A bipartisan group of six House members released a 269-page discussion draft on June 4, 2026 that, if passed, would be the most significant federal AI governance legislation in US history. Called the Great American AI Act, it was introduced by Reps. Jay Obernolte (R-CA) and Lori Trahan (D-MA), alongside four co-sponsors from both parties.

The draft is in the feedback phase, not yet law, but its provisions signal where federal AI policy is heading — and the implications for businesses building with AI are substantial.

What the Bill Actually Does

The headline provision is federal preemption of state AI model development laws. For three years after passage, states would be barred from passing their own rules specifically governing how AI models are developed, tested, or trained. California’s AB 2013 (which requires model developers to publish training data summaries) and content watermarking provisions of SB 942 would both be overridden.

States would still be allowed to regulate how AI is deployed and used within their borders. The distinction matters: a state could not require you to test your model before release, but it could regulate how you use that model for, say, hiring decisions or healthcare triage.

The three-year sunset means Congress would have to act again to extend preemption, avoiding the scenario where federal inaction locks in a permanent vacuum.

For large frontier AI developers — specifically those with over $500 million in annual gross revenue — the bill adds a reporting requirement. These companies would need to publish public “frontier AI frameworks” that include risk assessments for whether their models could pose “catastrophic risk,” defined as a foreseeable and material risk of death or injury to 50 or more people, or more than $1 billion in property damage. They would also be required to report critical safety incidents to the federal government.

For federal infrastructure, the bill would formally codify the National AI Research Resource (NAIRR) and authorize $100 million per year from 2027 to 2029 for a new Center for AI Standards and Innovation. That center would develop voluntary AI security standards, assess risks from advanced AI systems, coordinate with federal agencies and international allies, and oversee audits of major AI developers.

The bill also adds criminal penalties for using AI to impersonate government officials, and extends the Cybersecurity Information Sharing Act of 2015 through 2035.

Why Business Owners Should Pay Attention

This bill, if it passes, would give businesses a three-year window of regulatory clarity at the federal level.

Right now, the compliance headache for any company deploying AI across multiple US states is real. California, Colorado, Texas, Illinois, and a dozen other states have introduced or passed AI-related legislation, and the rules often conflict. Building an AI system that satisfies California’s disclosure requirements, Colorado’s algorithmic impact rules, and Texas’s biometric data rules simultaneously is a compliance burden most mid-sized businesses can not easily absorb.

Federal preemption simplifies that. For three years, companies could build to one federal standard rather than a patchwork of 50 potential state rules. For businesses in the middle of deploying AI agents, automated workflows, or customer-facing voice AI, that breathing room is operationally significant.

The safety reporting requirement for large frontier developers also matters indirectly. It creates a public record of model risks and incidents, which businesses can use to evaluate vendor choices. If your AI vendor is required to disclose catastrophic risk profiles, you have better information for procurement decisions.

What Critics Are Saying

The preemption provisions have drawn immediate pushback. AI safety organizations argue the language is too broad and would effectively remove the only meaningful AI oversight in the US, given that federal action on AI has historically been slow. The fear is that by preempting state laws, the bill creates a three-year regulatory vacuum during which AI systems can be deployed without meaningful accountability.

Labour groups, including the American Federation of Teachers, have urged Congress to reject the bill outright, arguing it does too little to protect workers from AI-driven displacement.

On the industry side, reception is mixed. The Information Technology Industry Council (ITI) welcomed provisions like the NAIRR codification, international standards leadership, and the cybersecurity information sharing extension. But some tech leaders are cautious about audit requirements and safety incident reporting obligations, which they view as potential competitive liabilities.

What This Means for Business

The Great American AI Act, even as a discussion draft, signals that Washington is moving toward a federal AI framework. A few things to think about if you are deploying or building with AI:

The compliance window is opening, not closing. If the bill passes, you get three years without new state-level model development rules. Use that time to build your AI systems properly, with governance, documentation, and audit trails, rather than scrambling to meet conflicting state mandates.

Transparency requirements are coming regardless. Even if this specific bill fails, the direction is clear. Large AI vendors will face public disclosure obligations. Businesses should start evaluating their AI vendors on transparency and risk disclosure practices now, before it becomes a regulatory requirement.

The “catastrophic risk” framing matters. The bill defines risk thresholds that are very high (50+ deaths or $1 billion in property damage). This means the vast majority of business AI applications are not in scope for the toughest requirements. The heavy compliance burden lands on the frontier labs, not the businesses using their models.

Still a draft. This is a discussion document, not law. The feedback period is open now. If your business has a view on what federal AI governance should look like, this is the moment to engage through industry associations.

The Databricks Data + AI Summit is scheduled for June 15-18 in San Francisco, where the AI governance conversation is likely to feature prominently among enterprise teams. Between that event and the ongoing congressional feedback period, June 2026 is shaping up as a pivotal month for how AI regulation in the US actually develops.

Enterprise DNA will continue tracking this as it moves through the feedback and legislative process.