82% of Americans want pre-deployment AI vetting, EU publishes high-risk guidance, and OpenAI backs third-party audits

AI Business Risk Weekly

This week, the European Commission finally published its draft guidance on high-risk AI system classification under the AI Act, though at 167 pages it won't be light reading. OpenAI backtracked from its support for an Illinois bill that would have shielded AI companies from liability and, alongside Anthropic, endorsed a stronger bill requiring third-party audits; Connecticut separately passed the country's first state-authorized AI verification pilot. The White House is still debating an executive order that would establish pre-deployment review of frontier AI models, and the US and China held preliminary AI guardrail talks during Trump's visit to China.

White House moves toward executive order on pre-deployment AI review

The Trump administration is still working on an executive order requiring some form of pre-deployment review for frontier AI models. The push intensified after Anthropic's Mythos model demonstrated advanced offensive cybersecurity capabilities that alarmed both policymakers and the public, and a recent IFS/YouGov poll found 82% of Americans support White House vetting of AI systems before deployment, with only 4% opposed. National Economic Council Director Kevin Hassett compared the concept to FDA drug approval, though White House chief of staff Susie Wiles moved to distance the administration from that framing. The current plan appears to involve pre-deployment vetting, but basic questions remain open, including whether it will be mandatory for government contractors or voluntary and whether CAISI or the intelligence community will run the evaluations.

Business Risk Perspective: 82% public support makes pre-deployment review an abnormally popular policy. The internal disagreements are slowing things down, but the policy direction is clear.

EU Commission publishes draft guidelines on high-risk AI system classification

The European Commission released draft guidelines on May 19th on how to classify high-risk AI systems under Article 6 of the EU AI Act. The absence of clear classification guidance was a major reason enforcement got pushed back to December 2027, so this document fills a critical gap. It walks through every category and sub-category of high-risk AI system listed in Annex III, with concrete examples covering credit scoring, road traffic management, evaluating learning outcomes, and more. Companies whose use cases appear in the document will find it much harder to argue they fall outside high-risk classification. The guidelines also state that modular or agentic AI systems will be assessed as a single system when their components collectively influence a high-risk decision. Stakeholder feedback is open until June 23rd.

Business Risk Perspective: Many organizations had been counting on splitting agentic or multi-model pipelines into separate components so that no individual piece triggered high-risk classification, and these guidelines explicitly close that door by assessing combined systems as a whole. Figuring out where your specific use case falls across 167 pages of new classification guidance is no simple task. Reach out to us at Conformance AI if your business needs a streamlined process.

OpenAI and Anthropic back third-party audit requirements in Illinois legislation

OpenAI has walked back its support for an Illinois bill, SB 3444, that would have given AI companies a liability shield in exchange for meeting basic transparency requirements. In written testimony to the Illinois Senate, OpenAI said it never endorsed the liability provision specifically, though the bill's own sponsor had described it as an OpenAI initiative. OpenAI and Anthropic have both now backed SB 315, a stronger bill modeled on California's SB 53 and New York's RAISE Act that requires frontier AI companies to maintain safety frameworks and undergo third-party compliance audits. This appears to be the first time OpenAI has endorsed third-party auditing in state legislation.

Business Risk Perspective: Weeks ago, OpenAI was backing a bill that would have effectively immunized AI companies from liability in exchange for minimal transparency. That position has become untenable as public and political pressure builds, and the shift to endorsing third-party audits signals that blanket liability protections are off the table as a viable regulatory strategy.

Connecticut creates voluntary AI verification program with litigation benefits

Connecticut passed HB 5222 with strong bipartisan support, creating a voluntary program where businesses can submit their AI systems for independent safety verification. Companies whose systems pass earn a trusted seal and evidentiary support in civil litigation, similar to how product safety certification works in industries like financial auditing and consumer products. Under the program, the state defines safety outcomes and authorizes up to five Independent Verification Organizations to develop assessment criteria and conduct evaluations. Connecticut is the first state to launch this kind of program, following Virginia's decision to study the model earlier this year.

Business Risk Perspective: Verified status gives companies a real legal advantage in court. As more states adopt this model, being unverified may start to look like a liability in itself. Note — if your company is interested in third-party validation with audit-ready documentation, we can help.

Trump-Xi summit opens AI guardrail discussions; H200 sales remain stalled

President Trump's visit to China, attended by Elon Musk, Jensen Huang, and Dina Powell McCormick, included what Trump described as a discussion about "possibly working together for guardrails." Treasury Secretary Scott Bessent outlined plans for a protocol to prevent non-state actors from accessing frontier models. Export controls were discussed but nothing concrete came out of it. Separately, Reuters reported that the US approved Nvidia H200 sales to ten Chinese firms including Alibaba, Tencent, and ByteDance, though deliveries have not gone ahead due to concerns on the Chinese side.

Business Risk Perspective: The diplomatic language was warm, but the H200s approved for sale to major Chinese firms still haven't shipped. Anyone planning AI deployments or supply chains across both markets should draw their own conclusions about how much has actually changed.

AI Business Risk Weekly is a Conformance AI publication.

Conformance AI ensures your AI deployments remain safe, trustworthy, and aligned with your organizational values.