Across The Industry June 2, 2026 · Policy, Regulation & AI Industry Developments
POLICY & REGULATION
Tags: News | United States Date: June 2, 2026
Trump signs AI cybersecurity executive order establishing voluntary frontier model review and Treasury-led clearinghouse
On June 2, 2026, President Trump signed an executive order titled “Promoting Advanced Artificial Intelligence Innovation and Security,” directing federal agencies to establish a framework for the secure deployment of frontier AI models, including a process by which developers would voluntarily provide the government with early access to models for up to 30 days before releasing the technology to other trusted partners. The order asks AI companies to voluntarily submit their most powerful models for the government to test, directs federal agencies to develop benchmarks to assess AI models’ cyber capabilities, and creates an AI cybersecurity clearinghouse to review and share information on vulnerabilities. Section 2 directs the Secretary of the Treasury, in consultation with the national cyber director and the directors of NSA and CISA, to form the clearinghouse within 30 days to coordinate scanning for software vulnerabilities, validate them, and prioritize remediation and patch distribution.
The order comes as policymakers, infrastructure operators, and cybersecurity experts have raised concerns over the vulnerability-finding capabilities of frontier models such as Anthropic’s still-private Claude Mythos, and two weeks after Trump scrapped an earlier version following industry pushback. After several abrupt reversals that played out in public reports, the administration opted for an oversight model that falls short of a mandatory pre-deployment government approval regime. The designation of Treasury as the lead agency, rather than a security-focused department, is a notable structural choice that signals a key role for the financial services sector. Industry response was favorable, with Google, OpenAI, and Microsoft executives publicly endorsing the voluntary approach.
The order establishes no binding compliance obligation on private developers; the framework depends on voluntary industry participation. Organizations operating critical infrastructure, particularly in financial services, should assess whether participation in the AI cybersecurity clearinghouse aligns with their existing vulnerability disclosure and threat intelligence programs. The 30-day clearinghouse formation deadline and the voluntary 30-day model access window are the two near-term structural elements to monitor as implementation begins.
Source: https://www.cybersecuritydive.com/news/trump-ai-security-executive-order/821755/
Tags: News | United States Date: May 29, 2026
Vermont legislature passes Connecticut-modeled consumer privacy bill as Connecticut enacts data broker registry and geolocation sale ban
Vermont’s legislature passed S 71 on May 29, 2026, the final day of session, with the Senate voting by voice to concur with the House-passed version; the bill is largely based on the 2025 version of Connecticut’s consumer data privacy law and now moves to Governor Phil Scott for consideration. Vermont’s legislature also passed a separate bill amending the state’s data broker law. This marks the second time in three years Vermont’s legislature has passed a comprehensive privacy bill; Governor Scott vetoed the prior version in 2024 and the Senate lacked the votes to override. This year’s bill is more business-friendly than its predecessor and tracks closely with Connecticut’s established framework.
Connecticut Governor Ned Lamont separately signed Senate Bill 4 into law, which prohibits the sale of consumers’ precise geolocation data and enables residents to delete their information from registered data brokers with a single request; the law goes into effect on October 1, 2026. Connecticut becomes the second state in the nation with a Delete Act-style mechanism after California, and joins Maryland, Oregon, and Virginia in banning the sale of precise geolocation information. SB 4 builds on the Connecticut Data Privacy Act, the 2023 law that extended baseline privacy rights to consumers, and establishes a state-run data broker registry alongside the centralized deletion mechanism.
Vermont’s bill still requires the governor’s signature, and the prior veto history warrants close monitoring. Connecticut’s SB 4 creates a hard October 1, 2026 effective date. Organizations that sell precise geolocation data, process genetic data, or operate data broker functions in Connecticut must assess their exposure against the new prohibitions and prepare for the data broker registry, which the law schedules to launch January 1, 2027. The pattern across both states confirms that Connecticut’s framework has become the de facto model for state privacy legislation, and organizations should treat compliance with that framework as the baseline for multi-state privacy programs.
Source: https://www.troutmanprivacy.com/2026/05/proposed-state-privacy-and-ai-law-update-june-1-2026/
Tags: News | United States Date: May 31, 2026
Illinois legislature passes frontier model and AI chatbot safety bills before session closure; California advances nine AI bills through a chamber
Illinois lawmakers were active heading into the legislature’s May 31 closure date: the Senate passed a consumer data privacy bill, two chatbot bills (the Consumer AI Notice Act and the AI Companion Model Safety Act), and a frontier model bill (the AI Safety Measures Act), while the House passed the Algorithmic Pricing Transparency Act. In Illinois, SB 340 passed the Senate by a 54-3 vote after a floor amendment converted the bill into a consumer data privacy bill. California lawmakers were extremely active over the same period, with the Senate passing a bill to amend the state’s data broker law to shorten its time periods to 30 days from 45, two chatbot bills, a bill to amend the state’s AI Transparency Act, an employment AI bill, and two health care AI bills; the House also passed a bill to amend the AI Transparency Act and a health care AI bill. TekClarion
The Illinois AI Safety Measures Act, if enacted, would establish the first Midwest state-level governance framework specifically targeting frontier AI model developers, paralleling the structure of California’s existing Transparency in Frontier AI Act. The volume of activity reflects compressed legislative calendars: multiple state sessions reached chamber-of-origin deadlines in late May, accelerating bill movement across Illinois, California, and New York simultaneously. New York lawmakers also advanced several bills as that legislature’s June closure date approached. TekClarion
None of these bills is enacted law; each requires passage in the opposite chamber and gubernatorial signature. Organizations operating in Illinois should evaluate whether the AI Safety Measures Act’s frontier model definition would capture models they develop or deploy, as its obligations would represent a material expansion of the state’s AI regulatory footprint. The parallel chatbot safety bills in Illinois and California signal a converging legislative focus on AI companion products and consumer-facing disclosure requirements that is likely to produce enacted law in at least one jurisdiction before year end.
Source: https://www.troutmanprivacy.com/2026/05/proposed-state-privacy-and-ai-law-update-may-25-2026/
AI INDUSTRY
Tags: News | Industry Date: June 1, 2026
Anthropic files confidential S-1 with the SEC at $965 billion valuation, becoming the third trillion-dollar AI IPO candidate of 2026
Anthropic, the AI lab behind Claude, filed confidentially for an initial public offering on June 1, 2026, submitting a draft registration statement to the SEC; the company has not yet listed the number of shares or set the price, and stated the offering will depend on market conditions and other factors. The filing comes less than a week after Anthropic raised $65 billion in a Series H funding round that pushed its valuation to $965 billion, co-led by Altimeter Capital, Dragoneer, Greenoaks, Sequoia Capital, Capital Group, Coatue, and D1 Capital Partners. The company’s revenue run rate has ballooned to $47 billion, up from $10 billion in annual revenue last year, and its $965 billion valuation tops OpenAI, which was valued at $852 billion in late March. Holland & Knight
Anthropic is expected to be one of three trillion-dollar debuts on the stock market this year, alongside SpaceX and OpenAI; SpaceX filed to go public in April and OpenAI filed confidentially in late May. SpaceX submitted its confidential filing on April 1 and disclosed its public prospectus on May 20, a sequence that indicates the timeline Anthropic’s filing may follow. Anthropic’s growth has prompted a number of major infrastructure deals, including an agreement with SpaceX to use available compute at its Colossus 1 data center in Memphis, Tennessee. The company also remains in ongoing litigation against the Trump administration over a February 2026 Department of Defense order that blacklisted its technology. Kiteworks
A confidential S-1 filing begins the SEC review process without immediate public disclosure; the full prospectus must reach investors at least 15 days before the roadshow begins. The risk factor disclosures in that eventual public filing will constitute the most detailed regulatory, competitive, and financial risk assessment Anthropic has produced. Organizations conducting vendor due diligence on Claude or Claude Code, or evaluating multi-year Anthropic commitments, should treat the public S-1 release as a required input to their vendor risk assessments. The ongoing DOD blacklisting litigation should be monitored as a material contract and continuity risk factor ahead of any listing.
Source: https://techcrunch.com/2026/06/01/anthropic-files-to-go-public/
Tags: News | Industry Date: May 27, 2026
DataGrail report finds majority of AI-enabled software vendors fail to disclose third-party AI subprocessors, creating widespread shadow AI exposure
DataGrail released its Privacy and AI Trends Report 2026 on May 27, 2026, its fifth annual benchmark study, drawing on AI tracking for 2,400 leading business systems, a consent compliance audit of 5,000 popular websites, and anonymized privacy operations data from hundreds of enterprise customers. The San Francisco-based privacy platform found that 63.6% of vendors that prominently advertise AI capabilities do not disclose a third-party AI subprocessor in their legal documentation, meaning the majority of companies purchasing AI-enabled software may be unknowingly exposing their customers’ data to AI models and pipelines they never reviewed or approved. State legislatures enacted 145 AI-related laws in 2025 alone, and 32.8% of AI systems participate in at least one high-risk activity such as sensitive data processing or automated decision-making. Contra Costa News
Among AI systems with self-reported risk factors, 47.1% process personal data and 20.7% have the potential to power automated decision-making. DataGrail CEO Daniel Barber noted that all software vendors are trying to become AI vendors, but the technologies are moving faster than AI governance can keep up. The central finding is that the data processing agreement, the contract organizations rely on to evaluate how vendors handle personal data, can no longer be taken at face value when a majority of AI vendors omit their subprocessors from that documentation. The report frames shadow AI as a critical new threat vector that traditional risk management processes are not designed to catch. YouTubeYouTube
Organizations must treat vendor data processing agreements as insufficient on their own for AI subprocessor assessment. The disclosure gap means standard contractual due diligence will miss the AI pipelines processing organizational data in a majority of cases. Organizations should expand vendor risk assessment procedures to require explicit, affirmative disclosure of all AI subprocessors, rather than relying on what appears in the DPA, and should treat any AI-enabled vendor that cannot produce a complete subprocessor list as an unquantified risk. This finding maps directly to existing obligations under GDPR, the EU AI Act, and state privacy laws that require knowledge of downstream data processing.
