The administration’s new AI framework includes something the government hasn’t had before

"As tech is being developed and as tech changes, the development changes quickly and companies are interested in getting to market," said Alex Hastings

Interview transcript

Terry Gerton It has been a little over a month since the executive order Promoting Advanced Artificial Intelligence, Innovation and Security was released. So now that folks have had some time to live with it, what is this EO really doing? What do you think the key takeaways are from this executive order?

Alex Hastings So Terry, the EO really does two things, and it’s a really interesting development, and I think it’s good both for the government as well as for industry. The EO does first, it creates a foundation for an AI cybersecurity clearinghouse for the assessment of frontier AI models. And the other thing it does, which isn’t getting as much attention, but I think is equally important, is it directs executive agencies to assess and continue to develop the development of AI capabilities for government use and critical infrastructure operators. So think about rural hospitals, community banks, local utilities, things like that.

Terry Gerton For a long time, the government approached technology by regulating it after the fact. This executive order tends to lean in the other direction, working with companies while the technology is still being developed. What do you think changed that made this earlier, closer collaboration feel necessary?

Alex Hastings Well, you know, talking to people in industry, it’s a welcome change, and it’s a change that I think needed to happen and potentially not soon enough because, you know, as tech is being developed and as tech changes, the development changes quickly and companies are interested in getting to market, getting to business, getting to consumers and meeting the demand. And, you know, as regulatory attorneys, regulatory policymakers know well, sometimes regulations can’t keep up with that as hard as they may try. And so by taking this approach where, you know, regulation may come after the fact, it helps to ensure that government is collaborating with industry, is being kept informed, is working with industry, but allows tech companies to continue to develop and go to market at speed.

Terry Gerton So the order sets up this voluntary framework for working with companies who are developing these frontier models. And it has the idea that companies will provide the government access to those models before they’re released. How do you see that actually playing out on the ground?

Alex Hastings So there’s a lot of considerations, I think, and questions that the executive order leaves open as to how this will play out in practice. One of those questions, or several of those questions, include how companies are going to structure their collaborations with the government, including confidentiality considerations, cybersecurity considerations, if they’re providing their frontier models to the government, insider risk, intellectual property is another one. All of these are issues that I think before any model is shared with the government or any collaboration occurs, you know, need to be thought through by a developer. They’re solvable issues, to be clear, but they’re issues that the executive order leaves open and I think need to carefully considered by a developer. But once those issues are considered and agreed to with the government, there’s then an opportunity to collaborate as the government looks through and considers the frontier models. And I think that on a going forward basis, it provides an opportunity for the government to assess these in a voluntary way to work with industry to identify certain cybersecurity or national security threats that could be presented by certain frontier models in a way that, again, allows industry to collaborate with the government outside of traditional regulatory models.

Terry Gerton Alex Hastings is a partner at Morgan Lewis. So Mr. Hastings, one of the contention points as this EO was under development was how long the government would get access to these models in advance. There was a 90-day window that is now 30 days. And you also just mentioned a lot of concern that these AI models may present in terms of national security. As complex as they are, is that 30-day window enough to identify even jointly, the risks, the security risks that may be inherent here?

Alex Hastings I think this is an evolving framework. I think CISA and others will have to consider what is possible within 30 days. It goes back to the beginning of our conversation in which this technology is rapidly developing. Whereas a 90-day model may have presented certain benefits, a 30-day models allows the government to see the frontier model at a state when it’s closer to the release date. And so I think there’s certain benefits to a 30-day model. And it also allows for developers who may not have been able or willing to agree to a 90-day to participate in a 30 day model. So I think they’re certain trade-offs to the length of time. And I think that the 30 days was what was able to be agreed to here.

Terry Gerton There are a variety of groups of stakeholders that have vested interest in how this plays out. Can you walk us through how different groups are seeing this? You’ve mentioned developers a couple of times. You mentioned critical infrastructure operators, even the government agencies themselves. How are all of those different interests and insights going to be able to be kept in balance as this moves forward?

Alex Hastings I think that’s important consideration because there’s so many stakeholders in assessing the frontier models and considering how they are going to be evaluated. As a threshold matter, considering the importance of assessing these as they come to market, we’ve seen already some of these AI models that are capable of red teaming at scales that far exceed human capabilities. So there’s no doubt that, you know, many of these stakeholders, whether they’re developers or federal agencies or, you know the public are aligned at least at some level on the importance of ensuring that there’s a level of safeguarding national security in the release of these frontier models. And so the question then becomes how to evaluate them to protect that national security while also ensuring that we safeguard the confidentiality and the intellectual property rights and the innovation of industry. And so this sort of framework that’s been created at least initially seems to present a good baseline by which we can explore how to do that in a voluntary way.

Terry Gerton The critical infrastructure providers here seem to be a really unique group. In many cases, they are decentralized, could be even small operators, maybe don’t have the big cyber security internal operations that would help them take on both the risks and the benefits of these frontier models. How do you see them getting involved here?

Alex Hastings So the critical infrastructure operators are an important part of this executive order. And to some extent they’ve been lost in the discussion and I think it’s important to raise them because whether it’s a rural hospital or a utility company or some other part of our critical infrastructure, they stand to benefit as well. And one of the ways that they can stand to benefit is the portion of this executive order that directs executive agencies to evaluate and assess where certain parts of AI related to cybersecurity can be opened up and made available to critical infrastructure providers, because that’s a potential vulnerability or an area that could be better bolstered in our national security infrastructure. And in fact, another area of the EO that’s interesting that could benefit these critical infrastructure providers is the directive in the EO to OMB to look for federal grant funding that may be available to support AI for these providers as well. So while the frontier model collaborative process is probably the most important and sort of newsworthy portion of the EO, the support to some of these critical infrastructure operators and the opportunities it creates for them is also an important point not to be lost.

Terry Gerton This space is moving so quickly. This EO seems to be flexible with some guidance, but let’s just say a year down the road. What would you hope to see that would be different in how the government and industry relate to each other around these frontier models that would give you the indication that this framework has been effective?

Alex Hastings A year from now, it would be great to see clear implementing guidance, particularly for industry and for the agencies in how this collaboration for these frontier models will work. The guidance would hopefully include how agencies would evaluate and how developers could provide access to their models. Hopefully the guidance would, you know, and this is true for every EO, right? They’re somewhat open-ended. They look to the agencies to implement. And so, you know, this is not an exception, but hopefully the guidance would provide input on and directive on how developers’ intellectual property would be protected, what criteria agencies would use to assess the potential national security risk of frontier models, essentially things of that nature that could actually give some additional sort of structure to this collaborative model that the EO establishes, that would be the direction. If this were to move forward in a successful direction, that would be helpful.

Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.

Related Stories