Means for Your Business Right Now

The GAAIA is a discussion draft. It has not been formally introduced, its sponsors are seeking feedback, and the House Democratic Commission on AI framed itself in opposition within hours of the draft’s release. The path to passage is uncertain.

Here is what that means practically:

Do not wait for federal clarity before planning your AI compliance. Colorado’s law is live in two weeks regardless of what happens in Congress. If your business operates in Colorado or handles Colorado residents’ data through AI-assisted decisions, you need to understand what that law requires.

The directional signal is clear even if the law is not. The GAAIA represents Congress finally engaging seriously with AI governance. The era of zero AI regulation in the US is ending. What replaces it is still being shaped, but the trajectory — mandatory disclosure, mandatory audits, safety reporting — tells you what responsible AI adoption will need to look like.

For most businesses using AI tools, the immediate pressure comes from state law, not federal. California, Colorado, and Texas together represent roughly a third of the US economy. If you sell to or employ people in those states and use AI to make decisions affecting them, the compliance clock is already running.

The audit requirement for frontier developers filters down to you indirectly. If the tools you rely on — Claude, GPT, Gemini — are subject to mandatory third-party audits, the audit reports will likely include information you can use to justify your vendor choices to your own board or clients. That is a positive development for enterprise AI adoption.

The Broader Pattern

What the GAAIA represents, even as a draft, is the US moving from the “don’t regulate AI” stance of the past few years toward structured oversight. The Biden-era executive orders created voluntary norms. GAAIA would create legal obligations — starting at the frontier developer level but eventually expanding.

The businesses that will be best positioned are those that are already operating with governance discipline: documented AI use, clear ownership of AI decisions, vendor due diligence, and regular review of what their AI tools actually do. Not because a law requires it today, but because it almost certainly will within the next few years.

At Enterprise DNA, helping organisations build that governance foundation is part of what the Omni Advisory service is designed for. The organisations that treat this as a strategic investment now, rather than a compliance scramble later, end up better positioned on both performance and risk.

The GAAIA is worth watching. Colorado is worth acting on now.