So Trump just delayed signing an executive order that would have required AI companies to submit their models for government evaluation before release. The official reason? He didn’t like the language. The real reason? Not enough tech CEOs could fly to D.C. for a photo op on short notice.
I find this genuinely frustrating to watch unfold, and here’s why: we’re stuck in this weird limbo where regulation keeps getting kicked down the road, but the underlying security concerns aren’t going away.
The Order That Almost Was
The executive order would have tasked the Office of the National Cyber Director with building a formal process to evaluate advanced AI models for security vulnerabilities before they hit the public. This response came partly because of recent releases like Anthropic’s Mythos and OpenAI’s GPT-5.5 Cyber, both of which can apparently find and exploit security vulnerabilities at scale.
Here’s the kicker: the controversial part wasn’t about whether evaluation should happen. It was about the timeline. The proposed language would have required companies to share advanced models with the government 14 to 90 days before launch. That’s the sticking point Trump mentioned worried him. He called it a potential “blocker” to American AI dominance.
Let me be clear about what I think here. A 14 to 90-day advance submission window isn’t some massive bureaucratic nightmare. It’s actually reasonable. But it does create friction in the release cycle, and for companies racing against each other and against international competitors, any friction gets treated like an existential threat.
Why the Timeline Actually Matters
From a developer perspective, here’s what this delay means in practical terms: we still don’t have a standardized, federally-mandated security evaluation framework for advanced models before they’re released.
That sounds abstract, but it’s not. When you’re building applications on top of these models, you’re inherently taking on risk that could have been mitigated upstream. If a model can find vulnerabilities, those vulnerabilities can end up in your application stack. If that model is released without proper vetting, you inherit that liability.
The 14 to 90-day window would have created predictability. You could plan releases around it. You could work with government agencies on security posture. Instead, we get this environment where companies release when they want, and security researchers scramble afterward.
I’m not saying government evaluation would have been perfect. Bureaucracy and tech innovation move at different speeds, and that gap is real. But deferring action entirely doesn’t make the problem disappear.
The Geopolitical Calculus
Trump’s reasoning is transparent: he believes any regulation could slow American AI development and hand the advantage to China. That’s the calculus he’s made public, anyway. And I get the concern. Competition is real. American tech companies are leading in certain domains, and that’s worth protecting.
But here’s what worries me more than a 90-day review period. If the government doesn’t establish any framework, and vulnerabilities start appearing in widely-deployed models, there’ll be pressure for much more aggressive regulation down the line. Reactive policy is always worse than proactive policy. It’s more draconian because it’s written in response to a crisis.
The irony is that by avoiding light-touch regulatory frameworks now, we might be pushing ourselves toward heavy-handed ones later. That’s not winning the race. That’s setting up for a stumble.
What Developers Should Actually Care About
Let’s talk about what this means for people like me, building with these tools. The lack of a formal evaluation process doesn’t mean models are automatically unsafe. But it does mean the safety bar is determined by whatever each company is willing to invest in, not by any unified standard.
That creates fragmentation. Some models will be rigorously tested internally. Others will be rushed. You have to do your own due diligence on every tool you integrate. That’s time that could go toward building features instead of auditing dependencies.
The delayed order also signals that the government isn’t going to be a strong counterweight to industry self-regulation anytime soon. So if you’re in a regulated industry and building with cutting-edge models, you might want to assume you’ll need to implement your own evaluation processes anyway. Plan for that now.
The Photo Op Factor
I’m going to call out the elephant in the room because the reporting made it clear: one of the real reasons this got delayed was logistics. Not enough executives could make the D.C. trip. An executive order signing without the right people and cameras? That’s just not as good for optics.
This tells you something about how these decisions are being made. It’s not purely about policy substance. It’s about theater and momentum and getting the right people in the room. That’s not a knock on any particular administration. That’s just how political capital works. But it does mean that substantive policy gets tied to scheduling rather than merit.
If the order gets signed later, when more CEOs can attend, the actual policy content might not change one bit. Or it might get watered down further to make it more palatable. Either way, the timeline for something this important shouldn’t be determined by corporate calendar availability.
Where We Go From Here
My guess is this gets signed eventually. Maybe after some tweaks to the language that make it feel less restrictive. Maybe after some CEO input that’s framed as addressing concerns but actually just softens the requirements. These processes have momentum even when they get delayed.
But the fundamental tension isn’t resolved. We need some level of government oversight to handle the public safety aspects of large-scale AI releases. At the same time, you can’t have bureaucracy moving slower than technology itself, or you kill innovation.
The 14 to 90-day window was actually an attempt at balance. Not perfect, but reasonable. By delaying indefinitely, we’re not solving anything. We’re just kicking the can and hoping something doesn’t break in the meantime.
What concerns me most is that we’re treating this like it’s a binary choice between “move fast and break things” and “government control.” When really, the interesting work is figuring out what structured evaluation actually looks like at scale, and how to make it work without creating perverse incentives or bottlenecks.
That work’s going to happen one way or another. The only question is whether we’re intentional about it now or reactive after a problem emerges.