AI Policy Weekly — Issue #4: BIS closes the Malaysia loophole, Senate kills federal preemption 99-1, and two state AI laws land on governors' desks

AI Policy Weekly — Issue #4: BIS closes the Malaysia loophole, Senate kills federal preemption 99-1, and two state AI laws land on governors' desks

BIS issued surprise guidance May 31 reactivating export license requirements for Chinese-owned subsidiaries buying Nvidia Blackwell and AMD AI chips outside China — closing a gap open since May 2025. The Senate voted 99-1 to strip federal AI preemption from the One Big Beautiful Bill; the White House is pursuing state laws through DOJ litigation instead. Connecticut Governor Lamont signed the AIRT Act on May 27 (AEDT and frontier model rules take effect October 1). Illinois SB 315 passed the House 110-0 and Governor Pritzker has confirmed he will sign it. The EU appointed its 60-member AI Act Scientific Panel on June 1, two months before the August 2 enforcement deadline.

AI Policy & Regulation Weekly
AI Policy & Regulation Weekly@Dagmar Baltes
2026/6/1 · 22:08
15 订阅 · 4 内容
The past seven days produced four concrete compliance events: a surprise BIS guidance that reactivates licensing requirements closed for over a year; a near-unanimous Senate vote removing federal AI preemption from the budget reconciliation bill; two significant state AI laws heading to governors for signature; and the European Commission standing up its enforcement expert bodies two months before the EU AI Act's first hard deadline.

1. BIS closes the Chinese subsidiary loophole — 13 months after opening it

On May 31, the Commerce Department's Bureau of Industry and Security issued guidance requiring export licenses for sales of advanced AI chips to any entity headquartered in China or Macau, regardless of where the purchasing subsidiary is physically located.1
The guidance closes an exposure that BIS itself created in May 2025, when the Trump administration announced it would not enforce the Biden-era AI Diffusion Rule. That non-enforcement posture left the 2023 licensing requirements technically on the books but operationally dormant. Chinese AI companies promptly established or directed procurement through subsidiaries in Malaysia, Singapore, the UAE, and elsewhere — locations where no specific license block applied. A paper circulating in Washington the Friday before the guidance described the situation bluntly: "the floodgates have quietly opened." One supply-chain source told Reuters the total number of advanced chips acquired through this channel was in the hundreds of thousands.
The May 31 guidance does not create new law. It reasserts licensing requirements already in place under 2023 export control rules and clarifies that those rules apply based on a buyer's headquarters jurisdiction, not its operating address.2 Nvidia said the guidance changes nothing for the company because Commerce had already given it a letter imposing a license requirement. AMD did not immediately comment.
The guidance leaves at least one gap unaddressed. Former State Department official Chris McGuire noted in a public post that TSMC and other foundries still face no explicit obligation to vet whether AI chips they manufacture are destined for Chinese front companies — a separate channel not covered by Sunday's guidance.1
What to watch: BIS has not addressed the broader GAO ruling from Issue #3 — that its May 2025 non-enforcement press release was itself a "rule" under the Congressional Review Act that never legally took effect. The May 31 guidance sidesteps that question entirely. Compliance teams exporting advanced AI compute should treat licensing requirements as active now, but the CRA ambiguity remains unresolved.
正在加载内容卡片…

2. Federal AI preemption fails 99-1 in the Senate; White House shifts to litigation

The One Big Beautiful Bill — the Trump administration's budget reconciliation package — was circulating in an early Senate draft that included a provision imposing a 10-year moratorium on state AI regulation.3 The mechanism was indirect but pointed: states maintaining AI laws "inconsistent with" a forthcoming federal AI framework would lose eligibility for federal broadband infrastructure funding.
The Senate stripped the provision 99-1.
The vote reflected three specific problems. First, the provision asked Republican senators who defend state legislative authority to preempt their own legislatures on AI. Senator Marsha Blackburn of Tennessee, co-sponsor of the Take It Down Act, was among those who objected. Second, the text used "inconsistent with a federal framework" as the operative legal test, but no final federal AI framework exists — making the definition unenforceable without subsequent rulemaking that could itself be litigated for years. Third, industry was split: large AI developers wanted preemption; insurance companies, banks, and healthcare systems that rely on state consumer protection enforcement against AI-using competitors did not.
The White House's response is a Department of Justice AI Litigation Task Force, announced alongside the National AI Legislative Framework published March 20. The task force will challenge individual state AI laws on constitutional grounds: dormant Commerce Clause (state laws burdening interstate commerce), Supremacy Clause (conflict with existing federal statute or agency rule), and First Amendment (compelled disclosure of training data or AI labeling). A Commerce Department list of "onerous" state AI laws — which will signal where the DOJ will file first — was due within 90 days of the March 20 framework, placing its expected publication around late June 2026.3
Successful constitutional challenges take 18-24 months minimum to produce an injunction and 4-6 years to reach final appellate resolution. State AI laws in Colorado, Illinois, California, and Connecticut remain fully enforceable in the meantime.

3. Two state AI laws reach governors' desks

Connecticut SB 5 signed May 27

Governor Ned Lamont signed Connecticut's Artificial Intelligence Responsibility and Transparency Act (AIRT Act) on May 27.4 The law is structured as five separate regulatory regimes with staggered effective dates:
RegimeCovered entitiesFirst effective date
Automated employment decision tools (AEDT)Any employer using AI as a "substantial factor" in hiring, promotion, discipline, or terminationOctober 1, 2026
AI companion chatbotsOperators of systems that simulate human conversation and maintain cross-interaction relationshipsJanuary 1, 2027
Synthetic content provenance (C2PA)Generative AI developers with >1M monthly active users for consumer-facing productsOctober 1, 2027
Frontier model developersCompanies training models at >10²⁶ FLOPs operating in ConnecticutOctober 1, 2026 (whistleblower protections)
Social media recommendation systems for minorsPlatforms offering personalized feeds to users under 18January 1, 2028
The AEDT and frontier model whistleblower provisions take effect October 1 — roughly four months from now. The law's companion chatbot regime includes prohibitions on romance and sexual interactions with minors, variable-ratio engagement mechanics, and impersonating humans. The C2PA mandate requires Content Credentials metadata on AI-generated audio, images, and video, with a tamper-resistant standard.

Illinois SB 315 passes House 110-0; Pritzker confirms he will sign

The Illinois House passed SB 315 on May 27 by a unanimous 110-0 vote, following the Senate's 52-5 passage the previous week.5 Governor JB Pritzker posted on X shortly after the House vote: "Illinois is leading the nation in holding Big Tech accountable. I look forward to signing SB 315."
正在加载内容卡片…
The bill requires frontier AI companies — specifically targeting developers of models that could produce "severe or catastrophic" outcomes — to publish annual safety plans, undergo independent third-party audits, and maintain whistleblower protections. It would be the first U.S. law to mandate independent third-party AI safety audits. Both OpenAI and Anthropic publicly supported the bill; the Computer & Communications Industry Association opposed it. The effective date was pushed back from 2027 to 2028 during House amendments, and a private right of action was removed, leaving enforcement to the state attorney general.6
The bill passed days after Trump declined to sign an executive order that would have established a voluntary federal AI safety testing framework — the same EO covered in Issue #3. The White House has opposed provisions similar to SB 315 on the grounds they create a compliance patchwork that could disadvantage U.S. AI companies.

4. EU appoints enforcement bodies; August 2 deadline two months away

On June 1, the European Commission appointed a 60-member Scientific Panel and an Advisory Forum to support enforcement of the AI Act.7 Both bodies will serve two-year terms and advise the Commission's AI Office and national competent authorities.
正在加载内容卡片…
The Scientific Panel focuses specifically on general-purpose AI models: systemic risk classification, evaluation methodologies, and cross-border market surveillance. Its appointment matters because the EU AI Act's provisions on GPAI models — including the rules applicable to models posing "systemic risk" — take effect August 2, 2026, alongside the broader transparency and labeling requirements.
The Advisory Forum includes academia, civil society, industry (including SMEs and startups), and permanent seats for the EU Agency for Fundamental Rights and ENISA. A targeted public consultation on draft guidelines for classifying high-risk AI systems under Annex III opened May 19 and runs until June 23, 2026.8
Timeline recap for the August 2 cluster: Transparency and labeling rules, GPAI transparency obligations, and the prohibitions on unacceptable-risk AI all take effect August 2. High-risk AI (Annex III) has been pushed to December 2027 under the Digital Omnibus amendments from May 7. The new nudification and CSAM prohibitions added by the Digital Omnibus take effect December 2026.

5. G7 Digital Ministers: child protection consensus, AI energy impact left vague

G7 digital ministers met in Paris on May 29, hosted by France, as a preparatory session for the June 15-17 Evian heads-of-state summit.9 The seven countries agreed on a set of shared principles for online child protection — covering age verification, protection by design, and illegal content enforcement — a first for the group on this topic.
Consensus stopped there. France had pushed for a strong joint statement on AI's energy impact and electricity grid demands, but the final declaration acknowledged only that "the growing adoption of AI will place increasing pressure on electricity grids." French Digital Minister Anne Le Henanff described securing even that acknowledgment from the United States as a significant achievement. The U.S. holds the G7 presidency next year.
The TECH7 industry consortium, meeting the day before in Evian, issued a joint declaration calling on G7 governments to build on the Hiroshima AI Process as the primary multilateral framework for AI governance and to recognize interoperability between national AI standards systems.10

Recurring watch list

ItemStatus
White House AI security EOUnsigned since May 21; no new movement
MATCH Act (chip-manufacturing equipment controls)No House floor vote; still awaiting full chamber vote since April 22 committee clearance
BIS AI Diffusion Rule / CRAGAO ruling stands; BIS has not submitted to Congress; May 31 guidance sidesteps the CRA question
FTC Take It Down ActFirst administrative enforcement action not yet announced; criminal prosecutions (Shannon/Hernandez, EDNY) active
Supermicro Liaw prosecutionNo new filings
BIS FY2027 budget ($450M / 1,077 positions)Appropriations process ongoing
EU AI Act August 2 deadline62 days; GPAI + transparency + unacceptable-risk prohibitions
Commerce Dept. "onerous state AI laws" listDue by ~late June 2026

参考来源

  1. 1Reuters: US takes step to halt Nvidia AI chip shipments to Chinese firms outside China
  2. 2Epoch Times: US Moves to Restrict China's Access to Advanced AI Chips
  3. 3AI Policy Desk: One Big Beautiful Bill — federal AI preemption failed
  4. 4ChatForest: Connecticut's AIRT Act (SB 5): Five Separate AI Regulations in One Law
  5. 5NBC News: Illinois Legislature passes historic AI bill
  6. 6Daily Herald: Illinois lawmakers pass landmark AI accountability bill
  7. 7European Commission Digital Strategy: AI Act enforcement gets independent expert support
  8. 8EU Commission: European Commission publishes guidelines on high-risk AI systems
  9. 9Canadian Affairs: Digital G7 reaches limited deal on child protection, AI energy impact
  10. 10techUK: techUK joins TECH7 Summit in Paris
AI Policy & Regulation Weekly
AI Policy & Regulation Weekly

围绕这条内容继续补充观点或上下文。

  • 登录后可发表评论。