I&C | Intelligence & Compliance
AI governance, policy, and risk frameworks.
Edition №07 · Tuesday, June 23, 2026 · ~5 min read
📌 The Brief
The US government switched off a commercially deployed frontier AI model this week, and the way it did it should reset how you price vendor risk.
If your stack carries a single-model dependency, the failure mode you planned for was an outage. The one that just happened was an export-control order.
⚖️ Regulation & Enforcement
US federal · US states · enforcement actions · compliance deadlines
🏛️ US States
State AI laws · attorneys general · state agency rules · enforcement
Vermont Legislature · 2 min
Governor Phil Scott signed H.816 into law on June 17, making it "unprofessional conduct" for a licensed mental-health provider to let an AI system make therapeutic decisions or deliver treatment independently.
Administrative uses like note-taking, scheduling, and transcription stay clear. The Attorney General enforces under the Consumer Protection Act, and the act took effect on passage.
✅ Do this: If you sell mental-health or "wellness" AI into Vermont, draw the line between administrative support and clinical decision-making now, and write it into your product gating. Cross it and your tool sits in the same enforcement lane as an unlicensed practitioner.
🌍 Global Policy Watch
EU AI Act · UK · APAC · OECD · multilateral · enforcement actions
🇪🇺 EU & Enforcement
EU AI Act · enforcement actions · compliance deadlines
European Parliament · 2 min
On June 16 Parliament approved the Digital Omnibus by 423 votes to 57, with 174 abstentions, fixing standalone high-risk (Annex III) obligations at December 2, 2027, product-embedded (Annex I) systems at August 2, 2028, and machine-readable watermarking of AI-generated content at December 2, 2026.
It also adds an Article 5 prohibition on AI systems that generate non-consensual intimate imagery or child sexual abuse material. The Council still has to adopt the text before any of it is law.
✅ Do this: Treat December 2, 2026 as your hard watermarking date, and keep August 2, 2026 live for Article 50 chatbot disclosure and GPAI penalty powers, both of which the delay did not touch.
Until the Council adopts and the Official Journal publishes, the 2024 timeline stays the legal baseline, so don't stand down on Annex III mapping.
🌍 UK · APAC · Multilateral
UK · APAC · OECD · Council of Europe · multilateral
Council of the EU · 2 min
At the June 15 to 17 summit, G7 leaders issued a call for a safer digital space for minors and held a June 17 working lunch with AI chiefs including Anthropic's Amodei, OpenAI's Altman, and Google DeepMind's Hassabis on deploying AI safely and fast.
The US export controls on Anthropic's models hung over the room and hardened European calls for sovereign AI, with one host government requiring civil servants to drop US video tools.
✅ Do this: Read the minors thread as direction of travel, not a new obligation yet, and watch whether "adapt chatbot language for children" migrates from communiqué into binding rules where your systems already face Article 50 and ICO scrutiny.
⚡ Quick Hits
Signal over noise
Anthropic: Fable 5 and Mythos 5 stayed offline worldwide through the week under the June 12 Commerce export-control directive, and Anthropic met White House officials on June 15 to seek restoration. read more
US CHIPS: Commerce's CHIPS R&D office signed a $500 million award with SandboxAQ on June 17 to accelerate AI-driven semiconductor materials discovery. read more
G7 minors: G7 leaders issued a June 17 declaration on a safer digital space for minors, flagging the adaptation of AI chatbot language when systems interact with children. read more
📅 On the Radar
Forward look: deadlines, comment windows, effective dates coming up
June 29, 2026: The Council is expected to formally adopt the Digital Omnibus, clearing the way for Official Journal publication and entry into force.
July 22, 2026: Deadline to sign the AI-generated-content Code of Practice to make the initial signatory list ahead of Article 50.
July 23, 2026: Extended deadline for feedback on the Commission's high-risk classification guidelines under Article 6.
August 2, 2026: Article 50 transparency obligations (chatbot disclosure) and GPAI penalty powers become applicable. This date did not move.
🔍 One Big Thing
CSIS · 15 min read at source
The most useful document on a compliance desk this week is this June 16 CSIS breakdown of the June 12 order that forced Anthropic to disable Fable 5 and Mythos 5 for every customer worldwide.
The throughline: the legal basis is genuinely contested. Commerce reportedly leaned on an emerging-technologies "is informed" authority in the Export Control Reform Act that has never been used this way and has no implementing regulation, and the analysts note that remote access to a model on Anthropic's own servers may not even be an "export" under the current rules.
The authors lay out three ways access gets restored, with quiet negotiation the likeliest, litigation and full identity-and-citizenship verification the harder alternatives.
The strategic cost is the part to carry into a risk review: a precedent that any US model can be switched off mid-deployment pushes foreign buyers toward open, self-hostable options, and it landed the same week Zhipu shipped GLM-5.2 as a 753-billion-parameter MIT-licensed open-weight model, positioned as exactly that answer.
✅ Do this: Move "vendor kill-switch" from a tail risk to a modeled scenario. Dual-source your most critical model dependency, confirm your force-majeure and continuity clauses actually cover a government directive (most were written for outages, not export controls), and stand up a tested fallback so a repeat of June 12 is a config change, not a fire drill.
💬 From the desk
Two stories rhymed this week.
Washington used export controls to pull a commercial model, and Brussels locked its Omnibus dates while leaning harder into sovereign AI.
Both point the same way for buyers: model availability is now a compliance variable, not an infrastructure given. I'm watching the Anthropic negotiations for the terms of any restoration, since those terms will signal what "safe enough to ship" means federally.
And Illinois: the Artificial Intelligence Safety Measures Act (SB 315) cleared the General Assembly and is headed to Governor Pritzker's desk. If he signs, it's the first state to require annual third-party audits of frontier models, and it leads next week's edition.
Was this forwarded to you? Subscribe →