On June 2, 2026, U.S. President Trump signed an executive order titled "Promoting Advanced Artificial Intelligence Innovation and Security." I wanted to offer some thoughts on what this order does and what it means for information professionals.
This is primarily a cybersecurity order. Its focus is on protecting federal information systems and critical infrastructure from AI-enabled threats, and on creating frameworks for the government to work collaboratively with AI developers on security.
Specifically, the order directs federal agencies to prioritize the cyber defense of government information systems within 30 days. It establishes a voluntary AI cybersecurity clearinghouse, coordinated through the Treasury Department and CISA, to help coordinate scanning for software vulnerabilities, share information about those vulnerabilities, and prioritize remediation. Participation is open to the AI industry and operators of critical infrastructure including rural hospitals, community banks, and local utilities.
The order also creates a process for designating "covered frontier models" — AI models whose advanced capabilities cross a classified benchmark threshold determined by NSA in consultation with other agencies. Under a voluntary framework, AI developers can engage the federal government to determine whether their model meets that threshold, provide early access to covered models before release, and collaborate on identifying trusted partners for early access. The order explicitly prohibits the creation of any mandatory licensing, preclearance, or permitting requirement for developing or releasing AI models.
Finally, the order directs the Attorney General to prioritize enforcement of existing federal criminal statutes against those who use AI to illegally access or damage computer systems or to further other crimes.
The order is narrowly focused on cybersecurity and national competitiveness, which means a number of questions that matter to information professionals working with or within organizations in the U.S. remain unanswered.
There is no guidance on transparency or accountability in AI systems. There are no requirements around disclosure when AI is used in decision-making, no standards for source citations or data provenance, and no framework for auditing AI outputs. AIIM has consistently advocated that these are foundational to responsible AI adoption. As we stated in our 2023 comments to the NTIA, "transparency will be critical to ensuring accountability in AI use. For the public to fully accept and trust AI, consumers must know when, how, and why AI is being used."
There is also no mention of documentation or recordkeeping. For organizations building AI governance programs, the question of what to document, how long to retain it, and how to manage training data as a record remains unresolved at the federal level. We've acknowledged in prior comments to the U.S. Copyright Office that documentation at scale is a real investment — "there are costs for developing and maintaining a record management program" — but that doesn't diminish the need. Documentation is what gives an organization an audit trail and legal footing if questions arise later.
There is still no single universal federal AI law in the U.S. that gives organizations consistent, cross-sector guidance, although the federal government has moved toward a national policy framework. As we noted in our March 2025 response to the OSTP’s request for information on the AI Action Plan, a fragmented regulatory landscape — varying by state or sector — creates compliance burdens that fall hardest on smaller organizations. That concern remains largely unresolved.
Because the U.S. still lacks a single comprehensive federal AI governance framework, organizations are drawing from a patchwork of voluntary frameworks, sector guidance, and international rules. The EU AI Act is the most comprehensive binding AI law in force, using a risk-tiered approach and phased deadlines, including transparency obligations that apply from 2 August 2026. Singapore’s Model AI Governance Framework is a voluntary, principles-based reference, and Singapore released a Model AI Governance Framework for Agentic AI in January 2026. In the U.S., the NIST AI Risk Management Framework remains a leading voluntary baseline for AI governance, and NIST released a concept note in April 2026 for a Trustworthy AI in Critical.
Other frameworks worth noting for information professionals include ISO/IEC 42001, which supports an auditable AI management system; the OECD AI Principles, which provide a widely recognized policy baseline; and the OWASP Gen AI Security Project, which is especially useful for securing generative AI applications. In practice, these work best when paired with strong data governance, because metadata quality, access control, and content classification directly affect AI reliability and risk. Organizations can begin building governance programs now using these frameworks as practical starting points.
The June 2 executive order is a meaningful step for AI-enabled cybersecurity in federal and critical infrastructure contexts. For the information management community, it's a useful development to be aware of, but it doesn't fill the governance gap that practitioners have been navigating for several years. We'll continue to track policy developments and advocate for the kinds of standards and frameworks our community needs to manage AI responsibly and with confidence.
Sources: