This website uses cookies

Read our Privacy policy and Terms of use for more information.

I&C | Intelligence & Compliance

AI governance, policy, and risk frameworks.

Edition №08 · Tuesday, June 30, 2026 · ~5 min read

📌 The Brief

Congress just marked up ten AI bills in a single sitting, most of them unanimously, and nearly every one routes new work through the same agency.

If your governance program treats "NIST-aligned" as its backbone, the scope of what that phrase covers is about to grow, and one of the new mandates lands directly on your incident-reporting desk.

⚖️ Regulation & Enforcement

US federal · US states · enforcement actions · compliance deadlines

🦅 US Federal

Executive orders · federal agencies · Congress · NIST · FTC · OMB

House Science Committee · 2 min

On June 25 the committee favorably reported ten AI bills, most unanimously, including the CREATE AI Act (29-0) codifying the National AI Research Resource, the AI Security and Innovation Act (29-0) putting CAISI into statute, and bills directing NIST to build standardized model documentation templates and a national AI flaw database modeled on the National Vulnerability Database.

Do this: Read the package as the federal compliance vocabulary being written now: NIST documentation templates and an AI flaw-reporting database will shape what auditors and enterprise buyers ask you for.

Assign someone to track the READ AI Models Act and the AI Flaw Reporting Act specifically, and pressure-test whether your current model cards would survive a standardized template.

Congress.gov · 2 min

S. 4915, introduced June 25 by Sens. Schatz, Curtis, and Warner, would require visible and machine-readable disclosures on AI-generated audio, video, and images, bar platforms with 10M+ monthly US users or $1.5B+ revenue from stripping them, and let the FTC treat unlabeled content as a deceptive act, with statutory damages up to $25,000 per violation, tripled for repeats.

Do this: Map this against the EU's Article 50 marking obligations landing August 2. The provenance infrastructure is the same build (C2PA-style machine-readable marks plus visible labels), so a single content-provenance workstream can cover both.

Don't build twice.

🏛️ US States

State AI laws · attorneys general · state agency rules · enforcement

Illinois General Assembly · 2 min

The Artificial Intelligence Safety Measures Act was formally transmitted to the governor on June 26 after passing the House 110-0.

It would make Illinois the first state to require annual independent third-party audits of frontier developers' safety frameworks, covering developers above $500 million in revenue, with civil penalties up to $1 million per violation, AG-only enforcement, and a January 1, 2027 effective date.

Pritzker has said he'll sign.

Do this: If you're a covered developer, the audit mandate is the new element: New York's RAISE Act and California's SB 53 require frameworks and transparency reports, but neither requires independent verification.

Start scoping who could credibly audit your safety framework, because the qualified-auditor market barely exists yet and everyone will need one at once.

🌍 Global Policy Watch

EU AI Act · UK · APAC · OECD · multilateral · enforcement actions

🇪🇺 EU & Enforcement

EU AI Act · enforcement actions · compliance deadlines

Consilium · 2 min

The Council's June 29 green light, following Parliament's June 16 vote, ends the provisional-agreement limbo that's run since May 7. Once published in the Official Journal, the deferred dates are binding: December 2, 2027 for standalone Annex III high-risk systems, August 2, 2028 for product-embedded ones. August 2, 2026 for Article 50 transparency and GPAI enforcement did not move.

Do this: Retire every roadmap slide that hedges with "subject to formal adoption." The dates are settled.

That clarity cuts both ways: you can no longer justify keeping high-risk workstreams idling on the theory the deal might collapse, and the unchanged August 2 obligations are now 5 weeks out with no remaining ambiguity.

🌍 UK · APAC · Multilateral

UK · APAC · OECD · Council of Europe · multilateral

U.S. State Department · 2 min

At the June 25-26 Washington summit, ten partners including the EU, Germany, and the Netherlands signed the Pax Silica Declaration, bringing it to 24 signatories, and 35 nations signed a Joint Statement on AI Opportunity backing a pro-growth, pro-innovation regulatory approach.

India used the summit to formally request assurances that the US won't unilaterally cut allied access to frontier models again.

Do this: Note the EU signing a pro-innovation AI declaration three days before adopting its own simplified AI Act timeline: the deregulatory drift is now transatlantic and coordinated.

If you sell into Pax Silica economies, expect procurement and supply-chain attestations (trusted-vendor, China-free stack) to start appearing in RFPs before any of it becomes law.

🧰 The Stack

Model releases · capability shifts · technical changes that move your risk

OpenAI · 2 min

Unveiled June 24, Jalapeño is OpenAI's first custom silicon, built for LLM inference rather than training, with initial deployment targeted by end of 2026 and Broadcom citing cost savings of roughly 50% versus standard GPUs.

Engineering samples are already running production workloads in the lab.

Do this: Cheaper inference means your vendors will run bigger agentic workloads at the same price point, which expands what their systems attempt on your behalf.

Add hardware-migration clauses to your model-vendor diligence: when a provider moves serving infrastructure, ask what regression and behavioral-consistency testing accompanied the move, because output drift from a serving change won't announce itself in a release note.

⚡ Quick Hits

Signal over noise

  • Chatbot safety: Sens. Curtis and Schiff introduced the SAFE KIDS Act (S. 4855) on June 23, requiring risk assessments, annual safety audits, and a ban on child-targeted ads for AI chatbot providers. read more

  • NIST's new workload: Among the June 25 package, H.R. 6461 directs NIST to pilot standardized AI documentation templates and H.R. 9333 tasks it with a national AI flaw database built with CISA. read more

  • The partisan seam: Committee Democrats say amendments on youth AI exposure and data centers were blocked from the 10-bill markup, a preview of the fight when the package hits the floor. read more

  • AI opportunity bloc: The State Department's June 25 opening session also launched Foundry School, a Stanford-partnered advanced-manufacturing curriculum for all Pax Silica economies. read more

  • Silicon speed: Broadcom says Jalapeño went from initial design to manufacturing tape-out in nine months, possibly the fastest high-performance ASIC development cycle on record. read more

📅 On the Radar

Forward look: deadlines, comment windows, effective dates coming up

  • July 13, 2026: Colorado AG's pre-rulemaking comment window closes on the ADMT Act (SB 26-189) and the Chatbot Safety Act, ahead of formal rules due January 1, 2027.

  • July 22, 2026: Deadline (18:00 CET) to sign the EU's transparency Code of Practice and appear on the initial-signatory list published before Article 50 applies.

  • July 23, 2026: Feedback closes on the Commission's draft high-risk classification guidelines.

  • August 2, 2026: Article 50 transparency obligations apply and Commission GPAI enforcement powers, including fines up to €15M or 3% of global turnover, go live. Now formally confirmed unchanged.

🔍 One Big Thing

Sidley Austin · 12 min read at source

With the Omnibus dust settling, the most useful desk reference this week is Sidley's June 24 walk-through of the Article 50 obligations that did not move.

It works through each duty with the Commission's draft guideline examples attached: interactive systems must disclose they're AI unless it's obvious to a reasonably informed person, emotion-recognition and biometric-categorisation systems must notify exposed individuals, deepfakes must be labelled, and providers of generative systems must mark outputs in a machine-readable format.

The piece is precise on the one carve-out that matters: only the machine-readable marking obligation for generative systems already on the EU market before August 2 slips to December 2, 2026 under the Omnibus, while everything else in Article 50 bites on August 2 with fines up to €15 million or 3% of worldwide turnover behind it.

It also flags the trap in scoping: the disclosure duty is assessed from the user's perspective, so a system that is obviously AI to your engineers may not be to your customers, and the burden of that judgment sits with you.

Do this: Inventory every system you run that talks to users, generates content, or reads emotion, and sort each into its Article 50 bucket this week. Then decide by July 22 whether signing the transparency Code of Practice is cheaper than proving compliance your own way, because for most mid-size providers it will be.

💬 From the desk

Watch Springfield: SB 315 sits on Pritzker's desk with a promised signature, and the moment it lands, the first mandatory third-party AI audit regime in the country becomes law.

I'm also watching for the FTC policy statement on AI that December's executive order directed, which is rumored to be imminent and could open a federal preemption front against exactly the state laws Illinois just passed.

Both go in next week's edition if they land.

Was this forwarded to you? Subscribe →

Keep Reading