There is a moment in the history of financial regulation that keeps surfacing in discussions of AI policy. In 2006, the American mortgage market was packaging questionable assets into products nobody could examine, generating enormous returns, and distributing that correlated risk invisibly through every fund and pension in the country. The box was never opened. Then in 2008, it imploded everywhere at once. This week, a Colorado commentator invoked that analogy to describe what AI systems are already doing inside America's insurance companies, credit unions, and hiring pipelines. A 269-page federal bill arrived the same week, purporting to fix the governance gap. The two events say very different things about what "fixing" means.
The Great American Artificial Intelligence Act of 2026, introduced as a discussion draft by Reps. Jay Obernolte (R-CA) and Lori Trahan (D-MA), is the most ambitious congressional attempt yet to create a federal framework for AI governance. Its strongest provisions target the largest AI developers directly: companies with more than $500 million in annual revenue, a group that currently includes Anthropic, OpenAI, Google DeepMind, and xAI, would be required to publish risk management frameworks, report safety incidents to regulators within 15 days, and submit to semi-annual third-party audits by certified "independent verification organisations." Non-compliance would cost up to $1 million per day.
That audit regime is genuinely novel. The bill would create a new class of licensed auditors authorised to inspect non-public company materials across four risk categories: cybersecurity, biosecurity, chemical and biological radiological and nuclear uplift, and loss-of-control scenarios. To prevent regulatory capture, auditors would be barred from having ties to the companies they monitor. The Center for AI Standards and Innovation, which the bill would formally establish in the Commerce Department with $100 million in annual funding, would certify these organisations and receive their reports. On paper, this is a serious compliance architecture.
The controversy is almost entirely about a different provision. The bill would preempt, for three years, any new state law specifically governing how AI models are developed and built. States would retain the ability to regulate how AI is used in employment, healthcare, consumer protection, and civil rights. What they would lose is the ability to require AI developers to explain their models, disclose their training data, or mark AI-generated content. California's AB 2013 and portions of its AI Transparency Act would be casualties. Similar frontier safety laws in New York and Illinois would be effectively superseded.
The bill's sponsors describe this as creating a "unified national standard" to prevent a "patchwork of fifty state laws" from crippling American AI development. The AFL-CIO, representing 15 million workers, called it a "giveaway to the AI industry." The House Commission on AI and the Innovation Economy, a Democratic body established to develop AI policy expertise, rejected the draft as inadequate on the day it was released. The Senate voted 99-1 last July to strip a similar preemption clause from another bill.
Colorado offers an instructive case study in what that preemption means in practice. Two years ago, Colorado passed Senate Bill 205, a state law requiring companies to explain the reasoning behind consequential AI decisions, not just disclose that AI was involved. A person denied a loan or a job should be able to understand why, in terms specific enough to challenge the outcome in court. In May, the state legislature replaced it with SB 189, a narrower law requiring only that AI's role be described and that an appeals process exist. The actual reasoning, the model logic that could be used to contest a decision, no longer has to be disclosed. "Everybody lost and everybody won," said the bill's sponsor. Colorado blinked before Congress even asked it to.
Adding to the uncertainty: Sriram Krishnan, one of the Trump administration's most influential voices on AI policy, is expected to leave his White House role at the end of June. Krishnan was a technology executive from Silicon Valley who helped shape the administration's AI framework and coordinated policy discussions across agencies. His departure does not signal a change in direction, but it arrives at a moment when the federal AI governance architecture is being actively contested, and the person who helped build it is walking out the door. The question the Great American AI Act will spend the summer trying to answer is whether a federal standard that pauses state accountability mechanisms for three years can be built quickly enough to replace what it takes away. History does not offer obvious reassurance on that schedule.