Órdenes Ejecutivas de IA en Estados Unidos
Resumen ejecutivo
Why «Trump deregulated AI» is the wrong reading
The most common framing of US AI policy after January 2025 says that the Trump administration deregulated artificial intelligence — revoked the Biden order, eliminated safety oversight, and stepped back from federal AI rules. The framing is partially correct and structurally misleading. Federal AI policy is more active in 2026 than at any prior point. What changed is not the level of federal activity but the orientation of it.
The dominant narrative reads the Trump approach as a return to the absence of federal AI rules. The reading misses the institutional logic. The Biden EO 14110 framework was safety-first: it required safety testing for the most powerful AI systems, established a federal AI safety apparatus, and articulated risk-based oversight for high-impact uses. The Trump EO 14179 framework is dominance-first: it explicitly states that the policy of the United States is to «sustain and enhance America’s global AI dominance in order to promote human flourishing, economic competitiveness, and national security,» and characterizes Biden-era requirements as barriers to that dominance. The shift is not from regulation to non-regulation. It is from one regulatory orientation to another, with the federal apparatus reoriented around the new orientation.
What the US AI regime actually is, then, is a regime defined by three layers operating in deliberate tension. The first layer is the executive-order architecture: Trump EO 14179, the AI Action Plan, the supplementary EOs on data centers, AI exports, federal procurement, education, infrastructure, and state preemption. This layer is fast-moving and deliberately built to be reversible — executive orders can be revoked by successor administrations, as Biden EO 14110 was. The second layer is the surviving Biden infrastructure: EOs 14141 and 14144, the bipartisan AI Task Force work, NIST’s AI Risk Management Framework, sectoral statute, and existing federal regulator AI guidance. This layer is more durable because it predates and outlasts any single administration. The third layer is state AI legislation: Colorado AI Act, NYC Local Law 144, Utah AI policy, California AI initiatives, and the 1,000-plus state AI bills introduced through 2025 and into 2026. This layer is now in active confrontation with the federal layer, with the December 2025 Trump EO establishing an AI Litigation Task Force specifically to challenge state AI laws.
This design has three structural consequences. First, the federal layer is genuinely activist — the AI Action Plan identifies over 90 specific federal policy actions, the supplementary EOs implement many of them, and the state preemption push represents a deliberate expansion of federal authority over AI policy, not a contraction. Second, the surviving Biden infrastructure means that not all Biden-era AI policy was rolled back. EO 14141 on AI Infrastructure remains operative; the cybersecurity EO 14144 remains operative; NIST’s AI RMF is being revised but not eliminated. Third, the federal–state tension is now the principal stress in the system. State legislatures are responding to perceived federal abdication on AI risk by passing their own laws; the federal administration is responding to perceived state overreach by attempting to preempt them through executive action. The outcome of this tension will shape the operational AI compliance environment in the United States for the rest of the decade.
For organizations operating in the US AI market, the implication is that there is no single federal AI compliance regime to track. There are three layers, all live, operating in tension, with the relevant compliance posture determined by which combination of layers applies to the specific AI activity in question.
—
What is currently in force
The US federal AI regime as of May 2026 has six interlocking parts.
Trump EO 14179 — Removing Barriers to American Leadership in AI. Signed 23 January 2025. The eponymous executive order. Establishes the dominance-first policy direction; instructs heads of agencies to identify and roll back actions taken under the rescinded Biden EO 14110 that may be inconsistent with the new policy; directs OMB to revise Memos M-24-10 and M-24-18 (which had governed federal AI procurement and use under Biden) within 60 days; mandates the development of an AI Action Plan within 180 days. The order does not itself impose specific obligations on private actors; it is the architectural document for the rest of the regime.
«Winning the Race: America’s AI Action Plan.» Released 23 July 2025. The 25-page policy document that translates EO 14179 into 90+ specific federal policy actions across three pillars. The Plan was developed by the White House Office of Science and Technology Policy (OSTP) following over 10,000 stakeholder comments on the Federal Register RFI. It is the operational blueprint of the regime. The Plan includes the directive to revise NIST’s AI Risk Management Framework to remove references to diversity, equity, and inclusion concepts — a substantive change to the most widely-used federal AI governance reference (now reflected in updated NIST guidance).
The supplementary July 2025 EOs. Three additional EOs signed on 23 July 2025 alongside the Action Plan release:
- Preventing Woke AI in the Federal Government — mandates that federal agencies procure only AI models that are «truth-seeking and ideologically neutral,» with OMB guidance to be issued by November 2025 and agency adoption of procedures within 90 days thereafter.
- Accelerating Federal Permitting of Data Center Infrastructure — expedites environmental permitting for qualifying data center and energy infrastructure projects within 180 days.
- Promoting the Export of the American AI Technology Stack — establishes the American AI Exports Program for full-stack AI technology export packages (hardware, models, software, applications, standards) by 21 October 2025.
The April 2025 EOs on AI workforce and education. EOs 14277 (Advancing Artificial Intelligence Education for American Youth) and 14278 (Preparing Americans for High-Paying Skilled Trade Jobs of the Future), both signed 23 April 2025. Establish federal commitment to AI literacy, K-12 and post-secondary AI education, and workforce transition support.
The December 2025 state preemption EO. Signed in December 2025, this order directs the Attorney General to establish an AI Litigation Task Force to challenge state AI laws on constitutional or preemption grounds. It directs the Secretary of Commerce to evaluate state AI laws conflicting with national AI policy and withhold non-deployment Broadband Equity Access and Deployment (BEAD) funding from states with such laws. It instructs the FTC and FCC to assess whether state laws forcing AI companies to embed DEI may constitute deceptive practices under the FTC Act, and calls for the development of a national AI legislative framework to preempt state AI laws.
Surviving Biden EOs. EO 14141 (Advancing US Leadership in AI Infrastructure, 14 January 2025) and EO 14144 (Strengthening and Promoting Innovation in the Nation’s Cybersecurity, 16 January 2025) remain operative. EO 14141 establishes federal land leasing arrangements for AI data centers, with the Department of Defense and Department of Energy coordinating site availability. EO 14144 strengthens cybersecurity defenses with provisions on AI-enabled cyber defense and software/cloud security. Neither was rescinded in the January 2025 Initial Rescissions EO.
In parallel, sectoral federal regulators — FTC, FCC, EEOC, HHS, FDA, SEC, OCC, FINRA, others — continue applying existing law to AI use cases in their domains. Federal preemption of state AI laws does not, at present, eliminate state common law liability for AI-related harms or sectoral state regulatory authority where federally preserved.
—
The state layer and the federal–state tension
State AI legislation is the second axis of the US AI regime. It exists because, in the absence of comprehensive federal AI statute, states have stepped into perceived regulatory gaps. By early 2026, more than 1,000 state AI bills had been introduced, with a smaller number enacted into law. The most operationally significant include:
- Colorado AI Act (SB 24-205) — enacted May 2024, originally scheduled to take effect February 2026, delayed to June 2026 by August 2025 amendments. The first comprehensive state AI law in the United States. Imposes obligations on developers and deployers of high-risk AI systems to use reasonable care to prevent algorithmic discrimination, with detailed disclosure, risk management, and consumer notification requirements. Treated in detail in our Colorado AI Act reference page.
- NYC Local Law 144 — effective July 2023. Requires bias audits for automated employment decision tools (AEDTs) used in hiring or promotion decisions affecting NYC residents. Treated in detail in our NYC LL144 reference page.
- Utah Artificial Intelligence Policy Act (S.B. 149) — effective May 2024. Creates AI disclosure obligations for regulated occupations and establishes an Office of Artificial Intelligence Policy.
- Texas, Tennessee, California, Illinois, Massachusetts — various AI-specific statutes addressing deepfakes, AI in elections, AI in employment, AI in healthcare.
- California — multiple proposed AI bills including SB 1047 (vetoed by Governor Newsom in 2024) on frontier AI safety; subsequent narrower bills enacted on AI transparency in elections and AI use in healthcare.
The December 2025 Trump EO is the federal response to this state layer. It establishes mechanisms — the AI Litigation Task Force, BEAD funding conditioning, FTC Act analysis of state-mandated AI behavior — designed to either preempt state AI laws or to make state AI laws costly enough to discourage their enactment. The political tension is open. The One Big Beautiful Bill Act, signed by President Trump on 4 July 2025, originally included a 10-year moratorium on state AI legislation; the Senate removed the moratorium by near-unanimous vote, signaling that bipartisan concern about exclusive federal control over AI policy survives the administration change.
For organizations operating in the US AI market, the practical implication is that state AI law remains enforceable until federal preemption is established by statute or upheld in litigation. State AI law compliance work continues alongside federal AI Action Plan tracking; the two layers operate independently, with federal–state preemption disputes resolving on a case-by-case basis through litigation.
—
The international dimension
The US AI regime has substantial international components, all of which continue to operate even as the federal posture has reoriented.
Council of Europe Framework Convention on AI. The United States was an initial signatory on 5 September 2024. The Convention entered into force on 1 November 2025. US ratification through Senate advice and consent has not occurred and is not expected in the near term. Convention obligations apply to the United States as signatory; their domestic implementation depends on Senate ratification or presidential interpretation.
G7 Hiroshima Process. The US is G7 member and active participant. US frontier AI developers are direct addressees of the Hiroshima International Code of Conduct and engage with the OECD-hosted Reporting Framework. The Trump administration has not withdrawn from the Hiroshima Process; the framework’s voluntary structure aligns with the dominance-first orientation in that it emphasizes industry-led practice rather than binding regulation.
Paris AI Action Summit (February 2025). The US, with the United Kingdom, declined to sign the declaration promoting «inclusive and sustainable» AI endorsed by 60 other countries. The non-signature reflected the new administration’s caution about AI declarations whose substantive content might constrain frontier AI development.
AI Safety Institute (US AISI). Established in 2023 under Biden as part of the broader international AI Safety Institute network. Continues to operate as part of NIST. The Trump administration has not eliminated AISI, but its posture has shifted toward national security and frontier capability evaluation rather than the broader safety-research orientation that characterized its early period.
American AI Exports Program. Established by the July 2025 supplementary EO. Coordinates federal financing tools to support US AI export packages globally, with priority designations for full-stack technology bundles (hardware + models + software + applications + standards). The program is the offensive mirror of the Council of Europe Convention’s defensive rights-based posture: it actively projects US AI technology globally rather than constraining it.
Strategic competition with China. The export control and supply chain dimensions of the regime — Section 232 actions on critical minerals, semiconductor export restrictions, the Stargate $500B private infrastructure investment announced in January 2025 — are policy substance not visible in any single AI-titled EO but central to how the federal regime operationalizes «AI dominance.»
—
Sectoral federal regulator activity
Sectoral regulators continue to apply existing law to AI use cases in their domains, with adjustments reflecting the federal posture change.
Federal Trade Commission (FTC). Active on AI deception, bias, and consumer protection. The Trump December 2025 EO directs FTC to assess whether state AI laws forcing companies to embed DEI may constitute deceptive practices, signaling FTC’s continued role as the principal federal AI consumer-protection enforcement body.
Equal Employment Opportunity Commission (EEOC). Continues applying Title VII and other employment discrimination statute to AI use in hiring, promotion, and employment decisions. Disparate impact liability under Title VII was codified by Congress in 1991 and is enforceable through private litigation regardless of federal enforcement priorities.
Department of Health and Human Services (HHS) and Food and Drug Administration (FDA). AI in healthcare, AI as Software as Medical Device (SaMD), and AI clinical decision support continue under existing FDA frameworks. The Bipartisan AI Task Force December 2024 report on AI in healthcare remains a reference point for sectoral policy.
Securities and Exchange Commission (SEC) and financial regulators. AI in trading, AI in financial services, AI in broker-dealer activity, and AI in disclosure are addressed under existing securities and prudential regulation.
National Institute of Standards and Technology (NIST). Continues to maintain the AI Risk Management Framework, Generative AI Profile (NIST AI 600-1), and the broader AI standards work. The Action Plan directive to remove DEI references from the AI RMF was implemented in updated NIST guidance. NIST also operates the US AI Safety Institute.
Federal Communications Commission (FCC). The Trump December 2025 EO assigns FCC a role in evaluating whether state AI laws forcing AI companies to deceive consumers warrant federal preemption.
—
Intersections with other regimes
Five intersections shape how the US AI regime operates within the broader international architecture.
EU AI Act. US AI providers placing systems on the EU market are subject to the AI Act regardless of US regulatory status. The Trump administration has not withdrawn from international AI standards work, but the dominance-first orientation creates structural divergence with the AI Act’s risk-based protective approach. Multinational US tech firms operate under both regimes, with the AI Act’s General-Purpose AI obligations applying to their EU-deployed systems.
Council of Europe Framework Convention on AI. US is initial signatory; the Convention entered into force November 2025. Convention obligations are not directly enforceable in US domestic law without Senate ratification, but they shape international expectations and the conduct of US firms operating in Convention Parties.
G7 Hiroshima Process. US frontier AI developers engage with the OECD-hosted Reporting Framework. The framework’s voluntary character aligns with the Trump dominance-first orientation; the US continues active participation.
OECD AI Principles. US adheres. The OECD AI system definition is the federal default reference, including in NIST publications and EU AI Act-compatible documentation produced for the EU market.
State AI laws. The federal–state tension is the most operationally consequential intersection. State AI law remains enforceable until federal preemption is established. The December 2025 EO and the planned national AI legislative framework signal sustained federal effort to preempt; bipartisan Senate resistance to the One Big Beautiful Bill Act moratorium signals limits on that effort.
—
## ⚖️ How Zertia operates within the US AI regulatory regime
Built for US federal AI compliance from day one
Accreditations and memberships: 🎖️ ANAB-accredited (US) · 🎖️ UKAS process (UK) · 🎖️ ENAC process (EU) · 🏛️ IAPP member · 🏛️ INCITS member · 🏛️ UKAI member · 📜 EU AI Pact signatory
Zertia is an ANAB-accredited AI management system certification body, with offices in Boston, Madrid, and London, and ANAB accreditation in the United States. The US AI regime’s three-layer structure — federal executive orders, surviving Biden infrastructure, and state AI legislation — makes accredited certification, NIST AI RMF attestation, and standards-based assurance operationally central to how US organizations demonstrate AI accountability across multiple regulatory layers.
Certification — ISO/IEC 42001, AIUC-1, ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 22301. ISO/IEC 42001 certification provides the management system structure that satisfies state AI law obligations on AI risk management (Colorado AI Act), federal AI procurement requirements where applicable, and EU AI Act compliance for US firms with EU exposure. AIUC-1 provides agent-level technical assurance for US AI vendors deploying agents into Fortune 1000 procurement environments where state AI law and federal procurement standards apply simultaneously. Zertia’s ANAB accreditation is recognized across the United States, including for state AI law compliance evidence where state regulators recognize ISO accreditation.
Regulatory frameworks — EU AI Act Conformity Assessment, NIST AI RMF Attestation, ISO/IEC 23894 Risk Assessment, Algorithmic Impact Assessment, Pre-Certification Assessment. NIST AI RMF Attestation is operationally central in the US: NIST’s framework remains the federal AI governance reference even after the AI Action Plan’s directive to remove DEI references, and is recognized by Colorado AI Act, several other state AI laws, and federal procurement guidance as an acceptable AI risk management framework. Algorithmic Impact Assessments are structured to satisfy state AI law disclosure requirements (Colorado, Utah, NYC LL144 for AEDTs) alongside federal sectoral regulator expectations.
Audit — AI Management System audits, High-Risk AI System audits, AI Model audits, EU AI Act audits, NIST AI risk audits. Independent audits structured to support state AI law compliance, federal sectoral regulator engagement (FTC, EEOC, FDA, SEC, OCC), AISI voluntary evaluation engagement for frontier-adjacent organizations, and EU AI Act compliance for US firms with EU market exposure.
Training — AI Governance, Data Governance, Privacy Governance through Zertia Academy. Programmes treat the US regime explicitly, including the three-layer structure, the federal–state tension, the surviving Biden infrastructure, and the practical implications of operating across multiple state AI laws simultaneously. Particularly relevant for US-based legal, compliance, and risk teams positioning AI governance work for Fortune 1000 procurement, AI-native vendor compliance, and Big 4/GRC consulting engagements.
Zertia operates from Boston, Madrid, and London, with ANAB accreditation in the United States and active accreditation processes with UKAS (United Kingdom) and ENAC (Spain/EU). Member of IAPP, INCITS, and UKAI. Signatory to the EU AI Pact.
🎯 Take action
🔍 Diagnose your gap 📊 Build the federal-ready evidence NIST AI RMF Attestation → ISO/IEC 42001 Certification → Independent attestation against NIST AI RMF outcomes, calibrated to OMB and federal procurement expectations across the surviving Biden EOs and the Trump federal layer. The accredited management system that gives federal contractors and regulated-sector deployers a defensible governance backbone irrespective of the federal regulatory cycle.
—
Regulación que entiendes es regulación que puedes convertir en ventaja competitiva.
¿No estás seguro de si este marco aplica a tu organización? Hablemos.
