What Federal IT Leaders Should Know About the Emerging National AI Policy Framework
At the close of 2025, the White House issued an executive order tasking the Commerce Department, the Federal Communications Commission, and others in government to formulate a national policy framework for artificial intelligence (AI). This initiative aims to proactively address the rapidly developing state-level regulatory landscape.
Compliance Challenges for State-Level AI Regulations
In 2025, state legislatures introduced approximately 1,200 AI-related bills, following 635 AI-related bills introduced in 2024, with 99 enacted into law, according to MultiState.ai. The executive order serves as a response to the growing number of state laws, emphasizing the need for a unified national framework.
Ryan Hagemann, global AI policy lead for IBM, notes, “The entire purpose behind this executive order was primarily as a rebuttal to all of the state laws that have been cropping up over the past 18 months or so.” This executive order reiterates the administration’s commitment to establishing a cohesive approach to AI regulation.
Emerging Framework for Data and Security
While the administration is still in the process of formulating the framework, experts predict it will focus on data management and security. The intention is to create guidelines that promote innovation while ensuring the protection of data.
According to experts, the framework will likely address the confidentiality, integrity, and availability of data, establishing a structured approach to cybersecurity.
However, significant legislative action is required, as Hagemann points out, “the administration understands that a lot of that heavy lifting actually has to be done by Congress.” The details of the framework will ultimately be determined by congressional legislation.
Preparing for AI Compliance Requirements
Federal agencies can take proactive steps to prepare for upcoming compliance requirements. One effective approach is the NIST AI Risk Management Framework, which provides a robust method for assessing organizational risk management practices.
Agencies should also enhance their data management initiatives, viewing AI compliance through the lens of data governance. Bagley emphasizes that any AI framework will inherently address data governance principles, which are well-established.
Shaping a National AI Policy Outlook
The administration’s consistent messaging emphasizes the need for agencies to utilize new AI tools and innovate responsibly. Potential policy changes may streamline procurement processes, allowing for the quicker adoption of off-the-shelf AI solutions.
Bagley suggests that policies encouraging the use of AI in repeatable and automatable tasks could become a default expectation within federal agencies, aligning with the administration’s goals for enhancing efficiency.
As adversaries evolve, the need for AI-powered cybersecurity will likely become a focus within policy discussions. With data breaches occurring at unprecedented speeds, agencies should explore AI-driven defense solutions to safeguard their data and systems.
