Rachel Lau and Shirley Frame work with leading public interest foundations and nonprofits on technology policy issues at Freedman Consulting, LLC. Ben Lennett is the managing editor of Tech Policy Press.

In May, the Trump administration deepened its push to position artificial intelligence as a core component of US national security. The Department of Defense (DOD) announced agreements with major technology companies to deploy commercial AI systems on classified military networks, and the National Security Agency (NSA) and Cyber Command launched a joint task force focused on integrating frontier AI models across Pentagon operations. At the same time, the White House explored, but ultimately postponed, an executive order that would have formalized a voluntary federal review process for advanced AI models prior to public release.

The month also saw continued scrutiny of how technology companies collect, use and govern data, particularly in areas involving consumer protection and online safety. Lawmakers introduced legislation targeting surveillance pricing, deceptive AI-generated content and data privacy, while civil society groups and public figures weighed in on the risks posed by AI systems. Pope Leo XIV warned about AI’s potential effects on human dignity, labor and the common good, and Public Citizen raised concerns about the federal government’s use of AI in the rulemaking process. Meanwhile, YouTube, Snap, TikTok, and Meta reached settlements in the first school district social media addiction lawsuit set for trial, resolving claims brought by Breathitt County School District in Kentucky.

Read on to learn more about May developments in US tech policy.

Pentagon’s AI Deals Draw Scrutiny as White House Shelves AI Pre-Deployment Review Executive Order

Summary

In May, the Trump administration moved to embed commercial artificial intelligence tools into the military’s most classified systems, while also considering, but ultimately shelving, an executive order that would have formalized a voluntary review process by the federal government for frontier AI models before their public release.

In early May, the Department of Defense (DOD) announced agreements with eight companies — Google, OpenAI, Nvidia, Microsoft, Amazon Web Services, SpaceX, Oracle, and startup Reflection — to deploy their AI systems on highly classified military networks for “lawful operational use.” The Pentagon framed the deals as advancing its ambition to become an “AI-first fighting force” by expanding the range of tools available to warfighters. Anthropic was notably absent from the announcement. Before the deals were finalized, more than 600 Google employees signed an open letter urging Google CEO Sundar Pichai to reject the classified military work, arguing that the broad contract language left few enforceable limits on how the company’s AI could be used.

While expanding AI deployment in the military, the executive branch also indicated a potential interest in increasing oversight of frontier AI models overall. Google DeepMind, Microsoft and xAI reached agreements with the Trump Administration to voluntarily provide the Commerce Department’s Center for AI Standards and Innovation (CAISI) with early access to unreleased frontier AI models for evaluations of model capabilities and national security-related risks. The agreements expanded upon CAISI’s ongoing equivalent agreements with OpenAI and Anthropic that have been in place since 2024.

The same week, reporting emerged that the White House was drafting an executive order to formalize a voluntary federal pre-deployment review process for AI systems. According to officials familiar with the discussions, the effort reflected mounting anxiety within the administration about the national security implications of rapidly advancing AI capabilities — sharpened by Anthropic’s April briefing of senior Trump administration officials on its frontier AI model Mythos, which reportedly can identify and exploit cybersecurity vulnerabilities. Officials warned that US adversaries could use similar advanced models to identify and exploit vulnerabilities in US systems.

The planned executive order included provisions for AI companies to voluntarily provide the government with early access to frontier AI systems for up to 90 days before public release to identify security vulnerabilities. The order also called on the Treasury Department, the National Security Agency (NSA), the National Institute of Standards and Technology (NIST), and the Cybersecurity and Infrastructure Security Agency (CISA) to coordinate with other executive agencies to create a classified benchmarking process to assess advanced AI capabilities.

However, the White House postponed the signing of the executive order on May 21 due to President Trump’s concerns that it would block AI development. Trump told reporters that he did not “want to do anything to get in the way” of the US lead over China in AI development. According to Politico, the decision came after several prominent tech industry figures, including Elon Musk and Mark Zuckerberg, expressed opposition. The White House has not announced a revised timeline for the executive order.

The draft executive order received a mixed response, with some groups calling for stronger oversight of frontier AI companies through mandatory early access and testing. As draft language circulated, Rep. Jim Himes (D-CT), the ranking Democrat on the House Intelligence Committee, told Nextgov that “it would be insane” not to give US intelligence agencies early access to AI models. Meanwhile, a group of 62 conservative nonprofit executives, faith leaders, professors, and policymakers coordinated by advocacy group Humans First submitted a letter to the White House supporting the order but pushing the administration to pursue a stronger line, including “mandatory testing, evaluation, vetting, and government approval of frontier AI systems before they are released.”

What We’re Reading

• James Görgen, “Trump Abandons 'FDA for AI' Proposal,” Tech Policy Press.
• Emma Hatheway, “The White House Wants to Vet AI Models. It Won’t Solve the Safety Problem,” Tech Policy Press.

Tech TidBits & Bytes

Tech TidBits & Bytes aims to provide short updates on tech policy happenings across the White House, agencies, Congress, civil society, industry, and courts.

In the White House:

• The White House directed federal agencies to install its official mobile app, which delivers administration news, policy updates and presidential social media posts, on all government-issued mobile phones. The federal Chief Information Officer instructed agency IT leaders to work out the mechanics of deployment, and the Federal Aviation Administration notified employees that the app would be automatically installed on agency iPhones and iPads. The app, initially launched in March, drew criticism from cybersecurity experts for security risks, including data sharing with third parties and for its pro-administration content.

In the agencies:

• The National Security Agency (NSA) and Cyber Command launched a joint AI task force to study and accelerate the safe deployment of frontier AI models across the Pentagon. The task force, which was announced in an internal email to staff, will assess how the Pentagon can safely deploy leading AI models in all parts of its mission, including use in some of the most sensitive systems.
• FedScoop reported that Immigration and Customs Enforcement (ICE) and Homeland Security Investigations (HSI) plan to award a five-year contract with a ceiling of $100 million to Cellebrite, an Israeli digital forensics firm that develops tools that extract cellphone, tablet, and drone data. The news came the same week Cellebrite cleared the federal government’s most rigorous cloud security standard. Privacy advocates warned that the contract award could facilitate warrantless device searches with limited oversight.
• ICE awarded a $211,618 contract to Delaware-based digital forensics firm Sumuri for courses on extracting data from encrypted Apple products, Politico reported. Sumuri previously signed contracts with the Department of Defense, the Drug Enforcement Administration, and the Federal Bureau of Investigation.
• A New York Times investigation reported that the Commodity Futures Trading Commission (CFTC) has been substantially weakened under the Trump administration, shrinking its workforce, purging career officials and curtailing crypto enforcement while advancing prediction market interests. Senior career officials who raised concerns about consumer protections and fraud risks related to cryptocurrency and prediction markets were reportedly suspended or forced to resign. The investigation also outlined how the CFTC cleared regulatory hurdles for three firms with ties to the Trump family's business empire — Crypto.com, Polymarket, and Gemini Titan — over the objections of career staff.
• Unpublished reports from the Department of Homeland Security, Federal Bureau of Investigation and regional intelligence fusion centers, obtained by Wired, identified "anti-technology extremism" as an emerging domestic threat amid growing public backlash to AI. One report warned that AI adoption could fuel "large-scale protests that devolve into civil unrest and anti-tech violent extremist activity" within five years. The reports also raised potential threats to data centers and other critical infrastructure. Legal experts noted that some activities listed as potentially suspicious are common features of lawful protest, such as photography and observation.

In Congress:

• Senate Minority Leader Chuck Schumer (D-NY) wrote to Department of Homeland Security (DHS) Secretary Markwayne Mullin, calling on the agency to coordinate with state and local governments on AI-enabled cyber threats. Schumer criticized DHS’s decision to suspend federal funding for the Multi-State Information Sharing and Analysis Center (MS-ISAC) and urged the administration to fill the Cybersecurity and Infrastructure Security Agency (CISA) director vacancy.
• House Energy and Commerce Committee Ranking Member Frank Pallone (D-NJ) sent letters to 25 companies, including Amazon, Costco, Target and Walmart, requesting information about whether the companies are engaging in surveillance pricing, which involves using personal consumer data to set individualized prices. Pallone expressed that surveillance pricing regulation will be a priority if Democrats retake the House, writing that existing federal law “does not sufficiently protect Americans’ data from misuse.”

In industry:

• The head of Microsoft's Israeli subsidiary stepped down following an internal investigation into the subsidiary's dealings with Israel's Ministry of Defense. The investigation was sparked by 2025 investigative reporting alleging that Israel's Ministry of Defense stored intercepted Palestinian phone recordings on Microsoft servers in Europe, exposing the company to liability under EU data protection law. Microsoft President Brad Smith announced in September 2025 that the company had "ceased and disabled" certain cloud and AI services to a unit within the Ministry of Defense, stating that Microsoft does not "provide technology to facilitate mass surveillance of civilians." The departure is believed to be among the first instances of a major cloud provider removing senior leadership over a government customer's misuse of AI and cloud infrastructure.
• xAI added 19 natural gas turbines to its Southaven, Mississippi data center site, bringing the total turbines to 46, despite an ongoing lawsuit filed by Earthjustice and the Southern Environmental Law Center (SELC), representing the Mississippi State Conference of the NAACP and the national NAACP. The plaintiffs requested a preliminary injunction to halt the center’s operations in response. The ongoing lawsuit alleges the turbines violate the Clean Air Act by operating without appropriate air permits and create imminent health concerns for nearby communities.

In civil society:

• Common Sense Media launched the Youth AI Safety Institute, an independent lab that will assess the safety of AI products used by children and teens, build open-source evaluations that developers can run against their own models, and publish consumer-friendly safety benchmarks. The institute will have a $20 million starting annual budget backed by the OpenAI Foundation, Anthropic, Pinterest, and other funders, including the Walton Family Foundation. Common Sense stated that funders will have no influence over research or evaluations.
• Pope Leo XIV approved the creation of an Interdicasterial Commission on Artificial Intelligence, the Vatican's first coordinated institutional response to the technology. Days later, he published his first encyclical, the most authoritative papal teaching on AI to date, calling on governments and tech leaders to regulate and "disarm" AI. The encyclical addressed the technology's effects on labor, education, autonomous weapons and the concentration of technological power. Anthropic co-founder Chris Olah spoke at the Vatican presentation, acknowledging that developers alone cannot determine AI’s ethical boundaries.
• The Electronic Privacy Information Center (EPIC) published a report finding that, despite 21 states having enacted privacy legislation with the right to opt out of the sale and sharing of personal data, “many prominent online platforms’ opt-out processes utilize manipulative design patterns… that undermine consumers’ ability to make choices that reflect their true preference and intentions.” EPIC called on the Federal Trade Commission (FTC) to bring enforcement actions and urged states to adopt stronger data minimization standards rather than relying on frameworks emphasizing consumer notice.
• Public Citizen released a policy memo warning that the federal government should not deploy AI in the rulemaking process, citing risks of hallucination, bias, and lack of moral and legal judgment. The memo proposed guardrails, including mandatory disclosure, pre-deployment testing, human verification, and compliance with the Administrative Procedure Act (APA).

In the courts:

• The Eighth US Circuit Court of Appeals vacated Biden-era Federal Communications Commission (FCC) rules designed to prevent internet service providers from discriminating against low-income communities and communities of color in broadband access. The court found the rules relied on a “disparate impact” standard that Congress did not authorize when it directed the FCC to ensure equal broadband access in the 2021 infrastructure law. The court left the FCC with an obligation to issue new, narrower rules compliant with the infrastructure law.
• Media Matters reached a binding settlement with the FTC, resolving a legal dispute that began after FTC Chair Andrew Ferguson issued a civil investigative demand (CID) targeting the group’s editorial and financial records. Media Matters alleged the demand was retaliation for its 2023 reporting on antisemitic content appearing alongside ads on X. A federal judge agreed, blocking the demand in August 2025. The FTC agreed to the settlement, which bars the agency from reissuing the same or a substantially similar demand. Media Matters called the outcome “a roadmap for other newsgathering and nonprofit organizations facing, or at risk of, government retaliation.”
• A federal court ruled that Department of Government Efficiency (DOGE) personnel violated constitutional equal protection and free speech rights when they terminated more than $100 million in National Endowment for the Humanities (NEH) grants with the assistance of ChatGPT, using protected characteristics such as race and gender as criteria for targeting grants. The US District Judge also found that DOGE had no statutory authority to terminate the grants and criticized the use of AI to target projects related to diversity, equity, and inclusion. The court ordered the administration to rescind the termination letters and permanently barred the administration from terminating the affected grants, but noted it lacked jurisdiction to compel actual disbursement of funds.
• A US District Judge dismissed Elon Musk’s $150 billion lawsuit against OpenAI and Sam Altman after a federal jury found that the alleged breach of charitable trust and unjust enrichment claims fell outside the statute of limitations. Musk, who co-founded OpenAI in 2015 as a nonprofit and left the board in 2018, sought up to $150 billion in damages and Altman's removal from the board of directors, alleging that OpenAI's conversion to a for-profit structure betrayed its founding mission. Musk indicated he would appeal the dismissal.
• YouTube, Snap, TikTok and Meta reached settlements in the first school district social media addiction lawsuit set for federal trial, resolving all claims brought by Breathitt County School District in Kentucky. YouTube, Snap and TikTok settled first, with Meta following later, canceling a bellwether trial that had been scheduled to begin June 15. The case was a test for more than 1,200 similar school district lawsuits alleging that social media platforms fueled a youth mental health crisis and saddled schools with the costs. Financial terms were not disclosed. Following the settlements, the judge issued a case management order designating claims by the Tucson Unified School District and Charleston County School District as the next bellwether trials.
• In the second phase of a landmark child safety case, New Mexico opened a bench trial before a judge to determine whether Meta’s Facebook, Instagram and WhatsApp platforms constitute a public nuisance. In March, a jury had ordered Meta to pay $375 million in civil penalties for misleading the public about the safety of its platforms. Prosecutors are now seeking $3.7 billion in remedies and court-ordered platform changes for minors, including increased age verification, curbs on algorithmic recommendations, and an end to autoplay and infinite scroll. Meta has stated it may shut down its platforms in New Mexico if ordered to comply. Separately, Meta announced AI-powered age assurance measures to detect underage users and automatically place them in age-appropriate accounts.
• Texas Attorney General Ken Paxton filed suit against Netflix and, ten days later, against Meta and WhatsApp, both under the Texas Deceptive Trade Practices Act. The Netflix complaint alleged the platform collected and monetized user data while publicly branding itself as an alternative to advertising-driven tech companies. The lawsuit also accused Netflix of deploying addictive design features such as autoplay on children's profiles. The Meta suit alleged the company misled users by claiming WhatsApp messages were protected by end-to-end encryption while maintaining internal systems that allowed employees to access private communications, citing whistleblower accounts and a Commerce Department investigation. Both suits sought permanent injunctions and civil penalties of up to $10,000 per violation. The actions are the latest in a series of data privacy suits by Paxton's office targeting major tech companies.
• The US Supreme Court declined to hear Meta's appeal of a Vermont Supreme Court ruling allowing the state's youth social media addiction lawsuit to proceed. Meta had argued that state courts lack jurisdiction over online businesses without in-state physical presence. The decision removed a potential obstacle to coordinated litigation by more than 40 states, school districts and individuals alleging that social media companies intentionally designed addictive platforms.
• Google asked the DC Circuit Court of Appeals to overturn a US District Judge's 2024 ruling finding it illegally maintained a search monopoly through exclusive default agreements with companies like Apple and Mozilla. In its appeal, Google argued the ruling punished the company for building a superior product and challenged the ruling’s remedies, including an order to share data behind its search engine with competitors offering generative AI products. Access Now and ten other civil society organizations filed an amicus brief in the Ninth Circuit Court of Appeals urging the court to uphold a permanent injunction barring NSO Group from targeting WhatsApp users with its Pegasus spyware. The brief argued that protecting encrypted messaging safeguards journalists, activists, and human rights defenders worldwide, as well as US national security and global digital infrastructure.

Legislation Updates

The following bills made progress in the Senate and House in May:

• Safe Cloud Storage Act – S. 3023. Introduced by Sen. Marsha Blackburn (R-TN), the bill passed the Senate with an amendment by unanimous consent.
• GUARD Act – S. 3062. Introduced by Sen. Josh Hawley (R-MO), the bill was placed on the Senate Legislative Calendar under General Orders.
• AI PLAN Act – H.R. 2152. Introduced by Rep. Zachary Nunn (R-IA), the bill was ordered to be reported as amended by the Committee on Financial Services by a vote of 52-0.
• Unleashing AI Innovation in Financial Services Act – H.R. 4801. Introduced by Rep. French Hill (R-AR), the bill was ordered to be reported as amended by the Committee on Financial Services by a vote of 33-19.

The following bills were introduced in the Senate or the House in May:

• POWER Act – H.R. 9019. Introduced by Rep. Chip Roy (R-TX), the bill would “direct the Secretary of Energy to report to Congress on the use of electric energy and water by certain data centers, and for other purposes.”
• Email Privacy Act – H.R. 9016. Introduced by Rep. Suzan DelBene (D-WA), the bill would “amend title 18, United States Code, to update the privacy protections for electronic communications information that is stored by third-party service providers in order to protect consumer privacy interests while meeting law enforcement needs, and for other purposes.”
• Protect Working Musicians Act of 2026 – H.R. 8994. Introduced by Rep. Deborah Ross (D-NC), the bill would “empower independent music creator owners to collectively negotiate with dominant online platforms regarding the terms on which their music may be distributed.”
• No Rigged Grocery Prices Act – H.R. 8895. Introduced by Rep. Josh Gottheimer (D-NJ), the bill would “protect consumers from AI-powered surveillance pricing at grocery stores and third-party grocery delivery platforms.”
• Protecting Consumers From Deceptive AI Act – H.R. 8893. Introduced by Rep. Valerie Foushee (D-NC), the bill would “establish technical standards and guidelines for generative AI content and ensure that the use of this technology is disclosed when it is used to create or modify audio and visual content.”
• Federal Artificial Intelligence Risk Management Act of 2026 – H.R. 8819. Introduced by Rep. Ted Lieu (D-CA), the bill would “require federal agencies to use the Artificial Intelligence Risk Management Framework developed by the National Institute of Standards and Technology with respect to the use of artificial intelligence.”
• Data Infrastructure Risk Reduction Act – H.R. 8711. Introduced by Rep. Suhas Subramanyam (D-VA), the bill would “require a strategy for the defense of data centers from external breaches from malefactors and the protection of the communities surrounding data centers.”
• You Own the Data (YODA) Act – H.R. 8652. Introduced by Rep. Michael Cloud (R-TX), the bill would “affirm user ownership of their data, prohibit entities from requiring the transfer or monetization of private data in exchange for services, prohibit the collection of third-party contact information without written consent.”
• The Gaming Advertisement to Minors Enforcement (GAME) Act – S. 4555. Introduced by Sen. Katie Britt (R-AL), the bill would “prohibit social media companies and other advertising websites from targeting minors with sports betting through online advertising.”
• Fostering Agricultural Research and Modernization through Artificial Intelligence (FARM AI) Act – S. 4627. Introduced by Sen. Ted Budd (R-NC), the bill would “increase capital for AI projects through U.S. Department of Agriculture (USDA) grants and ensure USDA programs are deployed to educate farmers on the latest AI technologies to advance American production.”

We welcome feedback on how this roundup could be most helpful in your work – please contact contributions@techpolicy.press with your thoughts.