This summer, the U.S. Senate will consider and vote on a massive tax and spending plan dubbed by the Trump administration as One Big Beautiful Bill. The legislation includes a 10-year moratorium on state or local level AI laws.
If passed, the more than 45 states that introduced AI bills during last year’s legislative session and the 31 states that adopted resolutions and enacted laws could be disrupted. The AI law ban, however, does include exceptions for state legislation that facilitates the development and adoption of the technology. The bill could also touch enterprises and CIOs that have already updated practices, paid outside partners for assistance and brought on specialized counsel.
Advocates of a freeze say an ever-growing, complex patchwork of state-level laws should be stopped and welcome the potential national consistency. Critics say the proposed moratorium raises far more questions than it answers.
“This freeze might simplify things on the surface, but it raises the stakes for internal oversight and long-term thinking,” Ja-Naé Duane, faculty at Brown University and research fellow at MIT’s Center for Information Systems Research, said in an email. “For CIOs, the real work starts now.”
Despite the federal government's light-touch approach toward AI regulation, several experts told CIO Dive the potential freeze on state-level laws caught them by surprise.
“There was, at least on my part, no expectation that there would be something quite this drastic,” said Niloy Ray, Littler shareholder and a core member of the law firm’s AI and Technology Practice Group.
After taking office in January, the Trump Administration quickly revoked past AI policies and mandated federal agencies to remove innovation obstacles. Vice President JD Vance touted the strategy abroad during the AI Action Summit in Paris in February, calling on other nations to adopt a similar approach.
“I’m not here this morning to talk about AI safety,” Vance said during his keynote speech. “I’m here to talk about AI opportunity.”
U.S. state-level lawmakers took note. In March, Texas introduced a weakened version of its AI Act. Virginia Governor Glenn Youngkin aligned with the deregulatory push the same month, vetoing an AI-focused bill that proposed requirements for developers and deployers and established penalties for noncompliance.
Those in favor of the moratorium see it as another step in the same direction, reducing AI compliance hurdles.
Big tech companies, such as OpenAI and Google, have pushed for a more centralized approach to governance and likely welcome the potential pause on state-level rules. Leaders at Meta, Cohere and other AI providers have also suggested existing laws already do the trick.
Enterprises that have tried to stay ahead of the game may find themselves heading back to the drawing board.
“Suppose the freeze holds, every dollar spent on 50-state compliance is wasted,” Nic Adams, co-founder and CEO at Indianapolis-based cybersecurity provider 0rcus, said in an email. “Anyone who overinvested in local AI compliance, data privacy or bias audits will struggle to unwind, renegotiate, re-architect and re-deploy. Early adopters, of course, get punished; late movers get a hall pass.”
Predicting the unpredictable
While the bill already cleared one hurdle, it did so narrowly. The House of Representatives closely followed party lines in a 215-214 vote to pass the bill over to the Senate last week.
“Even if this moratorium were to pass, which I think is still very questionable, it will be subject to constitutional challenges, among other things,” Asha Palmer, Skillsoft SVP of compliance solutions, told CIO Dive.
CIOs shouldn’t abandon their compliance and governance efforts either way.
Organizations operating globally still have to contend with other jurisdictions’ AI rules, such as the European Union’s AI Act. Finding the highest regulatory standard and aligning with that could help future-proof plans.
Experts also predict CIOs will see ethical and responsible AI practices as a competitive differentiator and a way to gain customer and employee trust. Plus, lawsuits can happen even without new legislation.
“Enterprises pressing forward with aggressive AI adoption will need to track judicial rulings just as closely as any proposed law,” said Steve Wilson, chief AI and product officer at California-based cybersecurity company Exabeam. “Regulatory clarity may come slowly, but legal risk will not.”
How CIOs manage procurement and vendors will likely be subject to change should the moratorium go into effect, too.
“Vendors need to be held to a higher bar,” Duane said. “Every AI procurement process should include questions about model transparency, data sources, and long-term compliance planning. I recommend baking adaptability and ethical use directly into your vendor contracts now, not later.”
Experts warn of other potential pitfalls, such as pulling back on initiatives or projects in hopes of gaining regulatory clarity down the road.
“Any enterprise sitting on its ass waiting for some golden calf federal roadmap will get demolished by tech-savvy operators who view compliance as yet another adversarial domain,” Adams said. “Get creative, or get smoked.”
