Across The Industry June 8, 2026 · Policy, Regulation & AI Industry Developments
POLICY & REGULATION
Tags: News | United States Date: June 4, 2026
House lawmakers release Great American AI Act discussion draft proposing three-year preemption of state AI development laws and semi-annual frontier audits
On June 4, 2026, Representatives Jay Obernolte (R-CA) and Lori Trahan (D-MA) of the House Energy and Commerce Committee released a 269-page discussion draft of the Great American Artificial Intelligence Act, joined by co-sponsors Suhas Subramanyam (D-VA), Scott Franklin (R-FL), Scott Peters (D-CA), and Erin Houchin (R-IN). The draft would preempt state laws that specifically regulate AI model development for three years while preserving state rules on AI use and deployment, and would require large frontier developers with more than $500 million in annual revenue to publish safety frameworks, report critical incidents, and submit to semi-annual third-party audits. It would also codify the Commerce Department’s Center for AI Standards and Innovation and appropriate $100 million per year from 2027 to 2029. Vorys
The draft is organized around four pillars: establishing frontier AI model governance, collecting insight into U.S. workforce changes, fortifying cybersecurity postures, and spurring new AI research and development. The bill places binding requirements on “large frontier developers,” defined as companies with more than $500 million in annual revenue that have trained the most powerful AI models, while states would retain power to regulate the use of AI systems within their borders but lose the ability to legislate on how those systems are built. The draft landed within hours to near-universal rejection from labor unions, consumer advocates, and a formal House Democratic commission; the House Commission on AI and the Innovation Economy stated the document “cannot serve as the basis for productive dialogue.” It arrives days after President Trump’s June 2 executive order establishing voluntary federal review of frontier models.
This remains a discussion draft circulated for stakeholder feedback before formal introduction, and the sponsors have emphasized the possibility of changes. It is not enacted law and imposes no current obligations. Organizations developing frontier models above the $500 million revenue threshold should review the draft’s audit, safety framework, and incident reporting provisions now, as these represent the most detailed federal compliance architecture proposed to date. Organizations relying on state AI laws for regulatory certainty should treat the three-year development preemption as a material risk to the current state-led compliance landscape and monitor the draft’s progress toward formal introduction. The Decoder
Tags: News | European Union Date: June 3, 2026
European Commission adopts Tech Sovereignty Package introducing Chips Act 2.0, Cloud and AI Development Act, and EU cloud sovereignty assurance framework
On June 3, 2026, the European Commission presented the European Technological Sovereignty Package, a set of measures to strengthen Europe’s capacity in semiconductors, artificial intelligence, cloud, and open source. The package includes two legislative proposals, the Chips Act 2.0 and the Cloud and AI Development Act, alongside the Open Source Strategy and a Strategic Roadmap for Digitalisation and AI in Energy. The Commission noted that the European Union currently relies on non-EU countries for over 80% of key digital products, services, infrastructure, and intellectual property, and that reducing this dependency is essential for Europe’s economic strength, security, and competitiveness. OneTrust
The Cloud and AI Development Act introduces an EU Cloud Sovereignty Framework establishing four assurance levels for cloud computing services, based on criteria such as control over the service, control over the supply chain, treatment of data, infrastructure location, and cybersecurity; member states and Union entities would each be required to carry out individual sovereignty risk assessments to determine the appropriate assurance level for different public-sector use cases. The package includes plans to bar cloud companies that fail to meet new EU sovereignty criteria from sensitive government contracts and would grant Brussels emergency powers to prioritize chip production during supply crises, including the ability to override existing commercial agreements. The third pillar, the EU Open Source Strategy, seeks to mitigate vendor lock-in risks and treats open source as a broader governance and industrial policy tool. Global Policy Watch
The package consists of legislative proposals and strategies that require negotiation and adoption before taking effect; it imposes no immediate obligations. Organizations providing cloud or AI services to EU public-sector customers should assess how the proposed four-tier sovereignty assurance framework would classify their services, as failure to meet sovereignty criteria could foreclose access to sensitive government contracts. Non-EU cloud and AI providers in particular should evaluate the supply chain control, data treatment, and infrastructure location criteria against their current architecture, as these will determine eligibility for public-sector work under the framework once adopted.
Tags: Alert | Security | United States Date: June 4, 2026
CISA Trend Micro Apex One remediation deadline arrives as actively exploited zero-day threatens enterprise endpoint security
A relative directory path traversal flaw in Trend Micro’s Apex One platform, tracked as CVE-2026-34926, carried a federal remediation deadline of June 4, 2026, after CISA added it to the Known Exploited Vulnerabilities catalog; the flaw was detected during active exploitation by Trend Micro’s own incident response team. Apex One is a core endpoint security platform used by organizations to defend laptops, desktops, and servers against malware, ransomware, and fileless attacks, making the zero-day especially impactful for enterprises relying on it as a primary security layer; organizations running the on-premises version were urged to apply the available patch without delay. Baker DonelsonBaker Donelson
The same period saw a cluster of active exploitation events: Palo Alto Networks warned that attackers are actively exploiting a PAN-OS GlobalProtect authentication bypass flaw (CVE-2026-0257) against corporate networks beginning May 18 using forged authentication override cookies, with a second wave on May 21, and CISA added that flaw to the KEV catalog on May 29. Separately, the ShinyHunters extortion group published data allegedly stolen from Charter Communications, the telecom operating under the Spectrum brand, in a breach that could affect nearly 5 million people. These events share a pattern: the security tools and network infrastructure organizations depend on for defense are themselves becoming primary targets. Baker DonelsonBaker Donelson
Federal Civilian Executive Branch agencies were required to meet the June 4 Apex One remediation deadline as a binding obligation under Binding Operational Directive 22-01. All other organizations should treat the KEV addition as a prioritized remediation signal and patch on-premises Apex One installations immediately. Organizations running Palo Alto GlobalProtect should apply patches and audit VPN logs for forged authentication override cookies. The Charter breach reinforces that organizations must assess third-party telecom and vendor exposure as part of their own incident response planning, since downstream data compromise can occur entirely outside their direct control.
AI INDUSTRY
Tags: News | Industry Date: June 4, 2026
Anthropic discloses Claude authored over 80% of its production code in May, urges coordinated industry framework to pause runaway self-improvement
In one of the most striking disclosures of the year, Anthropic revealed that more than 80% of the code merged into its production codebase in May 2026 was authored by Claude, its own AI model. The disclosure was framed as a warning rather than a milestone: Anthropic is now urging all frontier AI labs to agree on a coordinated way to slow or pause development if advanced AI systems begin improving themselves faster than society can manage. The company argued that unilateral action would not be enough, and that any pause would require verification, shared rules, and participation from all major labs. Gunster
The disclosure landed in the same week Anthropic confirmed its position as the world’s most valuable AI startup at a $965 billion post-money valuation following a $65 billion Series H, and confidentially filed its S-1 with the SEC on June 2 to begin its path to an IPO. The juxtaposition is consequential: a company demonstrating that its own AI now writes the substantial majority of its software is simultaneously asking competitors to agree on guardrails against exactly that dynamic accelerating beyond control. The proposal reflects a recurring tension in frontier AI governance, where the labs with the most advanced self-improving systems are also the ones calling for coordinated restraint. Gunster
For organizations, the disclosure carries two practical signals. First, AI-authored code is moving from assisted development to majority authorship at frontier labs, which raises questions about code provenance, security review, and supply chain assurance that organizations adopting AI coding tools should incorporate into their own development governance. Second, the call for a coordinated pause mechanism, while voluntary and unrealized, signals that the pace-of-capability question is now an explicit industry concern; organizations with long-term AI vendor dependencies should monitor whether such coordination materializes, as it would directly affect model release cadence and capability availability.
Tags: News | Industry Date: June 4, 2026
Companion Sectoral AI Governance Act introduced as competing federal framework, signaling divergent congressional approaches to AI oversight
On June 4, 2026, alongside the Great American Artificial Intelligence Act, Representative Sarah Jacobs (D-CA) introduced the Sectoral AI Governance Act of 2026, presenting a competing vision for how the federal government should structure AI oversight. The Society for Human Resource Management, responding to both proposals, noted that as AI continues to reshape the workplace, the two represent important contributions to the national conversation about how to foster innovation, support workers, and provide clarity for employers. The simultaneous release of two distinct frameworks underscores that Congress has not coalesced around a single regulatory model, even within bipartisan efforts. US EPAUS EPA
The two bills reflect a structural disagreement over the architecture of federal AI regulation. The Obernolte-Trahan approach centers on horizontal frontier model governance with broad federal preemption of state development laws, while the Sectoral approach, as its name indicates, favors governing AI through existing sector-specific regulatory channels rather than a single overarching framework. This mirrors a longstanding divide in technology policy between comprehensive horizontal regulation and use-case-specific vertical regulation. SHRM indicated it was encouraged by themes across both proposals that align with workplace AI principles, including recognition that AI requires a thoughtful federal policy framework. US EPA
Both measures are early-stage proposals, and neither imposes current obligations. The existence of competing frameworks signals that federal AI legislation remains unsettled and that the eventual structure, whether horizontal or sectoral, will materially shape compliance obligations. Organizations should avoid building compliance programs around any single proposed federal framework at this stage. The more productive posture is to maintain compliance with currently enforceable state laws while tracking which federal model gains legislative momentum, since the horizontal and sectoral approaches would impose substantially different obligations on developers and deployers.
