The Senate voted 99-1 to strip federal AI preemption from the One Big Beautiful Bill. Congress had already rejected the same approach in the National Defense Authorization Act. For compliance teams that have been watching this debate, the conclusion is clear: broad federal preemption of state AI laws is not coming through legislation in 2026. The White House is now pursuing a different strategy, using DOJ litigation to challenge individual state laws case by case, but that takes years and does not suspend state obligations in the meantime.
This article covers what was in the One Big Beautiful Bill for AI, why the provision failed, what the White House is doing instead, which state laws face the most federal legal pressure, and what your compliance program should look like now that the legislative route is closed.
What the One Big Beautiful Bill proposed for AI
The One Big Beautiful Bill is President Trump's budget reconciliation package. Reconciliation is a parliamentary procedure that allows certain fiscal legislation to pass the Senate with 51 votes rather than the usual 60. The House passed a version of the bill in May 2026, and the Senate Finance Committee began markup shortly after.
An early Senate draft included a provision that would have imposed a 10-year moratorium on state AI regulation. The provision's mechanism was indirect but effective: states that enacted or maintained AI laws "inconsistent with" a forthcoming federal AI policy framework would lose eligibility for federal broadband funding under the Infrastructure Investment and Jobs Act. Since many states rely on those funds for rural internet expansion, the threat was designed to create strong compliance pressure even without a direct federal mandate.
The draft provision defined "inconsistent" broadly enough to potentially cover most existing state AI laws, including Colorado's SB 24-205, California's AI Transparency Act, and Illinois's Biometric Information Privacy Act as applied to AI systems. No state AI law in force today was designed to align with a federal AI framework that does not yet exist, which meant the moratorium would have effectively suspended all of them.
The preemption provision was not the bill's main purpose. The One Big Beautiful Bill is primarily a tax and spending package dealing with extensions of the 2017 Tax Cuts and Jobs Act provisions. AI preemption was inserted as a policy rider, the same approach used in the NDAA. Riders have a higher risk of being stripped in parliamentary process, and this one was.
What preemption would actually wipe out
The debate over the One Big Beautiful Bill's preemption provision was largely abstract, "state AI laws" as a category, good or bad, depending on your priors. What was missing from most of the public discussion was a specific accounting of which laws would actually disappear. Compliance teams operating in multiple states need that concrete map, because it changes how you think about which investments to protect and which to hold loosely.
The state laws that would have been superseded
The draft provision covered state AI laws "inconsistent with" the federal framework. Since no federal framework existed in final form, the operative test would have been set by subsequent rulemaking or litigation. But based on the White House's National AI Legislative Framework, which serves as a proxy for what the administration considers inconsistent, these are the laws most clearly in the crosshairs:
Colorado SB 24-205 (February 2026, in effect now). Colorado's AI Act imposes obligations on developers and deployers of high-risk AI systems, including algorithmic impact assessments, bias management programs, and consumer notice requirements before consequential AI-driven decisions. It is the most comprehensive state AI law in force in the US today. The developer-side obligations, which apply to any company whose AI system is deployed in Colorado, regardless of where the company is headquartered, are exactly the kind of extraterritorial effect the White House framework identified as problematic. SB 24-205 would have been a primary target for preemption.
Illinois AI Video Interview Act. Illinois requires employers using AI to analyze video interviews to disclose that AI is being used, explain how the AI works, and obtain consent before analysis. The law has been in effect since 2020 and has survived multiple legal challenges. It would have been superseded to the extent the forthcoming federal framework addressed AI in hiring, which the White House framework explicitly did, calling for a national standard that would displace state employment AI rules.
New York City Local Law 144 (bias audits for automated employment decision tools). NYC requires covered employers using AI tools to make or assist in employment decisions to obtain annual bias audits from independent auditors and publish the results. The audit requirement has forced a genuine industry response, vendors have added bias audit documentation to their sales packages, and several third-party audit firms have built practices around it. Under preemption, this requirement would have been gone, along with the market infrastructure it created.
California AB 2013 (training data transparency). California's law requires AI developers to post summaries of the training data used to develop covered AI systems. Disclosures were due in January 2026. The White House framework specifically identified mandated disclosure requirements as candidates for preemption on First Amendment grounds. AB 2013 would have been a clear target.
Connecticut SB 5 (October 2026 employer obligations). Connecticut's forthcoming law requires employers using high-impact AI in employment decisions to notify employees and provide explanation rights. The law does not take effect until October 2026, and under preemption, it likely would never have come into force, the moratorium would have applied to laws "enacted or enforced" after the effective date.
What would not have been preempted
The draft provision was not a blank check. Several categories of state law were likely to survive even broad preemption:
State general consumer protection laws, California's Unfair Competition Law, New York's General Business Law section 349, were not targeted because they predate AI and apply across all industries. Courts are reluctant to read federal preemption as wiping out general consumer protection authority absent very clear statutory language.
The California Consumer Privacy Act and the California Privacy Rights Act regulate data collection and use broadly, not AI specifically. The preemption provision focused on AI laws. CCPA and CPRA would have remained in force, including the provisions that limit how AI-generated inferences about consumers can be used.
State biometric privacy laws not specifically addressing AI, Illinois BIPA most prominently, would have been in a gray zone. BIPA regulates biometric data collection generally. Its application to AI facial recognition and biometric scoring is a product of litigation, not the statute's text. Whether BIPA as applied to AI would be preempted as an "AI law" or survive as a general biometric privacy law would have been a significant litigation question.
The political math
The preemption provision failed 99-1 for reasons that would not have changed if it were reintroduced in substantially similar form. The core problem is structural: Republican senators who support the administration's AI deregulation goals are also the strongest defenders of state legislative authority. Asking them to vote for a provision that strips their own state legislatures of authority over AI, and ties that stripping to federal broadband funding, produced an impossible political position.
The industry coalition was also fractured. Large AI developers wanted preemption. Insurance companies, banks, and healthcare systems, which use AI heavily but also rely on state-level consumer protection enforcement against their competitors, did not. Without unified industry support, the political cost of defending the provision was too high for senators already facing state AG opposition.
The DOJ litigation strategy is the current substitute. It is slower, less comprehensive, and carries no guarantee of success. Federal courts have been skeptical of aggressive dormant Commerce Clause challenges to state consumer protection laws in the technology space, the Ninth Circuit's treatment of California internet regulations is the relevant precedent line, not a favorable one for the administration's theory.
What this means for your compliance program
The correct planning assumption is that preemption does not pass in any form that would displace state AI laws before 2028 at the earliest. That is not a confident prediction about the legislative future, it is a risk management observation. If preemption eventually passes, removing compliance steps is easy. Rebuilding a Colorado SB 24-205 risk assessment program from scratch after a two-year gap during which your organization decided to wait it out is expensive, and it will happen after the organization has already accumulated enforcement exposure during the non-compliance window.
The state law compliance investments worth protecting now, Colorado bias management documentation, NYC bias audit records, California training data disclosures, are not speculative. Those laws are in force. The enforcement infrastructure behind them is operational. Build the compliance program around the law as written, not around the hope that federal action will make the work unnecessary.
Why the Senate voted 99-1 to remove it
The near-unanimous vote to strip the AI preemption provision was not a repudiation of the Trump administration's AI policy goals. It reflected three specific objections from senators who otherwise support the bill.
States' rights tension. The provision asked Republican senators who have spent years defending state authority against federal overreach to pre-empt their own state legislatures on AI. Senator Marsha Blackburn of Tennessee, a co-sponsor of the TAKE IT DOWN Act, was among those who objected that the provision went too far in eliminating state authority over AI content and consumer protection. Several senators representing rural states with active broadband programs objected to tying AI preemption to broadband funding eligibility.
Drafting problems. The provision's text was considered too vague to function as actual law. "Inconsistent with a federal framework" is not a defined legal standard when no federal AI framework exists. Lobbyists for state attorneys general noted that the provision would have created immediate litigation over which state laws were "inconsistent" and with what exactly, with no court able to resolve the question until federal AI rules were finalized. Legal counsel for at least four Republican senators flagged the provision as likely unconstitutional under the Dole spending power doctrine (South Dakota v. Dole, 483 U.S. 203 (1987)), which limits how Congress can attach conditions to federal funds.
Industry fragmentation. Unlike most tech industry lobbying, there was no unified industry position supporting the provision. Large AI developers generally favored some form of federal preemption to reduce compliance complexity. However, companies whose business models depend on state-level consumer protection enforcement, insurance companies, healthcare providers, financial institutions, opposed the provision because they feared that eliminating state AI rules would also eliminate state-level protections they rely on against competitor AI use.
The 99-1 vote was a procedural vote in the Senate parliamentarian process, not a final floor vote, but it produced the same outcome: the provision is gone from the bill.
What the White House is doing instead: the DOJ AI Litigation Task Force
The One Big Beautiful Bill failure does not mean the White House has abandoned the goal of reducing state AI regulation. It has shifted strategy from legislation to litigation.
On March 20, 2026, the White House released its National AI Legislative Framework, a seven-pillar policy document that explicitly calls on Congress to preempt state AI laws deemed unduly burdensome. The framework itself has no legal force. What matters for compliance teams is the enforcement mechanism attached to it.
The White House directed the Department of Justice to establish an AI Litigation Task Force. The task force's mandate is to identify state AI laws that, in the administration's view, violate federal constitutional limits on state authority: the dormant Commerce Clause, which prohibits states from unduly burdening interstate commerce; the Supremacy Clause, where federal agency rules or existing federal statutes preempt conflicting state law; and the First Amendment, where AI-related disclosure or labeling requirements arguably compel speech.
Simultaneously, the Commerce Department received a directive to compile a list of state AI laws the administration considers "onerous or inconsistent with federal AI policy." That list was due within 90 days of the March 20 framework, placing its expected publication around June 2026.
The litigation approach is significantly slower than legislation. A successful constitutional challenge to a state AI law requires:
- Filing in federal district court (typically in the state being challenged)
- Surviving a motion to dismiss
- Either obtaining a preliminary injunction or waiting through discovery and summary judgment
- If appealed, going through the circuit court of appeals
- Possible Supreme Court review
The fastest this process has resolved in analogous cases (preemption challenges to state privacy laws, state internet regulations) is approximately 18-24 months to an injunction, and 4-6 years to a final appellate ruling. During that entire period, unless a court grants a preliminary injunction, the state law remains fully enforceable.
The DOJ task force approach will not produce broad preemption in 2026, and very likely not in 2027.
Which state AI laws face the highest federal challenge risk
The Commerce Department's forthcoming list is not public yet, but the White House framework and the DOJ's announced legal theories allow reasonable predictions about which laws are most likely targets.
Colorado SB 24-205 (AI Act). Colorado's law imposes specific requirements on developers and deployers of high-risk AI systems, including risk assessments, bias management, and consumer notice. The law's developer obligations apply even to out-of-state companies that deploy AI in Colorado, which creates a Commerce Clause argument that the law regulates conduct occurring in other states. Colorado is a likely early target.
Illinois BIPA as applied to AI. The Biometric Information Privacy Act (740 ILCS 14) already faces significant Commerce Clause challenges in the employment context. Its application to AI facial recognition and biometric scoring systems used by out-of-state employers is a natural extension of existing DOJ litigation strategy.
California AI Transparency Act (AB 2013). The California law requires AI developers to post training data summaries on their websites. The administration's First Amendment theory targets mandated speech requirements. Whether disclosing training data constitutes protected or compellable speech is an open legal question, and California's economic size makes it the highest-profile potential target.
New York City Local Law 144. NYC's automated employment decision tool law requires bias audits by covered employers. The DOJ's theory would need to argue that a local law regulating hiring practices within New York City burdens interstate commerce, which is a harder argument than state law challenges but not legally impossible.
Laws that impose narrow disclosure requirements or apply only to state government procurement of AI are much lower-risk for federal challenge because they do not directly regulate private commerce.
What compliance teams should do now
The failure of federal preemption through legislation, combined with a slow litigation-based alternative strategy, produces one clear practical conclusion: plan your compliance program around the state law patchwork as written, not around the assumption that it will be eliminated.
Do not pause Colorado, California, Illinois, or Connecticut compliance work. The enforcement dates for these laws are now, not contingent on federal action. Colorado SB 24-205 has been in effect since February 1, 2026. California AI Transparency Act disclosures were due January 2026. Enforcement is live.
Build documentation that travels. The most durable compliance investment is documentation that satisfies multiple frameworks simultaneously: a risk assessment document that addresses Colorado's bias management requirement, the EU AI Act's conformity assessment requirement under Article 9, and NIST AI RMF documentation requirements. See the multi-state AI compliance strategy guide for a framework-by-framework comparison.
Track the Commerce Department list. When the Commerce Department publishes its list of "onerous" state AI laws, that list will signal where DOJ litigation energy is going. Companies operating primarily in states on that list should monitor for injunction activity, since an injunction would temporarily suspend enforcement. However, do not treat the list as a compliance holiday. Injunctions are not guaranteed and can be reversed on appeal.
Maintain state law compliance records defensively. If your company operates in multiple states, maintain records that demonstrate compliance as of each law's effective date. If a DOJ challenge eventually succeeds and a state law is struck down retroactively, having complied will not harm you. If the challenge fails, you will have avoided enforcement gaps during the litigation period.
Review your AI governance policy for geographic scope. If your current AI governance policy says something like "we comply with applicable state AI laws," review whether you have actually mapped which laws apply based on employee locations, customer locations, and deployment scope. A gap analysis is the starting point. The federal AI preemption and state law compliance guide includes a current state-by-state obligations map.
Where things stand as of May 2026
The One Big Beautiful Bill will continue moving through Congress without the AI preemption provision. The bill's primary purpose is tax policy, and its fate will be determined by fiscal issues, not AI regulation. There is no current vehicle for broad federal AI preemption legislation in the 119th Congress.
The DOJ AI Litigation Task Force is operational but has not yet filed its first case. The Commerce Department's state law list is due by late June 2026. If the DOJ files challenges in summer or fall 2026, those cases would not produce injunctions before 2027 under any realistic schedule.
The EU AI Act August 2, 2026 enforcement deadline is 65 days away and is unaffected by US preemption politics. Companies with EU operations or EU-facing products face that deadline regardless of what Congress does. The AI regulation deadline calendar tracks US state law obligations and the EU timeline together.
For compliance teams, the working assumption through at least 2027 is: the patchwork is the compliance environment. Build your program to survive it, not to wait it out.
