A bipartisan coalition of House lawmakers just dropped one of Congress’s most ambitious attempts to regulate artificial intelligence — and before it’s even out the gate, it’s triggering a partisan brawl over states’ rights, open-source security, and who gets to decide what AI companies can and can’t do.
What’s in the Bill
The 269-page “Great American Artificial Intelligence Act” targets frontier AI developers — companies pulling more than $500 million a year — and would force them to publish detailed risk assessment frameworks. Those frameworks wouldn’t just sit on a shelf. Independent verification organizations (IVOs), certified by NIST’s Center for AI Standards and Innovation (CAISI), would audit them. We’re talking genuine access to company materials, with audit results reported directly back to the government.
The bill formally authorizes CAISI with a $300 million budget across fiscal years 2027-2029 and lets the center hire technical experts above normal government pay caps. That’s a big deal — one of the perennial problems with federal AI oversight has been the inability to compete with private-sector salaries for top talent.
What It Means for Open Source
Here’s where it gets interesting for the security community. The bill would direct CISA to award grants to U.S.-based developers of critical open-source packages — the kind of underfunded maintainers holding together infrastructure that half the internet depends on. Those grants would cover patching, security evaluations, and regular maintenance.
Even more striking: AI firms would be required to give those open-source developers access to advanced AI models capable of finding and fixing vulnerabilities. Given that the open-source ecosystem has been drowning in AI-powered bug reports of questionable quality lately, this could actually move the needle on code security — or it could flood maintainers with even more noise. Execution matters.
The bill also mandates that NIST and the Department of Energy build AI security testbeds — research centers that would evaluate AI model capabilities, probe for weaknesses, and even organize public hackathons against the models. The Government Accountability Office would audit how well AI model weights are protected and assess the overall security posture of the open-source ecosystem.
Why It’s Controversial
The bill’s preemption clause — wiping out state-level AI regulations in favor of a single federal framework — has drawn fire from almost every direction. Civil society groups, AI safety advocates, labor unions like the AFL-CIO, and the attorneys general of multiple states have pushed back hard. One advocacy group called it “a generational mistake” to prevent states from responding to emerging AI harms.
Democrats on Capitol Hill are split: some support the bill’s regulatory backbone but hate the preemption language. Republicans are worried that any regulation heavy enough to satisfy safety advocates will crush innovation. The divide is sharp enough that the bill’s path through the House is genuinely uncertain.
What to Watch
The bill is still a discussion draft — not yet formally introduced. That means there’s room for negotiation, and the preemption clause is the most likely battleground. If it survives intact, it would centralize AI governance at the federal level in a way that fundamentally changes how companies deploy and document their models. If it gets stripped out, the whole regulatory framework could lose teeth. Either way, the message from Congress is clear: AI regulation isn’t a question of “if” anymore. It’s a question of who writes the rules.
The cosponsors — Reps. Jay Obernolte (R-CA), Lori Trahan (D-MA), Suhas Subramanyam (D-VA), Scott Franklin (R-FL), Scott Peters (D-CA), and Erin Houchin (R-IN) — will spend the next weeks gauging whether they have the votes. Watch for markups and amendments in July.
