For two years the story of AI was capability — bigger models, smarter agents, faster chips. In 2026 the story quietly became governance. This week a bipartisan bill landed in the US Congress that would put a single national AI rulebook over a growing patchwork of state laws, while across the Atlantic the EU's sweeping AI Act keeps phasing in. If your business uses AI for anything that touches customers, data, or decisions, the rules are no longer someone else's problem. Here's the shake-up, and what to actually do about it.
The news: one US rulebook to replace fifty
On June 4, Reps. Jay Obernolte (R-CA) and Lori Trahan (D-MA) released the Great American AI Act — a 269-page discussion draft (not yet a law) focused on model safety and workforce impact (Roll Call, FedScoop). Its headline — and most contested — provision is federal preemption: for three years, it would override state laws that specifically regulate how AI models are developed.
A few things to hold onto, because the nuance is the whole story:
- The preemption targets development, not use or deployment — states would keep the power to regulate how AI systems are used within their borders.
- Per a summary from Trahan's office, it would override California's AB 2013 (which requires publishing summaries of training data) and part of SB 942 (AI content watermarking).
- It would require the largest "frontier" developers — those above roughly $500M in annual revenue — to publish safety frameworks, and it codifies federal AI research infrastructure.
It's a draft, so expect changes. But the direction is what matters for planning.
Why a "patchwork" is the thing businesses fear most
Here's the tension in one sentence: companies want predictable rules; advocates want strong ones.
For a business shipping an AI feature, the nightmare isn't regulation itself — it's fifty different regulations. A model that's compliant in one state but not another, with conflicting disclosure and watermarking rules, turns a product launch into a legal maze. One federal standard promises predictability, which is exactly why parts of the industry welcomed the draft.
The pushback is just as real. Consumer group Public Citizen argues the bill "strips states' authority to protect consumers, workers, and children," and safety advocates make a sharp point: **a national standard should protect at least as much as it preempts** (Public Citizen). The fear is that a federal floor quietly becomes a federal ceiling. Whichever way it lands, the takeaway for businesses is the same: the ground rules are being rewritten in real time.
Meanwhile, the EU already shipped its rulebook
The US debate is happening years after Europe set its course. The EU AI Act is a comprehensive, risk-based framework that is phasing in by stages (European Commission):
- Obligations for general-purpose AI models began in August 2025.
- From August 2, 2026, the Commission's enforcement powers, the high-risk-system rules, and transparency obligations apply.
- Penalties are serious — administrative fines up to €15 million or 3% of global turnover, rising to €35 million or 7% for prohibited practices.
And it's still moving: in May 2026, the Council and Parliament agreed to simplify and streamline parts of the rules (Consilium). The contrast with the US is instructive: the EU went comprehensive and risk-tiered; the US draft leans lighter and pro-innovation, betting that one flexible national standard beats a thicket of state laws. Most global businesses will have to live under both logics at once.
What it actually means for your business
You don't need a law degree, but you do need a posture. Regardless of where these specific bills land, the regulatory direction in 2026 is clear — and it rewards preparation:
| Do this now | Why |
|---|---|
| Inventory where you use AI | You can't govern what you haven't mapped — list every feature, vendor, and data flow |
| Know your data | Training-data transparency and "does this tool train on our data?" are recurring obligations — see how to choose the right AI tool |
| Risk-tier your use cases | Both frameworks treat a hiring or medical decision very differently from a marketing draft — sort yours the same way |
| **Watch use/deployment rules, not just *development*** | Even the US preemption draft leaves these to states; for most companies, use is exactly what you do |
| Build governance into the workflow | Logging, human review, and transparency are becoming product requirements, not legal afterthoughts — the same discipline behind AI agent security for business |
The throughline: compliance is becoming a feature, not a footnote. The companies that treat "can we explain and document what our AI does?" as a core capability will ship faster when the rules firm up — and they will firm up.
Bottom line
2026 is the year AI regulation stopped being theoretical. A US bill wants to trade a patchwork for a single rulebook; the EU is already enforcing one; and the rest of the world is watching both. As drafted, none of this is settled — so treat today's headlines as a planning signal, not a final answer. Map your AI, mind your data, document your decisions. For the day's other developments, see today's Tech Pulse.
We link primary sources (Congress coverage, the European Commission) so you can verify. This is analysis, not legal advice — the Great American AI Act is a draft, and rules are changing fast; consult a qualified professional for your specific obligations.
